Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ragnarok Online Hacked Again

Posted by simoniker on from the not-good-for-business dept.

An anonymous reader writes "According to a Stratics article, Ragnarok Online, a primarily Asian MMORPG, has been hacked yet again. As many people will remember , Ragnarok was hacked in late June, and a file with every user's passwords/usernames was distributed." Another anonymous reader claims: "Someone logged on as a GM, loaded arbitrary items and distributed them, used the in-game announcement system to announce their accomplishment, and was able to delete all of the official GM accounts." As yet, there's no official statement from the Ragnarok developers on this latest alleged issue.

29 comments

  1. stratics by Anonymous Coward · · Score: 0

    stratics is just full of shit, this is yet another attempt to get people away from ragnarok to SHADOWBANE and ULTIMA ONLINE (gasp), just visit their "secret" channel on irc.stratics.com #sooky and you'll see what I mean.

  2. Why Clear Text Passwords are Bad, and How to Avoid by Anonymous Coward · · Score: 3, Insightful

    If they just wouldn't store passwords as cleartext, this kind of thing would happen much less often. Read this interesting article for more on the subject.

  3. That nemesis ... by Hougaard · · Score: 5, Funny

    Why do you think its called "Ragnarok" ...

    The old nordic mythology tales about the end of the world, and offen used (here in Denmark) as a description of when things gets out of control !! /Erik

    1. Re:That nemesis ... by JavaLord · · Score: 3, Funny

      Oh really? I thought Ragnarok was Korean for "Cleartext Password"

  4. what? that's propostorous! by nunofgs · · Score: 3, Funny

    There are no infidel hackers in Ragnarok! Never!

  5. GRAVITY IS CLOSING UP SHOP by Anonymous Coward · · Score: 4, Interesting

    One of my friends is one of the Sub GM - The Korean management of Gravity has decided they want nothing more to do with the Americans who consistently cause more trouble than they are worth. There has been no announcement because the GM staff has been dismissed except for a skeleton crew. Word is office supplies and such are being boxed up for return to Korea, and iRO will shut down at the end of the week. They simply don't have enough customers left to support operations in the face of continuous attacks.

    1. Re:GRAVITY IS CLOSING UP SHOP by analog_line · · Score: 1

      This is certainly no surprise to me. So is America turning into some kind of monster to MMOs, like Asia is to the record/DVD industry? More trouble than we're worth, so we won't even bother selling there.

      Apologies if this seems crazy. Probably is. I just woke up.

      Also, I wonder why they think the American hackers that do this now won't just obtain a Korean copy of Ragnarok online and do the same thing from across the Pacific?

    2. Re:GRAVITY IS CLOSING UP SHOP by Anonymous Coward · · Score: 0

      ITs not noob.

  6. Re:Is that so? Well, FUCK YOU. by nunofgs · · Score: 0, Flamebait

    how mature... I wont even dignify that with a response. (maybe if you actually used arguments to fundament your insult instead of acting like a little kid)

  7. Re:Is that so? Well, FUCK YOU. by Magic+Thread · · Score: 0, Troll
    I wont even dignify that with a response.
    And whose fault is that?
  8. Korea and KSSNs by Schezar · · Score: 4, Interesting

    Before Rag Online came to the US, a bunch of us tried to sign up for the Korean version...

    We couldn't. In Korea, almost every online game requires you to provide a valid KSSN (Korean Social Security Number). Furthermore, these numbers aren't like US SSNs. The number itself reveals such information as birth year and gender (and they tend to enforce gender in the games as well). You can't just make one up, since it either wouldn't have the proper checksum, wouldn't exist in the database, or wouldn't match the age or gender you need. Plus, the Korean government investigates "suspicious use of a KSSN." If a Korean citizen's KSSN is regularly connecting to a game server from the United States, something is likely amiss.

    Granted, there are sites that will "sell" you KSSNs, but they often get shut down by the Korean government. We gave up trying and just waited for the American release. (Not that it was worth waiting for -_- Stupid macro-based boring laggy POS MMORPG...)

    --
    GeekNights!
    Late Night Radio for Geeks!
    1. Re:Korea and KSSNs by analog_line · · Score: 2, Interesting

      OK, how about the Japanese version? Is there a simmilar restriction on that? I know there's a Japanese release of Ragnarok.

    2. Re:Korea and KSSNs by Anonymous Coward · · Score: 0

      There is a KSSN generator program available...naturally as freeware...kinda like a keygen...

    3. Re:Korea and KSSNs by Gannoc · · Score: 1
      The number itself reveals such information as birth year and gender (and they tend to enforce gender in the games as well)

      Damn, there goes my main reason to play online games.

  9. Not too shocking... by heyyojay · · Score: 2, Interesting

    I am not supprised that it was hacked. Why would you put all of the passwords in the same spot. Some other smart online games have passwords stored in several servers, not in just one file. I am afriad i cant feel bad for them. I feel that it is thire own fault...

  10. Re:Is that so? Well, FUCK YOU. by Anonymous Coward · · Score: 0

    Um, you _did_ dignify it with a response. Idiot.

  11. Last time I checked... by ASkGNet · · Score: 5, Insightful

    Last time I checked, they did not even bother to upgrade their security after June's attack. But let's not speculate, and look at a known case:

    Private servers.

    Anybody that cared to dig up a bit the history of Ragnarok Online's private servers knows that a sizeable portion of it originated from Aegis. Aegis was the codename of the actual server software that Gravity runs on their servers. Indeed, there was a case of a few hackers in Korea beating the security (or lack of it thereof) and causing the leak of server software to public. This was in mid 2002 if I am not mistaken.

    Now, let us jump 1 year forward, to June 2003. Second attack on Gravity servers. Massive leaks of account data. One may think that after the first fiasco, the security measures were strengthened. However reports show up that passwords were stored in plaintext. Therefore one must conclude that if there was not enough attention to this small (and easy-to-fix) detail, the overall security is in the same state.

    Which ultimately means that nobody bothered to upgrade their security - if you check your RO client now with a sniffer, you will see that it sends login data in plaintext(?!), not to talk about actual server-side databases.

    If they could not fix this in a year, almost year and a half since the first attack, what would make them magically fix it in 1 month. Therefore, attacks like this one will happen, and leaks like this one will happen. It's not a one-time occurence.

  12. Alleged by mdielmann · · Score: 1

    What's with this 'alleged' stuff. This is /. dammit, and I expect no less than any other tabloid news distributor!

    --
    Sure I'm paranoid, but am I paranoid enough?
  13. Alot more attack recently? by jplvr1 · · Score: 1

    I've seen a few just on message boards I frequent. 2 of the 5 I visit most often got hit. Maybe just coincidence.

    --
    Best Web Based Game
  14. Security improving everyday... by dq5+studios · · Score: 2, Funny

    This just in, the account that was hacked has been discovered, it was
    Username: Administrator
    Password: Default


    On the serious side though, remember Sega Japan using the excuse of America being full of nogoodniks as the reason they were going to charge twice as much for PSOv2 then they did in Japan? I guess they were right.

  15. Same as it ever was by August_zero · · Score: 1

    The Ragnorok Online hint of the day (brought to you by mountain dew, when you level up do the dew)

    Todays tip: stop playing ragnarok online

    All kidding aside, Suppose I started an airline "Mofo air" and it suffered 2 major crashes in less than a month all due to sloppy security and terrible maintance. How many of you would still be buying tickets? How poorly does one have to run a company before people get the picture that it sin't going to get better?

    Im sure there will be some law suits in the next couple weeks or so from angry Ragnarokers.

    --
    On Wall Street they say "buy low, sell high" On the pad we say, "buy high, sell high" Isn't that somehow better?
    1. Re:Same as it ever was by Anonymous Coward · · Score: 0

      Unlike your airline example when RO gets hacked 200 real people dont suddenly and violently die.

    2. Re:Same as it ever was by August_zero · · Score: 1

      But their characters do.

      For a MMORPG player, this is the same thing. Characters take hours and hours to build up (weeks, months, years even), and to lose it all because the host of your game can't keep their servers protected is a very hard thing to over look. This combined with Gravity's past "its your fault you got hacked" attitude (im not kidding on that one, after a number of hacks during one of the betas their offical statement was that it was the users fault for not changing their passwords often enough, what kind of PR is that?)I just don't understand why people still play it.

      And why was that reply posted as an AC? its not trolling or rude.

      --
      On Wall Street they say "buy low, sell high" On the pad we say, "buy high, sell high" Isn't that somehow better?
  16. Don't tell me... by corkhead0 · · Score: 0

    ...there were people dumb enough to buy a subscription to that lagfest!

    That extra cash is sure looking nice in my pocket right now.

  17. last post winner by muirhead · · Score: 1

    Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins, Grumpy Watkins,