A very scary thing happened to me a few days ago in-game.
I have two EQ2 accounts. I play them together on one machine, alt-tabbing between them. Most of the time it’s just faster, and levels up two characters in less than the time I’d spend on one, but occasionally it allows me to continue in a place where I’d otherwise need a group and have little chance of finding one. So I’m pretty used to seeing one of my characters from the viewpoint of another.
Well, I was in the guild crafting area working on my tailor, since I was planning to make a set of mastercrafted 72 armor for my fury. (I still haven’t done that, even though my tailor’s high enough now. I’m not paying 15 plat for each rare leather.)
Running back from the fuel vendor I saw a character that looked a lot like my dark elf shadowknight, Aosa. Same lava appearance armor, same brewfest cloak, riding a cloud. I thought – in all seriousness, this is what I thought – that’s neat, there’s someone who’s gone for the same character appearance. I wonder who it is…
So I moused over, to read the name Aosa.
It’s a jolt to see your own character where you don’t expect it. Quite apart from the immediate thought of “what the heck is going on?”, it’s very disturbing to see what you’ve always thought of as an extension of yourself, while having no control.
Of course, I checked the Windows task bar to see if I’d forgotten to shut down an EQ2 window. Nope, only one active. A windows bug that maybe didn’t close the window, but dropped it from the task bar? Or that somehow restarted? No, that would be too far fetched. No-one has my password, not even my son, so it couldn’t be a friend borrowing my account.
I started to panic. I immediately whispered the guild leader and asked him to deguild Aosa, to prevent whoever had logged her in from raiding the guild bank. I might not be able to prevent my own gear being transmuted and sold, but I could try to limit damage to the guild.
I’m paranoid about security. I understand how computers are hacked, and how password-stealing trojans work. When World of Warcraft players claimed that authenticators (devices that give a one-time code to enter with your password) were foolproof, I figured out how to hack an account with an authenticator attacked. I never published the details, but I did predict the hack, which no-one believed. When authenticator accounts were hacked, the method was very similar to what I had figured out. I’m not a hacker (in the criminal sense of the word), but I mostly understand hacks.
So I take every precaution I can not to allow a trojan to take hold on my system. I don’t run Internet Explorer – while these days it’s probably as secure as Firefox, and maybe better than Safari and Chrome, it doesn’t allow the add-ons I use in Firefox to protect myself from JavaScript attacks, clickjacking and Flash, which is the most serious infection risk for gamers. Ads on gaming sites are rife with malicious Flash code. But AdBlock, FlashBlock and NoScript mean I don’t see them. And Symantec Endpoint seems to do a good job of identifying any threats that might exist on a trusted site.
All of this went through my mind as I watched Aosa just standing there in the guild tradeskill area and traded whispers with the guild leader, who was concerned on my behalf. If I had a keylogger, I didn’t see how, and other applications were at risk.
But it occurred to me that whatever was going on, it didn’t have the appearance of a hack. Aosa didn’t make a bee-line for the bank to start emptying plat, selling or transmuting items, or raiding the guild bank before anyone noticed. And then I recalled that I had an open problem ticket for a quest in Kylong Plains. It was complete, but the final NPC wouldn’t talk to me.
So I whispered the guild leader again to tell him I thought I knew what was happening, and relaxed a little. Sure enough, a few minutes later, Aosa vanished from the guild hall, and /who showed her being in Kylong, where she stayed for several minutes before logging out.
I logged in on that account immediately, found her still in Kylong, and an update from a GM that said ‘I logged on your character today and did as was requested of this quest and once I also was unable to complete the quest, advanced it.’
I wasn’t aware that GMs could or did log in players’ characters. I thought they did all of their work from database reports and whatever, or interacted with you when you were logged in. But it makes sense if there’s a character problem, and I should have realized more quickly what was happening.
But what struck me in the end was that in spite of the panic over apparently being hacked, what disturbed me most was the eerie feeling of my own character existing and acting without my control, as if she had a mind of her own.
1 comment