Gold Guide affiliate

Sunday, 25 March 2012

Account security

Diablo 3 is going to see an unprecedented wave of online game crime.

Not a pleasant fact but worth stating. For the first time your game is not just a leisure pursuit but a store of wealth, a piggy bank full of bank notes. And there's a lot of people who would dearly love to smash it.

This is what your Diablo 3 account looks like to some people.

The Background

Professor Richard Heeks studies and writes about how developing countries use computers and communication technologies, a discipline called Development Informatics. In 2008 he authored a report on gold farming which is probably still the leading single piece of research in this area. (If I'm wrong I'd be delighted to find out otherwise).

There's two things in particular I'd like to highlight from Heeks' work that are relevant to understanding the RMT industry.

First the idea that you can't earn more than $5 per week because of Chinese farmers is false. Chinese farmers, according to Heeks get a salary of $145 per month at the meanest estimate and operational overheads are 100%. In other words if you earn $289 per month and absorb your own overheads you operate cheaper than a Chinese farmer. No one in China would farm gold for $5 per week.

Next Heeks feels that perhaps "gold farming's crepuscular status was artificially suppressing consumer expenditure". He means less people buy gold because it's forbidden. Diablo 3 changes that.

I think the RMT economy in Diablo 3 is going to be huge. Massive, beyond anything seen before.

The gold farming industry since professor Heeks wrote his report has continued to grow. The World Bank reported it at $3 billion in 2009. As it has been pretty much doubling every year for which we have figures it may be over $10 billion now. This is seriously big business and Blizzard's last RPG was right at the heart of the sector's growth. How much bigger could it get when D3 makes gold buying respectable?

It's also a very shady business. Gold farming operations have been linked to pedophile rings, have used forced labour, have been compared operationally to mafia organisations.

Gold selling operations often result to preying upon their clients. According to Blizzard:
Gold sellers and leveling services are responsible for the vast majority of all account thefts, and they are the number-one source of World of Warcraft-related phishing attempts, spyware, and even credit card theft. Players who buy gold actively support spam, hacks, and keyloggers, and by doing so diminish the gameplay experience for everyone else.

They also prey heavily on the games companies. And there's no way in hell these companies will meekly hand over the profits from RMT back to Blizzard and go off and do something else.

They'll attack Diablo 3's security. Blizzard's security. And YOUR security.

Securing your account

1) Use an authenticator. If you're not happy about paying for one grind some Blizzbucks and spend it on one in your first couple of weeks playing Diablo 3. EU customers get one here and US customers get one here. South East Asian customers get redirected to the US store.

2) Use unique passwords and a unique email for Blizzard. Don't tell anyone this. I regularly get exciting sounding phishing emails that appear to come from Blizzard in my public email - I know they're fake because it's not the email address that Blizzard has.

3) Never open a phishing email. Not even to read how dumb they are or whatever. Just mark them as spam.

4) People always say never share your account. It happens to be against the TOS. It's good advice but if you do share your account change the password after each time your friend or family member uses it. Your kid sister isn't going to be as security conscious about your stuff as you are and before you know it half of her school has your log-in details.

5) Don't trust fan websites. It's pretty easy to put up a fansite. And you can put almost anything in the html.

I'm going to now put my tin foil hat on and ask you to consider major fan sites. There's a history in online gaming of professional gold farming outfits buying out popular amateur fan sites. In fact it's almost the dream one has when making a fan site - that in 3 years some company will offer a million quid for it. Well, I have a question I'd like you to think about.


Why would someone buy a game fansite for huge amounts of money? I've heard people say it's because they can advertise there but internet advertising is cheap. They could advertise on dozens of fansites for a decade for less money that they pay to buy them.



What if some of the most popular fan sites have been bought out by gold sellers so that they can get people's game log-in details. In some cases they wouldn't even need to keylog although there have been stories of keyloggers downloaded from popular sites. But I bet if people had to put a username and password to read this blog some of you muppets would give me the exact same user name and password you use for your Battlenet account. <3

The basic fix is having up-to-date browser, addons (like Flash), virus scan and firewall. Some browsers may be safer than Internet Explorer. I use Firefox and NoScript.

A more paranoid fix is simply to use a different computer for web browsing than you do to play your games on. You'll probably need to browse a couple of sites on your gaming rig - downloading from Blizzard for example but you sure as heck don't need to surf to see what Inferno Skeleton King can drop on the pc that has your £5000 BNet account on. Alternatively you can run your browser in a sandbox with sandbox software like this one.

6) Don't use addons for D3. It's very likely that any addon won't work on D3 (or if it does you'll get caught and banned) but is issued knowing that it won't work on D3 but it will work on your pc, sending your personal details out over the wires. Just be suspicious - why is some random stranger on the internet giving you a maphack for free? Just because they're nice?

7) Be VERY careful if you trade on third party sites. It's probably not worth doing at all, some people might see a great deal and think yeah I'll buy that for $5 and sell it for $20 in game. Stop! Cons work on us because we're greedy.

8) Read the official information from Blizzard and CCP.

Let's be careful out there.


  1. Don't forget you can download the authenticator for your mobile phone too (Android/iPhone). Easy to configure and 100% free.

    1. I looked into that and got conflicting messages. Do you have an up-to-date link please?

  2. Did you read about the first hack tool?

    First Diablo 3 hacking tool and bot loader released

    1. I see the war between Blizzard's security and people who (for whatever reason) want to crack it as the showdown of heavyweights, Hollyfield v Tyson.

      Many of the best minds in computer security will be deployed on both sides and, yeah, the bad guys will win some rounds.