Admin-Help needed urgently!!!! (in Public Record)

I'm writing this through the account of my friend Moddin.
I am the owner of the account "TwoNinE".
My account was obviously hacked this night by someone owning the account "Mazzus (BookCase)".
I cant login anymore!!!
Plus, according to the transfer log, he transfered all my 26mil to his character "BookCase":
TwoNinE (The Generator) 69.159.14.90 Mazzus (BookCase) $26000000 February 4 2007 1:54 PM EST
and right after that the dough was sent to "Black Thunder (The Bad Apple)":
Mazzus (BookCase) 69.159.31.92 Black Thunder (The Bad Apple) $26000000 February 4 2007 1:57 PM EST
This guy again spread my money all over the place.
You can verify, that I am the legal owner of the account and the dough by responding to the E-Mail address attached to the account "TwoNinE" if it wasn't changed to.
Please help me to get my stuff back and make this bastard suffer!!!
Thank you all
29

I can't do too much, but your money now is in hands of people who bought CB from Black Thunder...

<system> [mail:] You have been assigned as a mentor to twonineII, who is currently in the room 'new players'. CB has taken the liberty of forging a chatmail from you welcoming him. Thanks for your help!



....

So he will get away with it and I'm the boned???
I mean honestly...that can't be it...!!??

@Flamey:
I tried to create myself a new account to post this here, but the tutorial kept me away from using the forum. So I asked for using the "Moddin"-Account to post. Whats the point?

For now I'm convinced that:

• Black Thunder is a multi of Concepter and will be dealt with soon after I finish this post.
• That he indeed cracked your account (login from an IP on a completely different continent, and the first/only things he did was change password and move the loot).
• That the persons that did receive the cash and character from Black Thunder are very likely innocent bystanders

Because of this, I have moved the character back to your own account, together with the repo'd the cash.
Most likely the account was broken into because of a weak password. I for now don't know this for sure, and if there should be an admin fee/stupidity tax charged (because this then could have been avoided...)

Thank you so much for helping so far, bartjan!!!!!!!!
Maybe I had a bad password, but when I started playing, I wasn't aware, that there is a danger of getting robed in here!!!
I can see, that "TwoNinE" now has a third character with my money.
But still I can't log on to it.
I was a little hasty creating "twonineII" for posting here and I used my old E-Mail-address.
So now I have only access to twonineII, which of course can be removed again!
I'm sorry for the trouble....

twonineII should indeed be removed, and you will get the old account back when bartjan is done with his 'research'

D'oh! forgot that you indeed couldn't access the account. Could you send me a chatmail with a working email address that should be used for the account. Try to avoid something like hotmail, as they tend to be a bit demented when it comes to receiving email.

Well Bart repod the 20M I paid USD for.

THAT IS CRAP!!!!!!!!

I paid usd for it like any normal transaction.

Why should I pay for someones inability to protect their account by making a password that can be hacked!

How do we know they are not in this together.

I WANT MY MONEY BACK!!!!!

That's crazy... I thought the rules were clear on this? I'm not happy that someone got hacked but there are warnings all over about it saying that the admins cannot and will not get your stuff back... why was this changed for this one specific occasion?

Next time:
- Make sure you don't buy large amounts from people that surprise you that they suddenly have that much cash.
- Make sure you make a Public Record post or any other forum post (in advance) detailing the transfer.
- Contact Paypal and scream "Fraud!".

Bart,

That is crap, utter crap and everyone knows it.

So are the admins now in the repo business due to someone's inability to protect their account?????

Why didn't Jon just create a new 26m and give it to the one who got hacked instead of taking the money that PM paid actual cash for? I know that would be "wrong" but so is what just happened.

And as we know, paypal will do nothing as they have done in the past.

I think this sets a bad precedent... are players now responsible to try and track every transfer that another player has done, just to try and somehow ensure that there was no illicit activity? Even then, how was PM supposed to know that a hack had occurred?

I think both TwoNinE and PM got scammed in this... and yet PM seems to be the one being punished, despite the fact that TwoNinE was the one with a weak p/w who got hacked. Don't get me wrong, I feel bad for TwoNinE, but why should he suffer no consequences, while PM loses out on a large sum of money for something he obviously had no control over?

Bart,

I have to agree that in this instance it is unfortunate that someone lost money due to a hacked account, but you have now made others suffer due to this fact. CB has always had a strict policy about how these things are dealt with, and through bypassing these policies, you have caused other players inconvenience, and loss. Again I don't feel it is right that twonine's account was hijacked and resources were lost, but it certianly is not fair to repo the money from another character who purchased it legitimatly with no knowledge of the theft.

Again, through circumventing the rules strictly outlined by CB, you have recouperated some of the funds lost by one innocent player, but caused another innocent player a significant loss and that is not justified.

I think it is every player's responsibility to check out who they're dealing with. I wouldn't hand money over to anybody in RL without double checking on them, if I could.

But the thing is, Bart was putting right something that happened in game. USD transactions are outside the game. If you're making a deal outside the game it's your responsibility completely.

Wow.. I feel so bad for PM, I think Bart did the wrong thing here. did the guy just find someone with loads of cash and try to guess his password? smells a bit fishy to me.

Bad business for USD Buyers, now we should give 1 week before we actually pay for the cb2 sent to us.

"But the thing is, Bart was putting right something that happened in game."

Which goes against CB policy. How are player's supposed to follow the rules if the admins are free to change them radically (I can understand minor changes in the rules depending on the situation, but this completely ignores CB's policy on the issue).

Ok, here is the paragraph from the Public Record forum:

If 2 people enter into a deal, and it is posted here, and one person backs out, or scams the other person, here is what will happen:

'If person A scams person B, we will reset A. We do not want to encourage scamming. BUT, it is your responsibility to make sure the person you are dealing with is trustworthy. We also do not want to encourage the thinking of, "so what if this guy offering me a cornuthaum for $100k is scamming me, all I have to is whine to the admins to get my money back." So no, we're not in the property recovery business. Same goes for loan installment payments. In other words: if you want truly scamproof trading, your only option is the auction system. '


Two things to note: any scamming here was the sale of the Cb$. What happened to TwoNine was hacking and theft. It is a completely different situation. And in that same paragraph that people bring up regarding scamming is the following sentence: "it is your responsibility to make sure the person you are dealing with is trustworthy".

Maybe a 10 million stupidity tax should be sent to Popsicle man. He seems to be the only party losing out, and he was nothing to do with it.

This situation is a bit different from property recovery, someones account was cracked.

It seems a bad precedent will be created if this is allowed. Let me quickly ask my friend to hack my account, sell my money, so I can get it back and sell it again. Lovely Jubbly

here is the thing.... Think what would have happened if the situation were reversed:


Lets say PM (or anyone) sent a paypal payment for $CB and the gold was never sent. If they had filed a complaint, could show CM logs, and a log of the paypal pmt., the admin would do NOTHING about getting the rightful gold to the purchaser, b/c this is the policy. The admin would have every capablity to "make things right in the game" but they would take no action. I am sure with a small ammount of research cases could be doccumented where this has been the case.

Again it makes no sense that with reversed circumstances that they should penalize a character with no involvement, to rectify a character who was hijacked.

As I remember it, transactions as a result of hacking were always reversed.
I'm trying to dig up the forum posts involving Tizzo, but it seems like Google forgot all about CB1 and web.archive.org is offline right now.

you have to be sure he was hacked thought right?

"It seems a bad precedent will be created if this is allowed. Let me quickly ask my friend to hack my account, sell my money, so I can get it back and sell it again. Lovely Jubbly"

Man, could I make a lot of money from that!!

Very Very bad precedent being set. Now we have to look through all the past transfers of all people, ask for 10 references, get a detailed history of their life, etc... What a crock.

I am sorry someone got hacked, but that comes from having a poor password. So I should be responsible for someone not doing things right? Seems so.

If I recall correctly as well as bartjan did, all the Hacked money from Tizzo was refunded to the people on cb1 from paypal...

thats' totally unfair that Popsicle Man is the guy under the chopping board

speaking of stupidity - the person who should lose out (if anyone) here would have been the guy with the weak password

what does critters have to say about this too?

I am not a expert in internet technologie but how Twinine and modin been able to get a IP from RIPE.A quick look at http://www.ripe.net/index.html tell me that its just not a ISP and they have members in Canada, black thunder is from Canada.

If it makes you feel any better PM (I doubt it will), you're not the only one getting ripped-off here. I bought 8.7M (for USD) from Black Thunder and had the CB cash repo'd this morning. I don't have much hope of seeing 'justice' done either.

Hot off the press from Paypal:

Dear (xxxxx),

Our investigation into your claim is complete. As stated in our User
Agreement, the claims process only applies to the shipment of goods. It
does not apply to complaints about the attributes or quality of goods
received. Therefore, we are unable to reverse this transaction or issue a
refund.


-----------------------------------
Transaction Details
-----------------------------------

Transaction Date: Feb 4, 2007
Transaction Amount: -$170.00 USD
Your Transaction ID: 27K97096F54771528
Seller's Transaction ID: 9SA513158K271941B
Case Number: PP-248-652-403
Seller's Name: Aaron Ayers
Seller's Email: evolution_34@hotmail.com

Just wondering... if PM had bought that money and then spent it quickly, would the person who got the money from PM be stripped of thier cash? This makes no sense to me, because the person who got ripped off in basically "fake" money was given his "fake" money back, but the person who bought that "fake" money with "real" money is stripped of the "fake" money instead of just creating some more "fake" money to give to the first guy who lost it?

To me this is a no brainer. PM as well as anyone else who bought CB2 with USD and can prove it through paypal transaction logs, should be able to keep their paid for game cash. Paypal sucks at recovering fraudulent transactions. TwoNinE, while it is too bad, should get his character back, password reset, and that is the end of it. Anything that was pilfered on the hacked account is not the fault of anyone else but the weak password and hacker (if this truly is a hack case). I looked at the IP addresses used by the hacker and TwoNinE and they both are Canadian, while this does not prove guilt, it is convenient and suspicious.

From: Black Thunder Sent: February 4 2007 2:06 PM EST

Hey, I have an steal of a deal for you. I'll sell you $28.5M for 250 US. What do you say?

Having been here more than 2 years now, burned a couple of times myself and watched multiple burns go down via the forums, I passed on this as "too good to be true", with my best judgment telling me it was a multi, or scammer...

Just an observation...

After a little more research, it appears that TwoNinE and Moddin are both from Germany and Black Thunder is from Canada.

BM:

That was not "too good a deal"

Jon was selling cb2 for 45 usd for 5M cb2. About the same price as Black Thunder.

I get a lot of CM's offering to sell me cb2 for less then 10 bucks per million. Are all of them scams?

I guess in the future, all of us will have to get tons of references before buying any items not in auctions (and perhaps even then if they were "stolen") before actually buying something.

Very poor precedent.

Whilst some warning signs were present here I don't think they should be used to brush it off as "should have been more careful"
The admins have corrected 1 side of the scam but not the other.
I understand that it is not desirable to create CB$ to reimburse PM and Jayuu because of a hack but the present resolution doesn't seem adequate either...

PM, there really is no comparison between what Jon was doing as a rare, 1 time thing, and receiving an unsolicited CM from someone relatively new with a large bulk amount at a "bargain" quick sale price.

Any unsolicited CMs from someone I haven't dealt with before offering more than 4 or 5 mil at one time raises red flags with me. But that's just me...

I'm not advocating brushing this off, either. Honestly, I hope PM and Jay get either their USD or CB$ back, I really do. I believe that some instances, such as these here (for both Moddin and those guys), should be cause for the Admins to get into the "recovery business". But I'm simply offering my experience as some "live and learn" advice to the community...

It might seem unfair. But the deal/transaction for the CB$ was made outside of CB, and so is outside of CB's admin.

And is it right that people keep money that is known to be 'stolen', regardless of the fact that they didn't know at the time of the transaction?

Why don't we all just stop chipping in our two cents on this one and just wait to see what the admins/Jon do ok?

I already sent Jon an email asking for his input...

"That he indeed cracked your account (login from an IP on a completely different continent, and the first/only things he did was change password and move the loot)."

Really... you know what's interesting? I connect to the net through ip addresses all over the globe, including Antarctica. If that's your logic, it seems that perhaps I should use one of my VPNs in Japan to login as a different user and really capitalize on my excess in-game wealth.

I think you might want to learn a little more about internet scams.


Regarding this ordeal.... $20m isn't a lot. Just take it off of Central Bank and send it to Ranger and be done with it.


One more thing -- for all those people claiming that the password is weak, you might want to consider the number of logon attempts. What is more likely is that the aggressor stole the password via keyboard logging or some such thing. Cracking a password, outside of porn sites, is not only blatantly obvious, but a total waste of time.

Hi again everyone,
one last thing from me about the whole incident via my own account:
Blame me for whatever: weak password, scammer, multi...you name it.
Fact is: I am a member of this community since September of 2006 and I never got into any debt!

Fact is: the money is on my account again. It will not move nowhere till there is a reasonable decision from the high entity!

Fact is: characters "Moddin" and "TwoNinE" coexist here since the day I joined and we NEVER acted any multi-like!

Fact is: weak Password back and forth: everyone is invited to check if their login is unhackable anyway.

I feel real sorry for the other two guys, but we all where shammed!
I would really appreciate if there can be solution that fits all of our claims!!!
Maybe the whole thing uncovers a very basic problem of the "pour real money into the game thing"!!

Greets
29

I don't believe in Central Bank bailing people out for the same reason that I think having taxpayers foot the bill for underinsured people building in risky areas is a bad idea: incentives matter, and that encourages exactly the wrong behavior.

I'm also anal about not creating money ex nihilo as far as the game mechanics are concerned.

So, I think that (1) the USD buyers should immediately make a claim through paypal, and (2) they should get twonine's money until paypal follows through. I think both can be trusted to either send the USD or equivalent CB to twonine if they get it back.

Should they have been more careful? Yes, but in this case the greater blame lies with twonine for setting his password to his username. (I checked a db backup.) I think for that lesson twonine got off relatively easily.

(For newbies to the whole IntarWeb thing: while exceptions exist, crackers almost never try really hard to get into a specific account; instead, they scan as many accounts as they can find for stupid passwords such as "password," "123456," "qwerty," password same as username, etc.)

I'd also like to stress that bartjan acted in good faith and this does not constitute a rebuke to him or anything like that.

I also agree with PM that we don't want to encourage people to try to double-scam by faking a hacked account.

Transferred funds to jayuu and PM.

Thank you Jon.

I already did file a claim with PayPal and the email I received from them was posted above.

Basically, nothing will be done.

You can argue with paypal that the goods were never delivered. Paypal has some of the worst customer service ever, and is heavily regarded in the online currency world as non-existent for the simple fact that they are a horrible service on many levels. I myself was involved in a class-action lawsuit against them because they stole several thousand dollars out of my account -- I got back $50 out of the lawsuit. The bottom line is: 1 - don't use paypal. 2 - If you are forced to use paypal, only spend via a mastercard (not visa, not discover, not Amex, etc). When paypal refuses to acknolwedge your claim, reverse the charge through mastercard, explain what happened, and MC will politely inform Paypal that if they don't comply within 30 days, they will lose MC privileges and be fined $50k per dollar withheld.

This is what I do, at least, and I've never been scammed since. Your mileage may vary, and I'm just explaining how I've worked with various financial institutions through the years, and how I've found what works for me.

As a final note... e-gold all the way!

Jonathan, is is hard to enforce better passwords upon initial registration and password changes?

there isnt gonna be a stupidity tax in this case?

small, I'd say the 26 mil stupidity tax enacted on TwoNinE is rather hefty.

"Because of this, I have moved the character back to your own account, together with the repo'd the cash."

he repo'd the cash. There was no loss on TwoNinE's part.

In response to Sutekh, perhaps indeed make it so that passwords have to have both letters as well as digits?

No OB,

Jon then moved the money back to myself and Jayuu.

Saying it was not our fault as his password was as simple as his character name.

Yes, it was a large stupidity tax, but imagine in the real world if he did the same thing. Like for his bank account, etc...

Ah, I gotcha. I read it as you and jayuu being transferred funds, and didn't realize that meant they were TwoNinE's. But agreed, the stupidity tax was fully justified.

This is 2007, there is no excuse for people still using their username as their password. If you are using a computer you really should learn about "safe practices" before using the computer. Here is some good examples.

Computer Safe Practices