The Problem With Hackings - And The Solution

Right now, there are some major problems with the way MSN hackings are going. Basically, the hacker has incentive to trade himself with the msn accounts, and stage trades. By doing so, the hacker creates fake scam reports which the victim must repay in order to return on Sythe.org. These hackers know that most victims run healthy businesses and will likely repay the losses to return to trading.

This is a major problem. Let's say I am hacked, and the guy who takes my MSN goes and stages a 10B trade. He takes the screenshots of the fake trade, stages an MSN convo, and uploads the proof. I am basically shit out of luck, and I have to repay the hacker, even though nobody was scammed. Theoretically, this could continue up to an infinite amount.

My proposal is to make a cap of what a trader is liable to repay on their MSN without a Sythe PM. I'd say anyone trading billions at a time should be asking for a PM anyways. This exempts smaller trades, and really only affects the bigger players.

Basically, traders should not be liable for anything beyond $1,000 per trade on MSN done without a Sythe PM. This rule should be heavily advertised to ensure people understand. Any abuse of this rule should be closely investigated, and all scam reports should be looked at and examined for fake hackings, etc. (saying you're hacked when you're not, to get away with a scam). However, I think this recent flow of hacking has shown us that the system is too easily abused by the hackers.

[stui *BANNED*]

Probably a suggestion more than feedback, but yes i do agree, i pretty much always get a pm when trading, unless its with friends but even then i would probably get a pm if it was over $100 or something like that

The problem is, if people readily trade without private messages, a fake sphere of trust is created for buyers. For example, if someone purchases billions of gold from me, and I never require a private message, he might not ask for a private message every time we trade. Therefore, if I get hacked, he may proceed to trade with the hacker.

I understand the issue behind the hackings, but we need to find a better solution than not finding the person hacked liable for trades above a certain amount.


Maybe have people meet certain guidelines to be covered under this new policy? For example, you must require private messages to complete any trades above X amount, display that you require private messages in your signature, and so on. If we create a certain standard that has to be met by sellers, we can offer them additional protection. This is much more fair and protects both buyers and sellers.

[Brendan]

Quote:

Originally Posted by R2Pleasent

Basically, the hacker has incentive to trade himself with the msn accounts, and stage trades. By doing so, the hacker creates fake scam reports which the victim must repay in order to return on Sythe.org. These hackers know that most victims run healthy businesses and will likely repay the losses to return to trading.

Is this really happening? Is their any proof to back this?

Regardless, I do agree with your suggestion to an extent. There have been suggestions in the past which have asked the staff to require PM's for trades, but they've never gone through because the staff don't really want to babysit these situations and seem like they're, I dunno, being too strict.

Your suggestion does remove those two factors, because these hacking incidents don't occur very often, and it makes sense to get a Private Message for a trade, especially of that caliber.

The only downside I can see, is if a Gold Seller is corrupt and has a legitimate buyer come forward ready to purchase an amount of gold which puts them under these guidelines, and the seller scams, doesn't that mean if they claim they were hacked, nothing can happen?

When my msn was hacked, my hacker used it exclusively to stage trades with his friends and himself. I had 5 reports of 10b in scams, thankfully mods saw through them and I didn't pay him a penny. I'd be willing to bet that no one has actually gotten away with a fake scam for any really large amount of money, there are a lot of ways to determine of proofs are fake or not, if trades are staged, etc.

Capping the limit on liability is also really unfair to people who are scammed for a large amount (see 6.2B from recent arcus assistant msn hacking) and only get somewhat compensated. If people used @hush emails this wouldn't be an issue anyway

[Wolfdog]

This is a problem, but I don't think your proposed solution is the answer. One reason, while I'm sure the number was one you just threw out there, is that a lot of people never buy more than 1-2b at a time (which is less than $1000.00) rendering the price limit worthless.


Ill think about it some more, add some stuff tomorrow.

This happened to me a few years ago Brandon and harped faked a trade. I always thought that it's crazy and that's why I require a pm.

Nate has essentially the same suggest awhile ago. And oh, its per trade. The scam artists would just scam $900 each time and have to get paid back.

[KerokeroCola]

I like R2P's idea, but I don't think it covers the inherent problem. There is far too much wrong with MSN. Since I left the SL, I don't know how progress is on the new VB update, but maybe it can include a site-wide IM system that should hopefully rule all but actual scammers from causing damage? The simple fact is that, with MSN or Skype or any third party system, we are basically letting that company's security dictate the security of our own trades. (For that matter, I don't think switching to Skype all-out would help much. Yes, there are less Skype hacks, but that's just because there are less Skype accounts and less incentive to attack Skype's security measures. If we do a full-fledged shift, the hackers will merely try new methods on Skype instead.)

[Emperor_Nero *BANNED*]

Quote:

Originally Posted by KerokeroCola

Just to clear this up: @hush.com is just as insecure as @live.com. I never really understood this fad. Just because you can't hack the actual email doesn't mean you can't hack the Windows Live passport of the account, which has the same recovery system as any @live.com email would. Both of them are susceptible to the same exploits.

I like R2P's idea, but I don't think it covers the inherent problem. There is far too much wrong with MSN. Since I left the SL, I don't know how progress is on the new VB update, but maybe it can include a site-wide IM system that should hopefully rule all but actual scammers from causing damage? The simple fact is that, with MSN or Skype or any third party system, we are basically letting that company's security dictate the security of our own trades. (For that matter, I don't think switching to Skype all-out would help much. Yes, there are less Skype hacks, but that's just because there are less Skype accounts and less incentive to attack Skype's security measures. If we do a full-fledged shift, the hackers will merely try new methods on Skype instead.)

Kero has a very valid point here. No matter what we do as long as there isn't a built in IM system for sythe we will always be at the mercy of a 3rd party system. A built in IM system could clear up a lot of these problems. You could only support refunds for trades that were logged in Sythe's IM system. It would make proof gathering somewhat easier, also. There will always be hackers trying to figure out exploits for whatever is mot profitable.

Quote:

Originally Posted by KerokeroCola

Just to clear this up: @hush.com is just as insecure as @live.com. I never really understood this fad. Just because you can't hack the actual email doesn't mean you can't hack the Windows Live passport of the account, which has the same recovery system as any @live.com email would. Both of them are susceptible to the same exploits.

Let's take a look at which emails were hacked and which ones weren't:

Hacked:

HJQ, hotmail
Kevin001, hotmail
Arcus Isidar assistant, hotmail
pockets, live
benda, live
kmjt, live
just_un_dude, hotmail

Not hacked:

Viou, hush
Arcus, hush
Video, hush
n4n0, hush
punkerpunk, hush

Do you think this is just coincidence? Hotmail/live is significantly much less secure than hush. If you go around spreading this misinformation, you're gonna get people who register for hotmail instead of hush because they think it's just as secure. It's not, what you're doing is extremely counter-productive and I recommend you edit/delete your post

[Wolfdog]

Quote:

Originally Posted by video

Let's take a look at which emails were hacked and which ones weren't:

Hacked:

HJQ, hotmail
Kevin001, hotmail
Arcus Isidar assistant, hotmail
pockets, live
benda, live
kmjt, live
just_un_dude, hotmail

Not hacked:

Viou, hush
Arcus, hush
Video, hush
n4n0, hush
punkerpunk, hush

Do you think this is just coincidence? Hotmail/live is significantly much less secure than hush. If you go around spreading this misinformation, you're gonna get people who register for hotmail instead of hush because they think it's just as secure. It's not, what you're doing is extremely counter-productive and I recommend you edit/delete your post

Truth is, you should be using hush. Whether or not you have to have the .live passport connected, as long as you have the @hush its unlikely that anyone will be able gain access to it.

[688 *BANNED*]

truth is, if u trade with someone only via msn, u got banned on sythe or ur a retard, seeing ppl get scammed by imposters makes me laugh, if u dont take percautiosn in a trade, ur a dumb ass and deserve to be banned. half ppl on here dont understand that, then expect the mods and the scammer to repay them? lol...

[RuneScapeJJ]

After thinking of some positive and negative sides of this new rule I believe that this rule should indeed be implement. However, some people just trust people straight away when they see someone has 1000+ Vouches and traded over 100B. Some people just don't PM because they trust somebody straight away, and they could be a victim of this new rule.

However, most of the times the big traders will be the victim because of people potentially staging trades - which results in the big traders paying them the "lost" money.

Overall I support this idea. But, it should be "advertised" over the forum to avoid some people potentially losing money because they didn't send a PM when the trade was actually legitimate.

[KerokeroCola]

Quote:

Originally Posted by video

Let's take a look at which emails were hacked and which ones weren't:

Hacked:

HJQ, hotmail
Kevin001, hotmail
Arcus Isidar assistant, hotmail
pockets, live
benda, live
kmjt, live
just_un_dude, hotmail

Not hacked:

Viou, hush
Arcus, hush
Video, hush
n4n0, hush
punkerpunk, hush

Do you think this is just coincidence? Hotmail/live is significantly much less secure than hush. If you go around spreading this misinformation, you're gonna get people who register for hotmail instead of hush because they think it's just as secure. It's not, what you're doing is extremely counter-productive and I recommend you edit/delete your post

Very well, your rather indignant majesty.

For the record, @hush.com have been hacked in the past by abusing the passport side of the account. I'm obviously not familiar with this particular abuse of Windows Live, but what I said was grounded on thousands of hours of experience with Sythe. Hacking methods change, and apparently the newest one somehow didn't work for Hush, which is fortunate indeed.

[nukeham *BANNED*]

here im going to tell you guys straight up, every email account can be hacked, there is no method, the reason most people dont do it here is cause they move on to bigger things with there own site charging people money to get a email they want. I got this from my boi, since he does this in russia trust

[darkorb223]

yeah i think if you're working with that much money you would ask for a pm and be very careful. $500 is a lot to me let alone $1000 or 10B. better safe than sorry.

[freakyhair *BANNED*]

Quote:

Originally Posted by video

Let's take a look at which emails were hacked and which ones weren't:

Hacked:

HJQ, hotmail
Kevin001, hotmail
Arcus Isidar assistant, hotmail
pockets, live
benda, live
kmjt, live
just_un_dude, hotmail

Not hacked:

Viou, hush
Arcus, hush
Video, hush
n4n0, hush
punkerpunk, hush

Do you think this is just coincidence? Hotmail/live is significantly much less secure than hush. If you go around spreading this misinformation, you're gonna get people who register for hotmail instead of hush because they think it's just as secure. It's not, what you're doing is extremely counter-productive and I recommend you edit/delete your post

What kero said is true. It's the whole passport for Msn that's hacked. The reason I think none of those people using hush got hacked is because people like you think that Hush is just as secure as hotmail, and thus they target the hotmail accounts because they know that they are insecure.

OT: To be honest, I think if people's msn's are hacked, and people scam, then the persons whos msn is hacked should NOT have to repay the person back. This is because 3rd party software such as MSN has nothing to do with Sythe, it's only a means of communication. People should always ask for a PM, and those who don't should learn from this situation.
I do agree then that there should be a cap. From this it would protect the big bulk buyers, and also it would make it much easier to see whether scam reports are legit.

[Elite Cbr *BANNED*]

R2p, this would work for you.

If someone is very concerned about validating your identity, then chat with them on your live chat on your gold website.

No caps will be made as this doesn't solve anything in the end.