Giveaway of the Day Forums

1. 

   mikiem2
   Moderator

   1st off, sending all the best wishes & good thoughts possible to WR, who announced on the Game GOTD download page that his backup Steam account had been hacked, & his PC possibly compromised by malware.

   It's a nightmare scenario, but one I'm afraid that we all should be prepared for. I think the 1st thing to think about when you suspect or know cybercriminals have broken in, is how far they've managed to spread their tentacles. If they've compromised your router, anything you do to remediate the situation on your individual devices may be a huge waste of valuable time. The same goes if they've compromised other devices on your network, and you proceed with remediation while they're still connected to your network. For many people I'm afraid that the list of possibly insecure devices may even reach your cell phone(s), and indeed that may be where the whole nightmare started.

   Personally I'd suggest either a full reset -- reinstalling the base OS -- of one of your cell phones, or possibly rushing out to buy a prepaid [so-called burner] cell phone, using the cellular network to change all important passwords, at the same time implementing 2 factor authentication [as possible] if you hadn't done so already. Cybercrime is a business, and like any other business it's based on having as high a volume of transactions as possible. You are not the only person they've successfully attacked. It takes time to make use of all the stolen data they harvest, and hopefully you'll have enough time to make sure your most important accounts are secure.

   Next, I'd suggest disconnecting everything, and starting with your router. You might go out & buy a new one, or you might use that virgin cell phone to research completely resetting the router you have. Then start working your way through all of your devices that were connected to your network. Cybercriminals often really focus on persistence, burrowing as deep as possible to prevent anyone from ever removing their access to your systems. It's rare, so far as what's been published anyway, but that can include infecting UEFI BIOS, so it's safest to start there. You can go so far as replacing the drive(s), and then reinstalling the OS, but if they're in the BIOS it's still Game Over. Reflash the BIOS then [as possible] -- if not, keep it under suspicion.

   Drives can be wiped -- research wiping your brand/model SSD(s) -- remembering that anything that stored data, with or without an installed OS, also may be storing malware. It's possible to install a hidden file system/partition on a USB stick that'll survive formatting, though it's not likely a cybercriminal used something that advanced. Still, if you're paranoid enough, throw them all out.

   When it comes to backup archives, if you restore backups try to go back a while, using older backups, because there may be a substantial delay between when the system was initially compromised & when you found out about it. Many cybercriminals play a long game, refraining from giving you any notice that things are no longer secure. Cybercriminals do not all cooperate with one another -- it's not unheard of for one cybercriminal or group to hijack systems another has already compromised. There's also the possibility that more innocuous tracking or ad serving software that might have gone unnoticed, or nonfunctional malware, perhaps something that was not completely removed by security software, might be the doorway that led to your current compromise. Things like USB drives that are rarely connected or plugged in are safer places to store things like backups you need to be malware free, but that's not a guarantee.

   Reinstalling the OS [e.g. Windows] is of course a good option, providing you use a fresh download to a fresh storage drive, and are at least fairly certain nothing connected is compromised. When a new version of win10 comes out, e.g. 1809, I like to download an ISO to a DVD -- since you cannot alter a closed, burned DVD, I consider those safe.

   Posted 5 years ago #
2. 

   delenn13
   Dedicated Gamer

   Yea. It's been fun. That Wrascally Wabbit got it..Then Dana got it from him and it has spread to a few Chronies on my other forum.

   https://community.chrono.gg/t/my-steam-account-was-stolen/14720/89

   Here is what Steam Help says to do IF you still have control of your account:

   https://steamcommunity.com/discussions/forum/1/1745605598723072950/

   If NOT, Contact Steam Support....

   Posted 5 years ago #
3. 

   mikiem2
   Moderator

   1st off, Sincere Condolences to those that have lost their accounts.

   WR took the correct approach reinstalling Windows -- my concern is if he only looks at his PC, and not those used by his kids for example. I take issue with the statement on Steam [from the 2nd link] because it clearly misstates risk:

   We always recommend a few other mandatory steps.

   1) Scan for malware. https://www.malwarebytes.com/

   *Usually* [Not Always] there's some code that has to be run to compromise [infect] a system, so scanning files beforehand **May** be useful. After the fact, once the system's been compromised, it's a big Maybe. Perhaps there's a bit of PR concern, with Steam not wanting anyone any more upset than they already are? Or perhaps it's a matter of Steam not wanting to bother having an expert address the issue -- they certainly have security experts either on payroll or under contract. But truth is, a false sense of security & the complacency that usually follows is Not a good thing.

   One goal malware developers share is persistence -- maintaining their presence on a compromised system, knowing that there's all sorts of security software designed to kick them out. And they continually develop new methods to stick around undetected. If a cybercriminal manages to infect a system, & uses less up to date code &/or methods, it's possible that a scan using security software may find it. But it's just as possible that several scans will reveal nothing at all, and the system remains compromised. It's actually to the point that very many experts feel that traditional anti virus software worsens security by increasing the attack surface [the number of possible ways that systems &/or networks can be attacked].

   There's also the very real possibility that cybercriminal(s) stealing Steam accounts have zero interest in anything further -- stealing Steam accounts is their thing, just like others might specialize in Fortnite. But they still might leave malware behind for some other cybercriminals to use in the future. So again, if a victim does a anti virus scan that shows nothing, and their device [PC, laptop, whatever] seems perfectly fine, that definitely does not mean that they're OK. That's NOT to say don't run security software, but that it's best defense is monitoring everything going on, looking for anything suspicious, rather than pattern matching malware files.

   Posted 5 years ago #
4. 

   mikiem2
   Moderator

   Mentioned in the 1st post that routers can sometimes be compromised -- came across this:
   badpackets[.]net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/

   There was a bad vulnerability in this one brand/model modem that was being exploited in Spain by cybercriminals located close to the targeted modems. Spain is not the only country where this modem is used, & while most *but not all* targeted modems in this campaign were located in Spain, there may well have been similar attack campaigns that went undetected.

   Posted 5 years ago #
5. 

   Tiffany
   Member

   Years ago I tried Steam and it was good for awhile, then I got hacked. Even my Steam account was compromised. I had to do the whole 'who are you' credentials to even get it back. In the end it buggered up my computer shockingly to the point of snail pace slow. I ended up deleting anything Steam even to the point of closing my Steam account and even that was another 'who are you' piece of muck up. I hate to reset my Windows too. I lost a lot. And because of Steam I will never ever go there again. I trust Malwarebytes. They have saved me quiet a few times. All I can say is BEWARE.

   Posted 5 years ago #
6. 

   Whiterabbit-uk
   Games Guru

   Thanks for the help and suggestions Mikiem2. The reason it happened was I'd received a message from what I thought was one of my Steam friends. I knew him reasonably well, so accepted the message. Usually I never click on links provided by messages via Steam due to an incident a few years ago, when I clicked on a link then within minutes was getting messages from various community members on my Steam friends list. Basically I'd picked up a Trojan that then send the same message out to everyone on my friends list, with one change; the message now appeared to come from me. I spent over 12 hours messaging each friend individually telling them not to click on the link that was part of the message (I used to have several hundred friends back then, most of which I got rid of after that event). Thankfully, most people received the warning message. I'd also posted it in the activities section of the community tab every half hour while I was sending the individual messages so that those who hadn't yet opened their messages would probably see it via the activities pane and just delete the message.

   Anyway, when I received the message from this friend last week, I was really tired and my opiate med's were kicking in. I should have by rights been in bed, but I was engrossed in something. When the message appeared I clicked on the link he had provided without even thinking. However, this was different to the previous message in that it just sent me to a site offering the chance to win a Steam key for a couple of games. I already had all the games on offer, but my friend had specifically asked that if I won one of the keys he would exchange it for something. What I had to do was link my Steam account with the site (which has become fairly common with sites such as several of the indie bundle sites and other safe sites and even the game giveawayoftheday, so I didn't really consider the implications at the time. I never use my main account to link to anything as I've spent over £40 000 on the games in my library since joining Steam back in January 2009 (Almost 10 years to the day); plus I have at least a few thousand pounds worth of duplicate games (approx 450 of them) in my inventory; some I picked up free for per-ordering games and some I bought while on sale, all with the purpose of giving them to friends on special occasions. I've also got thousands of other saleable items such as trading cards (approaching 5 thousand items), so if anyone hacked my main Steam account, the first thing they would do is take everything of value. The games that have already been added to the library would be safe and Steam would eventually return the account back to me, but I'd have lost everything in my inventory. So.... I always link sites with my back up Steam account just to be safe.

   That account was originally set up so that when my kids had friends on Sleep overs, they would all be able to play cooperative games together (so long as their parents agreed) because I'd buy an extra game (if it was suitable). They've grown out of sleep overs so that account usually lays dormant as I have every game already in my main account (apart from a couple). My son sometimes uses the account if he's received a temporary lock out from Counter Strike for leaving a game early. So he'd use the copy in my secondary account; plus there are a few zombie games he likes to play with online friends that he doesn't own, but I have in the secondary account. The inventory in the back up account is almost empty, with just a couple of games that were given for free for owning the developers other games, plus some trading cards dropped over the last year, basically very little of value to steal.

   The friend who send the message did have his Steam account stolen, and the message was sent by the crook who stole it. Thankfully the account has now been returned to him. My account wasn't actually stolen as I have a two-step authentication on it. He'd definitely tried to break into the account as I;d received emails from the account tied to that Steam account asking if I was trying to access the site from a different country, but because he couldn't authenticate the account (usually via a code sent to my home telephone or text message), he never actually gained access.

   I've since reinstalled windows on my main computer and carried out deep scans any of the other PC's that were connected to the internet during that period. I've also reset the router and added a new password. Then, even though I'd reinstalled windows, because I have several hard disks in the main computer I also did a deep scan, which took over 30 hours to complete due to the large amount of stuff stored on my other disks. (There's at least 10 terabytes of backed up games (many from previous giveaways going all the way back to the very first games given away). Though a lot have previously been backed up onto DVDs and external drives. I keep any that I'm likely to play on one of the disks on this computer.

   Posted 5 years ago #
7. 

   Whiterabbit-uk
   Games Guru

   Hi Tiffany, how long ago was your Steam account hacked? Over the last several years Valve have responded with lots of different security measures to stop hackers, including a two step verification process (which is voluntary). With the two step in place, it is now impossible to hack the account (unless you have access to the Steam owners home phone numbers and access to the accounts and verification emails. Even these now have two set authentication, so, if they did manage to access your email, they would then have to go through an email authentication process. I use different emails for all of my game accounts and don't use the same emails to authenticate them; this adds more security.

   The friend who I mention above who was hacked didn't activate the two step authentication. They have also included various security measures with market transactions so that if someone does manage to steal items from your inventory (which can't happen with two step verification) they have to wait 14/16 days for the transaction to complete. Anytime within that period, the genuine account holder of the items being transferred can cancel the transfer with just one click of a button. Also, all market transactions between Steam community members requires an email confirmation of the transfer from both sides for it to work.

   For those who do get hacked, its really important to contact Valve as soon as possible. My friends account was returned to him in less than a day, so, if they had tried to steal any items he has the ability to cancel the transfers, so long as its done before the 14/16 days are up. This came about back in 2014 (I think) because community members were losing a significant amount of items stored in their inventories, including high value games and games that were no longer available via the Steam site, which can bring unbelievable prices via various online Steam key sales. Some game collectors are willing to pay hundreds of pounds just to add games that have been removed from Steam to their account. (I have around 70 of what are now called by Steam game collectors ''Removed Games'' in my Steam inventory). The older the game is, the fewer are available so the price can become crazy. Removed games include games from developers who have gone bust and the games license's haven't been purchased by other developers and games from developers who have tried underhand tricks to boost their sales and even games that are broken. (believe it or not some game collectors will buy broken games just so they can say they have the game on Steam.

   Things have become really crazy since Steam started back in the erly 2000's. There are now hundreds of top lists that have been spawned through Steam, for example, there are lists that list who has the greatest number of games on Steam, the greatest number of achievements, the greatest number of completed games and even one for the total amount of time you've spent playing games on Steam since you first logged into the client. Its become so crazy that some community members are running as many games as their computers can handle just to notch up hundreds of hours of game play every day. Several community members have managed to accrue enough game play hours that if you calculated how long they had been playing, it would amount to years before Steam even existed and that is playing the game 24/7 52 weeks a year. Such activities have become rife over the last several years since various sites started creating these lists. I can remember seeing a particular friend appearing to start up game after game, every several seconds for ages. I then noted that his game play time over the two weeks Steam indicated how many hours you've played had reached almost 6000 hours. Why people do such things is a mystery to me?

   Sadly, game clients have become the norm these days. This was partly fueled by hackers ripping off disk based games. Big name developers were losing literally millions in sales because it was really easy to copy the games and give them to friends. It's the reason DRM was introduced. Game clients were just a natural progression from that.

   I still prefer to have hard copies of my games, but many are no longer available on disk, and even when they are, for example the Total War series (one of my favorite real time strategy franchises), you cannot play them directly from the disk anymore. The disk is just used to initially install the game, then, once you've inputted the activation code, its linked to Steam. If you try to play the game with no Steam client installed, it tells you you must install Steam and create an account before you can access the game. Personally I cannot get away from Steam, partly because I've spent a small fortune on games over the last 10 years since I was 'forced' to join, but also because many of the games I really like and would not be able to play them if I didn't use Steam.(With respect to being forced, (okay we have free will) I'd purchased two games from an online site that I really wanted to play called Galactic Bowling and a tower defense game called Defense Grid: The Awakening. Turns out they were Steam-work games, which means they can only be played via the Steam client. I didn't know what Steam-works meant at the time), buying them from a different outlet, I thought they were free standing as all the previous games I'd purchased had been.

   Even sites like Good Old Games now have a game client, though GOG's client is for now still voluntary.

   Posted 5 years ago #
8. 

   delenn13
   Dedicated Gamer

   Hey Wabbit,

   Do you know about this site???

   "The games or software on this list do not have any DRM once they are installed which means that they do not require the Steam client to be played. Typically, you don't have to tweak the games or software in order to run them wherever you want; the list will make notes of any exceptions."

   https://steam.fandom.com/wiki/List_of_DRM-free_games

   Posted 5 years ago #
9. 

   mikiem2
   Moderator

   Very glad everything worked out WR, though sorry for the amount of work involved. You make a Very Good point talking about your secondary or backup Steam account -- something I think most people should consider, and not just with Steam. I use all backup accounts with the cell phones for example, because cell phones are so often stolen, and there's quite a few hacks, lots of Android malware etc., and I only feed those backup accounts with prepaid or gift cards, so the consequences are minimal if they're compromised.

   The best policy is of course not to click any links, but in the real world that doesn't always work so well. While I'm not sure if it would work linking a Steam account, what I do when a link is to an account sign in page -- not a pop-up like is common with PayPal -- is I'll open another tab in the browser, or open the browser if the link is in an email, visit that account, & sign in. If the link is legit, it should recognize that I'm already signed in -- if I see a sign in page or window I know it's probably fake. That's no protection from a man in the middle attack -- they could still be recording my login -- but I figure it's better than nothing.

   With the two step in place, it is now impossible to hack the account...

   2FA is well worth using, but it's not perfect, so everyone please, don't let yourself become complacent. Here are just a few links from Googling "hack 2fa" [w/out quotes].

   extremetech[.]com/extreme/269121-this-tool-can-hack-your-accounts-even-with-two-factor-authentication

   shahmeeramir[.]com/4-methods-to-bypass-two-factor-authentication-2b0075d9eb5f

   wired[.]com/story/reddit-hacked-thanks-to-woefully-insecure-two-factor-setup/

   Posted 5 years ago #
10. 

    Whiterabbit-uk
    Games Guru

    Hi Delenn, no I didn't know about that site, but I did know that some games could be played without the Steam client. I've never got around to finding out how many, so thanks for the link. :)

    Posted 5 years ago #

RSS feed for this topic

Reply

You must log in to post.