Japanese Man Arrested For Virtual Theft

Kethinov writes "The Daily Yomiuri is reporting that a 21-year-old man was arrested for "illegally accessing an Internet game server to sell a virtual 'house' owned by a woman to another game participant for 50,000 yen, police said Thursday. According to the MPD, Ryusei Sakano of Itabashi Ward, Tokyo, posed as a female game player he met online while playing 'Ultima Online,' a popular Internet-based game. Sakano reportedly asked the game's system administrator to provide the female player's entry password on the pretext that she had lost her password to the game.""

Re:Virtual Arrest and Virtual Fine

[mooZENDog]

Maybe they should virtually arrest him and give him a virtual fine or virtual jail!

I think the fact that real money was involved at some point (how much is ¥50k anyway?) is what's got the authorities involved. There was loads of this sort of thing with Diablo II I believe (not really an expert on these MMORPGs though, don't think real money got stolen, although there were a few auto-generated (i.e. fake - an interesting concept in a virtual world) items being sold, wern't there?).

It seems as though this will be a new trend in/type of crime. I will be interested to see what the outcome of this one is, and let's not forget the poor sod who paid real money for this house, and got sold up the river. "I paid 50k Yen for this virtual house, and all I got was this lousy Tee-shirt!" *hehehehe* >)

Re:for the inevitable slashdotting..

[Longinus]

'Ultima Online' hacker arrested over 'house' sale
...
Sakano reportedly asked the game's system administrator to provide the female player's entry password on the pretext that she had lost her password to the game.

Oh yeah, that's some 31337 h@X0r1ng right there. Well, if nothing else, it once again proves that social engineering is most effective cracking tool.

It wasn't a sysadmin

All of the telephone support for UO is farmed out to some call center with inarticulate reps who don't actually play the game. I've called UO account support several times, and every single time wound up with someone who could barely speak English. These folks don't play UO, they don't have a clue how the game works, all they know is the scripts they've been given. They know how to enable an account, they sure know how to sell gametime codes, but if you mention "Pacific" or "Baja" (server names in UO) they have no idea what you're talking about.

Worse, one time the rep proactively gave me the name of their internal customer tracking database (it's called "Catbert," apparently). This was without prompting. I was having a problem logging in to a specific shard, but this guy didn't have enough access to fix the problem. So he told me to call a different number and "tell them to fix your record in Catbert."

Out of curiosity, I looked. Sure enough, catbert.owo.com is an actual host on their network. Lord only knows what kind of social engineering the word "Catbert" might allow one to get away with.

Point being, there will always be weak links like this when your support contract goes to the lowest bidder. I seriously doubt that it was the "system administrator" who gave out the female player's password. It was more likely some guy in Singapore making $2.50/day to answer phone calls.