Tuesday, February 16, 2010

Hacked!

Continuing yesterday’s discussion about RMT, Tobold has a follow-up post up about whether or not illegal RMT hurts the economy. The long and the short of his argument is that with RMT, net new gold is not created, merely shifted around. The problem is that Tobold wishes to completely disregard “Hacking” as one of the unintended consequences of Illegal RMT.
Thus whenever I mention gold farmers, somebody immediately starts shouting about hackers, which is *not* the same. While everybody knows somebody who know someone who has been hacked, few people bother to count that they also know 99 other people who *never* got hacked. Simple back-of-an-envelope calculations of the amount of gold stolen by hackers compared to the amount of gold sold every day in World of Warcraft shows that the large majority of sold gold is produced by farming and botting, not by hacking and stealing.
Well, you can write my name down as one of those people who *DID* get hacked. And no, Tobold, while illegal RMT is *not* the same, it is at least partially supported through account hacking.

No amount of minimization on your part is going to change the fact that without RMT, the account hacking problem would be far less severe.

Getting Hacked!
I don’t know if I’ve written about this on the blog. It happened maybe a year or so before I started blogging and was shortly after the Burning Crusade expansion. The crazy part is that prior to getting Hacked, I always believed that such things only happened to the ignorant, stupid or naïve. Being a very technical saavy person, this was something I was very confident wouldn’t happen to me.

I used a firewall. I used an Anti-Virus program. I regularly kept my OS up-to-date. I had a unique password for Warcraft, which I only used for Warcraft. The password was strong, using alphanumeric keys to form a non-dictionary word. In short, I was doing all the things a security minded professional would tell you to do.

And it didn’t stop me from having both my real-life Bank Account and my World of Warcraft account hacked within about a three hour window of each other. The crazy part about the bank account is that I could see the wire transfer as a debit, but the bank couldn’t reverse it. The even crazier part is that whoever did the hacking didn’t feel that getting real money was enough and stripped every single character (on multiple servers) of every item and gold piece.

The Logic of Everybody
When everybody knows something, it must be true, right? And when everybody doesn’t know something, that means it doesn’t exist?

The logic of "Everbody Knows" is fuzzy logic at best because it’s not really based in anything other than our perception. All Tobold can really do is apply HIS experience with "Everybody Knows" and the number of people HE knows that have been hacked to form this argument.

The result in this case is to seemingly quantify how many people are getting hacked in an effort to say it’s really not a contributor to RMT. A point which, in my opinion, is an invalid one because all it takes is one person on a hacked account who knows how to “dupe” items to create a large amount of gold.

The larger issue, that Hacking occurs BECAUSE OF RMT, is entirely ignored.

Oh, and of course, we have no actual evidence to support his claim that Hacking is far less common than we believe. We only have his logic that because only a few people we know have been hacked, not everyone, then it must be a small group. And yet, it must be a big enough problem for Blizzard to address it as their top concern regarding illegal RMT and for them to have dedicated staff on hand JUST to deal with account hacks.

In short, the "Everybody Knows" argument really only speaks to his own practical experience and not the quantifiable facts he is implying. Is cancer less of a problem because I don’t know anyone who has cancer?

When a Small Number has Big Meaning
I distinctly recall a debate class I had in High School. I don’t remember the exact nature of what was being debated, but much of the arguing was about the magnitude of the issue. Our side was saying the number was much higher, their side was saying it was much lower. No one really appeared to be able to win the point.

Then my partner stepped up and asked, “Isn’t your number a big number too?”

His point being that magnitude is measured by both quantity and intensity. Or in other words, the importance isn’t just measured by how often it happens but by the severity of the impact when it does happen. For example, products are recalled all the time when only a very small percentage of them will cause death or injury.  It's the death and injury part that makes it important enough to recall every unit.

To my way of thinking, that’s the critical flaw in Tobold’s reasoning. Even if we accept that Hacking happens less often than we believe, the impact from Hacking is severe enough that we shouldn’t willingly support anything that contributes to it.

That’s obviously true on a personal level for the person getting hacked, but it’s also true at the a broader level. A Hacked account is a free account – a throwaway – that can be used to do the very worst things that would get a normal player banned. As mentioned above, ‘duping’ is something that has been possible in Warcraft – you are just likely to get caught. But if you don’t care if you are caught, you could create quite a bit of gold out of nothing.

Thus, one hacked account can easily be a very large source of gold for illegal RMT.

4 comments:

Tobold said...

That puts you into the same camp as right wingers who oppose canabis because "drug users commit crimes to finance their habit". Or people who oppose prostitution because of "white slavery". These are complex issues, and you can't just look at the worst possible combo to judge the whole matter.

I'm all for Blizzard stopping hacking, e.g. by making the authenticator mandatory. But my point was that there are gold farmers who work for gold just like any player would, and you can't simply bundle them all together.

sid67 said...

Actually, it puts me in the legalize drugs and the violent crimes related to illegal drug trafficking go away camp.

Of course, then you have all a whole slew of problems related to legal drug use. Although, I'd argue those exist anyway -- but I digress.

So, ya, it's complicated. But it doesn't become LESS complicated when you choose to ignore or minimize the impact of hacking.

The simple fact is that one hacker who steals a dozen accounts and uses them to dupe/create gold has just as big an impact -- if not bigger impact -- than a hundred of these farmers.

It's not all about the fair play of gamers supporting the poor third world countries in your economic utopia.

The cold hard fact is that illegal RMT is run by unscrupulous people, not some noble do-gooders trying to support the economy of China.

So how about we don't oppose prostitution because of slavery but because of the pimps who recruit and abuse these girls?

SolidState said...

> "And it didn’t stop me from having both my real-life Bank Account and my World of Warcraft account hacked"

So I'm curious, did you ever find out how you got hacked, in spite of all your security measures?

Since you had 2 un-related hacks I assume it was a trojan/key-logger which managed to somehow install itself on your system?

sid67 said...

I never identified the point of attack, but there were several viruses that got installed.

If I had to guess, I think I visited a website that used Flash or something similar and that got exploited.

I didn't recall installing anything specific and it's distinctly possible that while Windows was up-to-date, something like Flash was not.

They crazy part is that once I realized I had been compromised, it became obvious that my AV and Firewalls had failed to pick it up.

And so I started downloading other trial AV programs like crazy. Of all I tried, only Norton and Microsoft Onecare detected anything (maybe 6 of them, including all major players).

And it turned out there were 3 viruses installed. Norton picked up only one of the three. Onecare, surprisingly, picked up and eliminated all three.

Up until that revelation, I always believed that AV developers shared information about viruses with each other but obviously they don't. Naive I guess.