Slashdot Mirror

← Back to Stories (view on slashdot.org)

Japanese Man Arrested For Virtual Theft

Posted by michael on from the watch-out-pk'ers dept.

Kethinov writes "The Daily Yomiuri is reporting that a 21-year-old man was arrested for "illegally accessing an Internet game server to sell a virtual 'house' owned by a woman to another game participant for 50,000 yen, police said Thursday. According to the MPD, Ryusei Sakano of Itabashi Ward, Tokyo, posed as a female game player he met online while playing 'Ultima Online,' a popular Internet-based game. Sakano reportedly asked the game's system administrator to provide the female player's entry password on the pretext that she had lost her password to the game.""

7 of 208 comments (clear)

  1. Idiot Admin by Bartmoss · · Score: 4, Insightful

    Never reset/give out passwords without 100% proof of identity. That said, this is really a non-news item, except maybe as a footnote in entertainment history. There has been trade of "virtual property" (which really isn't different from other types of data/accounts), and this is just really plain old fraud.

    1. Re:Idiot Admin by Xugumad · · Score: 4, Insightful

      Okay, how? Short of the person turning up in person with photo ID, 100% proof of identity just isn't going to happen. On the other hand, posting the new password to the user's registered address would have made a lot more sense to me, or maybe just calling back with the password. Not foolproof, but it makes it non-trivial to get someone else's password.

  2. Re:Virtual Arrest and Virtual Fine by mooZENDog · · Score: 5, Insightful

    Maybe they should virtually arrest him and give him a virtual fine or virtual jail!

    I think the fact that real money was involved at some point (how much is ¥50k anyway?) is what's got the authorities involved. There was loads of this sort of thing with Diablo II I believe (not really an expert on these MMORPGs though, don't think real money got stolen, although there were a few auto-generated (i.e. fake - an interesting concept in a virtual world) items being sold, wern't there?).

    It seems as though this will be a new trend in/type of crime. I will be interested to see what the outcome of this one is, and let's not forget the poor sod who paid real money for this house, and got sold up the river. "I paid 50k Yen for this virtual house, and all I got was this lousy Tee-shirt!" *hehehehe* >)

    --

    ---
    "An eye for an eye leaves the whole world blind" - Gandhi
  3. sysadmin should be fined as well by Anonymous Coward · · Score: 4, Insightful

    In the real world, the sysadmin should get a serious fine as well! I mean he is the key keeper of that very place.
    If I loose the key to my appartment, my landlord will definitely want to see some ID and so to check if I am really the one I say I am - the tenant of that very appartment on the 15th floor. If he would give someone else the key to my appartment and my stuff would be stolen, this landlord would be in deep trouble.
    When a computer user looses his password (key) the sysadmin (landlord) must make sure the claimer is truly the user (tenant) (s)he says (s)he is, before giving out the password.

    Totally agree the one getting the password gets fined for this action.
    The sysadmin however should also be punished for this.

    Wouter.

  4. Re:for the inevitable slashdotting.. by Longinus · · Score: 5, Insightful
    'Ultima Online' hacker arrested over 'house' sale
    ...
    Sakano reportedly asked the game's system administrator to provide the female player's entry password on the pretext that she had lost her password to the game.

    Oh yeah, that's some 31337 h@X0r1ng right there. Well, if nothing else, it once again proves that social engineering is most effective cracking tool.

  5. It wasn't a sysadmin by Anonymous Coward · · Score: 5, Insightful

    All of the telephone support for UO is farmed out to some call center with inarticulate reps who don't actually play the game. I've called UO account support several times, and every single time wound up with someone who could barely speak English. These folks don't play UO, they don't have a clue how the game works, all they know is the scripts they've been given. They know how to enable an account, they sure know how to sell gametime codes, but if you mention "Pacific" or "Baja" (server names in UO) they have no idea what you're talking about.

    Worse, one time the rep proactively gave me the name of their internal customer tracking database (it's called "Catbert," apparently). This was without prompting. I was having a problem logging in to a specific shard, but this guy didn't have enough access to fix the problem. So he told me to call a different number and "tell them to fix your record in Catbert."

    Out of curiosity, I looked. Sure enough, catbert.owo.com is an actual host on their network. Lord only knows what kind of social engineering the word "Catbert" might allow one to get away with.

    Point being, there will always be weak links like this when your support contract goes to the lowest bidder. I seriously doubt that it was the "system administrator" who gave out the female player's password. It was more likely some guy in Singapore making $2.50/day to answer phone calls.

  6. Re:I don't get it... by Duds · · Score: 4, Insightful

    People buy online items for real money on occasion.

    This man fraudently obtained the online item but getting the password and then sold it for real money.

    so he's guilty of fraud for a start.