Symantec Finds Server Containing 44 Million Stolen Gaming Credentials

← Back to Stories (view on slashdot.org)

Symantec Finds Server Containing 44 Million Stolen Gaming Credentials

Posted by Soulskill on Thursday May 27, 2010 @05:49AM from the who-wants-to-buy-a-level-80-paladin dept.

A Symantec blog post reports that the company recently stumbled upon a server hosting the stolen credentials for 44 million game accounts. It goes on to explain how the owners of the server made use of a botnet to process that mountain of data: "Now it's time to turn those gaming credentials into hard cash. But how do you find out which credentials are valid and thus worth some money? Three options come to mind: 1) Log on to gaming websites 44 million times! 2) Write a program to log in to the websites and check for you (this would take months). 3) Write a program that checks the login details and then distribute the program to multiple computers. Option one naturally seems next to impossible. Option two is also not very feasible, since websites typically block IP addresses after multiple failed login attempts. By taking advantage of the distributed processing that the third option offers, you can complete the task more quickly and help mitigate the multiple-login failure problems by spreading the task over more IP addresses. This is what Trojan.Loginck's creators have done."

5 of 146 comments (clear)

Min score:

Reason:

Sort:

Re:I must be new here by keithjr · 2010-05-27 06:06 · Score: 3, Insightful

Is the buyer really going to come back and demand a refund when it doesn't work?

Probably not, but reputation must be worth something in criminal enterprises. Giving out a bunch of bogus products kills the word-of-mouth.

And what real benefit are these, anyway? Well, all the criminal has to do is sell off the account for less than the game costs up-front. They make pure profit and people willing to buy stolen games get a discount. Steam accounts could probably be quite lucrative, for instance.
And if I did this... by FrankSchwab · 2010-05-27 06:08 · Score: 3, Insightful

OK, so Symantec "recently stumbled upon a server hosting...".
What, was it placed on their doorstep one night, and they didn't notice it when they went outside to get the morning paper?
So, they wrote a crawler that intrusively scanned servers that they didn't have permission to access, opening and analyzing files that they didn't have permission to read, then published what they found?
And the penalty if I did that is, what, 5 years in federal PMITA prison?
There is something wrong in this world.

--
And the worms ate into his brain.
1. Re:And if I did this... by BobMcD · 2010-05-27 06:16 · Score: 4, Insightful
  
  And the penalty if I did that is, what, 5 years in federal PMITA prison?
  There is something wrong in this world.
  You're quite wrong. This is an example of one of the few somethings that is right in this world. Selective enforcement is designed into the system, along with jury nullification, to help the laws achieve ends that keep the public they support happy. Any "completely fair" application of the law would make it unworkable in very short order.
  Could you imagine a robot issuing you indecency citations every time you pass gas in public? Could you imagine a police officer doing the same if you passed gas into a megaphone-amplified-sound-system aimed at, say, an Inaugural speech? Context is key, and thankfully so.
2. Re:And if I did this... by KahabutDieDrake · 2010-05-27 06:55 · Score: 3, Insightful
  
  Neither of the cases you cite are actually illegal. This is a key feature of the law, if something isn't codified as illegal, it's NOT ILLEGAL. The context is effectively null, since the example isn't valid.
  
  You say that any completely fair application of the law would make it unworkable. That is the biggest pile of bullshit I've seen on /. in a long long time. Believe me, that's saying something. ONLY a completely fair application of the law works. Our founding fathers knew this. Our ancestors knew this. The fact that you don't know this is frightening beyond reason. You didn't say, but you implied that symantec should have rights and privileges that an ordinary citizen does not. That is the largest perversion of the law that is possible. Companies do not have any trust, they can't be given confidence, because they exist for ONLY one purpose, to make money. You can trust a person, you can't trust a company, and even attempting to do so is foolish (at least) and IMNSHO stupid beyond belief. Our entire foundation of laws is based on the INDIVIDUAL being the top, and everything else coming second. If you know believe that corporations should be on top (they are, but they should not be), well, we've already lost, haven't we?
Re:I must be new here by BobMcD · 2010-05-27 06:10 · Score: 4, Insightful

Oh for the love of humanity the things people will do in the name of wasting time.
One man's wasted time is another man's Sistine Chapel, or pornography collection, or fictitious language for a fantasy book series.
From the moment you open your eyes in the morning until you close them at night you're passing time. Whether or not it is wasted depends entirely on whether or not you regret how you spent it.