Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Any recent hacked accounts from Southperry users?
This is a good presumption. Except I would like to add that from the 'general feel' on the execution of the hackings.

It would be reasonable to say one would directly target the rich first, then the middle and so forth. I'm not saying such an attempt hasn't been tried, it might be used in conjunction on a smaller scale if success isn't imminent. The one that proves good result will probably be the more direct approach of generating hashes in order and compare each to the list of hashes of the database (if that's what the hacker is working with). The will explain the random targeting, rather than say alphatically order in terms of Nexon ID, or the chronological age of the account. (Which I assume is how the database is expanded, via account # index). From what I've read and gathered, doing reverse lookup for the entire list may seem reasonable at first for such a big target, you're bound to find a few matches of those that use weak passwords, and thus possibly stored somewhere in the vast sea of the internet, and the process isn't that intensive either since you're working with a finite list of accounts. Call it round 1.

Call 2 will be the ongoing generation of hashes that will compare to the database until one matches, hence the suggestion of daily random reported hackings. All of this is my personal take on the issue and should not be weighted seriously in any way. But one thing I suggest is using a really secure password to protect yourself right now. I believe Nexon allows up to 10 characters, so use 10 characters. 'Norma'l humans will probably go about generating hashes from smallest to largest bits from the root word. But backed by psychology, hackers may see through that and start with 10-letter passwords first since they believe the intellectual ones will fall in that category. So to compensate, you can try making all your password 9-character long. Of course, there is a lot of unsaid assumptions going on, such as uniformally distributed password in each subset of password-length, which itself is also uniformally distributed. If there are equal numbers of users whose password are of 4-10 letter length, starting with 4-letter combinations will yield you more chance per hit.

Again, I have no proof in regards to what's exactly happening. But given a reasonable scenario, this is what I can suggest in delaying the hacking. Cryptography is never 100% safe, but the time and resources to crack may not be worth to crack it in the end. The function is not 1-1 in most cases, meaning the hashes in this case do not necessary correspond to a unique password, so there's no easy way to work backwards and that's the basis of crytography. Without the given (starting point reference), traceback step by step is difficult and in cases impossible. There's also a small chance that a hash in MD5 can correspond to more than 1 root word. That is to say, more than 1 password may associate to the same hash so in an unlikely event that there's a 'simpler' version of your password and it's easily 'crackable', then you're doomed. (This is very rare collision, but it happens.)

Sorry for the long spew, just wanting to share what I've learned and provide answers to others who don't quite understand the mechanism behind crytography. I'm by no mean at expert nor have experience in cryptography except for basic RSA scheme and implementation of simple models. If this is what causing the hacking though, I do not blame Nexon, even though they can easily add in extra parameter such as salts if they haven't been using it already. With the advance of technology, it is a matter of time before transformation functions are broken, or even through a table of finite possibilities and outcomes. It is ironic that the infeasibility of cracking is what keeps us safe, yet as the day passes, technology allows more tedious task to be taken upon which renders infeasibility next to nothingness.
Reply


Messages In This Thread
Any recent hacked accounts from Southperry users? - by Jellyflower - 2010-01-16, 09:30 PM
Any recent hacked accounts from Southperry users? - by BDRyan - 2010-01-18, 01:09 AM

Forum Jump:


Users browsing this thread: 2 Guest(s)