[Corrected July 5] On the day that Yanks celebrate our independence from
England Great Britain, South Korean jurist and Terra Nova author Unggi Yoon writes in with some MMORPG legal news from South Korea courts. It seem that NCSoft's Lineage has been hit by a major case two major cases of identity theft.
In the first case, apparently over two hundred thousand accounts were created based on stolen IDs. Reportedly, police are prosecuting not just those engaged in the scheme, but are also investigating an executive at NCSoft for failing to protect against the use of the stolen identity numbers. The purpose of the ID theft was reportedly to enable RMT. Says the report:
The seven gameroom operators reportedly hired about 100 part-time game players and made about 14.2 billion won ($15 million) in offline profits by selling cyber items obtained in the process of game-playing. Such items usually take long hours of play and a certain degree of luck. They are sold over Web sites to players for "real" money.
Note the scare quotes -- that's "real" money, folk, not play money. In another case, a civil suit by five players reportedly resulted in a judgment of 500,000 Won per -- about $529 USD. The players had their personal information disclosed when NCSoft failed to encrypt the log files containing their data two years ago. Story here.
p.s. While we're talking about law and MMORPGs in South Korea, we should also give a shout out to Unggi's recent paper on SSRN: A Quest for the Legal Identity of MMORPGs - From a Computer Game, Back to a Play Association.
Note: Tasteful animated graphics borrowed from Wilson's Free GIFs and Amimations.
Update: Thanks to Steve Davis of SecurePlay and Play No Evil, whose comments below helped to ungarble the original post by clarifying that there are two separate two or three separate NCSoft ID theft stories here. Steve provides coverage on his weblog here (170,000 accounts closed), here (civil suit by 5 players), and here (police investigatation). Looks like Play No Evil would be a good RSS add, if you want to keep track of game security issues.
While compiling my monthly newsletter, I came across a very interesting commentary on South Korea's ID system. Apparently the system is so badly compromised that not only are 30% of the known false IDs acquired from South Korea's own Dept of Commerce sites, but in addition opposition party members have been able to acquire the IDs and track the supposed surfing habits of the President and Prime Minster themselves!!!
Needless to say, someone else beat them to it, and has been happily using the IDs of these two men to access all sorts of porn sites, subscribe to MMORPGs (probably for gold farming), etc., etc.
A very amusing article hitting just the tip of this iceberg was reported by Reuters a few days ago. Personally, I just enjoyed the irony:
ID theft strikes South Korean leaders
http://www.iht.com/articles/2006/06/28/news/roh.php
Posted by: Arnold Hendrick | Jul 04, 2006 at 16:00
Greg>On the day that Yanks celebrate our independence from England
Weren't we the UK by then?
Richard
Posted by: Richard Bartle | Jul 05, 2006 at 03:07
I think you were "Great Britain" by then -- I think you became the UK per se around the end of the 18th century. But I'll defer to anyone who, unlike me, got a B or better in high school history.
If you Google it, the popular vote seems to be that we declared independence "from England." See, e.g.
http://usinfo.state.gov/usa/holidays/july4/bloom.htm
Far be it from me to question the wisdom of the mobs. ;-)
Posted by: greglas | Jul 05, 2006 at 08:59
There are a couple of different cases going on here. First, there was a huge identity theft ring whose purpose (at least partially) was to target Lineage for gold farmers.
See and here.
Basicaly, the identities were stolen to create free Lineage accounts (I speculated that these were mule accounts for real gold farmers as the accounts were only valid for a short period of time).
This occurred in late 2005 and was revealed earlier this year.
Then, there was a case where an unprotected server allowed the download of a bunch of folks user name / passwords. Back in late April. This was the one with the $500 fines.
One could note with some humor, unless you work for NCSoft, is that the company spends about $10 Million per year for security, so the bad guys are ahead if this group alone was bringing in $15 Million.
And they have "150 game masters monitoring for bots around the clock."
A lot of web sites in Korea have been using their national ID (like a US Social Security Number) for authentication. The government is stepping in to move away from this due to this widespread fraud problem. Which, also interestingly, is the opposite of what China is doing - moving to using their national ID for authentication.
Posted by: Steven Davis | Jul 05, 2006 at 09:20
Steven -- thanks a bunch -- will update the OP.
Posted by: greglas | Jul 05, 2006 at 09:59
Greg -- Re England, the mob ain't so smart. You're right about Great Britain (http://en.wikipedia.org/wiki/Britain) -- as a Scot I have to declare an interest in England being extended to GB (small matter of an Act of Union in 1707), otherwise it's a form of historical identity-theft -- esp. as there were Scots in both Patriot & Loyalist forces...
Posted by: Paul Maharg | Jul 07, 2006 at 12:31
Good Lord, I don't want to commit identity theft against the Scots -- you'll all go Braveheart on me -- and I'm an Andy Stewart fan besides.
I guess I really underestimated the continuing zeal for accuracy about who we all became independent from a couple centuries ago -- here in the U.S., to be perfectly honest, we never mention you all -- we just wave a lot of flags and shoot off fireworks. ;-)
Anyway -- I fixed it, I fixed it...
Posted by: | Jul 07, 2006 at 17:10
That was me, and let me further add that I'm actually kind of in love with Scotland -- always trying to figure out a way to justify trips there. And, in addition to being an Andy Stewart fan, I think I've memorized every episode of Monarch of the Glen. So yes, Great Britain it is.
Posted by: greglas | Jul 08, 2006 at 08:02
"Which, also interestingly, is the opposite of what China is doing - moving to using their national ID for authentication."
But Chinese SSNs are like... 20+ digits. Thats security in itself!
Posted by: damijin | Jul 10, 2006 at 22:13
Good post. If you want, you can check out my site for Lineage 2 Cheats, Dupes, Exploits and Hacks http://www.exploitsrus.com/l2.html
For Lineage 2 Cheats, Dupes, Exploits, and Hacks, click here.
Posted by: swgblogger | Jan 15, 2007 at 13:33
i didnt know the chinese had social security.
Posted by: Lineage 2 Cheats | Feb 21, 2007 at 23:46