food for thought on JAG

[Gogetaa]

This "JAG" affects everyone that browses this part of the forum, and as a community i think we need to share some ideas on how to overcome it safely, jagex stated that hacking runescape accounts is an unlawful offence and they will work with the police to find anyone taking part in it.

i'd hate for anyone on here to get in trouble with the police, so i thought id make this thread.
​

so what do we know about it already ?​

​

• recovery questions cannot be changed once set
  ~this is good as it now means once you have the info your in.
• only 3 tries are permitted every 24 hours, after which the account is locked for 24 hours to all non-permanent access.
  ~If you have a victim ratted, just try to get in 3 times, lock their account and they will have to enter the information, then you have access to the account.
• Jagex's official response to these two concerns is to remind players to choose security questions they will not forget, and to keep their login details secure.
  ~All jagex are doing to combat it is advising common sense, and judging on past sucess, scapers dont have alot of that.

With all of these things in mind, i dont think hacking is dead.

its certainly a little harder, and you will have to cover your tracks some more, sell the gold quickly etc.

However, i'm sure there are things i've missed that are concerning others, so please for the benefit of the community, share what you know.

 

[madcow344]

i like this !

hacking is not dead but phissing is dead now right ??

 

[Gogetaa]

i like this !

hacking is not dead but phissing is dead now right ??

Not if you could social engineer someone to your phisher site which would gather all of the required info.

but your unlikely to have people fall for a phisher like that through emailing.

i'm thinking of building a phisher to do this, follow me to get the release

 

[Deathcrow]

[*]only 3 tries are permitted every 24 hours, after which the account is locked for 24 hours to all non-permanent access.
~If you have a victim ratted, just try to get in 3 times, lock their account and they will have to enter the information, then you have access to the account.

This isn't always true. For example, if someone RATed me on this computer (the only computer I use for Runescape). Then they still wouldn't get that information upon locking out all NON-permanent access. This is because obviously since this is the only computer I use for Runescape, it is going to be my permanent access computer. Which means I won't be needing to enter any information.

Also, for what you said to work you would need to have RATed the person's non-permanent access computer (or even tablet) and a person can have more than one of these. So if a person went ahead and added every computer they use for Runescape to their permanent access list, then this wouldn't work at all.

 

[Gogetaa]

[*]only 3 tries are permitted every 24 hours, after which the account is locked for 24 hours to all non-permanent access.
~If you have a victim ratted, just try to get in 3 times, lock their account and they will have to enter the information, then you have access to the account.

This isn't always true. For example, if someone RATed me on this computer (the only computer I use for Runescape). Then they still wouldn't get that information upon locking out all NON-permanent access. This is because obviously since this is the only computer I use for Runescape, it is going to be my permanent access computer. Which means I won't be needing to enter any information.

Also, for what you said to work you would need to have RATed the person's non-permanent access computer (or even tablet) and a person can have more than one of these. So if a person went ahead and added every computer they use for Runescape to their permanent access list, then this wouldn't work at all.

yeah hadn't thought of that. I'm just speculating here, anything you can think of around this problem?

I want this thread to overcome the jag system between us all, im sure we can do it.

 

[tu y tu mama]

Really nice thread OP.
This is something everyone has to have in mind, and thanks for the thing about 3 tries, I'll try it when I come over an account with JAG.

 

[Adam]

If you have 2 way verification on your email you are impossible to hack. Simple as that.

 

[Gogetaa]

If you have 2 way verification on your email you are impossible to hack. Simple as that.

I think we are all just going to have to step our hacking up a notch.

I don't mean to be condesending In any way, however, surely if you have access to thier email it would overcome the problem (i think) you where stating.

Correct me if im wrong

 

[Deathcrow]

If you have 2 way verification on your email you are impossible to hack. Simple as that.

Yea, I added the extra email to my account as well. But I'm pretty sure you can still get hacked....just makes it harder.

 

[Adam]

If you have 2 way verification on your email you are impossible to hack. Simple as that.

I think we are all just going to have to step our hacking up a notch.

I don't mean to be condesending In any way, however, surely if you have access to thier email it would overcome the problem (i think) you where stating.

Correct me if im wrong

Impossible to access the email with 2 way verification. If my email is logged onto from an unknown computer it sends a text message to my phone to confirm it.

 

[Deathcrow]

If you have 2 way verification on your email you are impossible to hack. Simple as that.

I think we are all just going to have to step our hacking up a notch.

I don't mean to be condesending In any way, however, surely if you have access to thier email it would overcome the problem (i think) you where stating.

Correct me if im wrong

Impossible to access the email with 2 way verification. If my email is logged onto from an unknown computer it sends a text message to my phone to confirm it.

So it doesn't let you access the email until confirmed or it just let's you know?

Also, time to hack smartphones....

 

[Gogetaa]

This thread was to overcome issues, not cause any conflicts.

Surely not all emails require mobile cofirmation? I've been on a few peoples gmails and yahoo mails...

Smartphone hacking is a little illabirate for hacking rs accs haha

 

[tu y tu mama]

This thread was to overcome issues, not cause any conflicts.

Surely not all emails require mobile cofirmation? I've been on a few peoples gmails and yahoo mails...

Smartphone hacking is a little illabirate for hacking rs accs haha

Not at all. You see all 10 years old now with iPhones and S3s.

 

[Knife]

Fuck the police, I do what I want.

 

[Deathcrow]

This thread was to overcome issues, not cause any conflicts.

Surely not all emails require mobile cofirmation? I've been on a few peoples gmails and yahoo mails...

Smartphone hacking is a little illabirate for hacking rs accs haha

Where is the conflict? Just people talking about what they know and asking questions to learn more. All in the name of overcoming JAG!

 

[madcow344]

just an authenticater like wow it's then 100% that you want get hacked ... only when they steal your authenticater or your phone :3

 

[Deathcrow]

just an authenticater like wow it's then 100% that you want get hacked ... only when they steal your authenticater or your phone :3

Yea, Blizzard has the same thing for Diablo 3. And they also have an option to buy a separate authenticator that can connect to your key chain (I think). That would be even safer because it wouldn't have anything to do with your computer or phone.

 

[madcow344]

just an authenticater like wow it's then 100% that you want get hacked ... only when they steal your authenticater or your phone :3

Yea, Blizzard has the same thing for Diablo 3. And they also have an option to buy a separate authenticator that can connect to your key chain (I think). That would be even safer because it wouldn't have anything to do with your computer or phone.

You can download an app an your smartphone or use one an a chain thing:-3
You can't get that you need to download for your pc.
But an few years afo an few ppl know an way to detect witch code you get but that was an long time ago and i think that not pasible now

 

[Zetryio]

> Low Level App - > Man in middle on info. When you try to login you get text. The hacker has the 1 minute or what not to get what you sent and he can log in. Your session will be frozen.

 

[Adam]

I think we are all just going to have to step our hacking up a notch.

I don't mean to be condesending In any way, however, surely if you have access to thier email it would overcome the problem (i think) you where stating.

Correct me if im wrong

Impossible to access the email with 2 way verification. If my email is logged onto from an unknown computer it sends a text message to my phone to confirm it.

So it doesn't let you access the email until confirmed or it just let's you know?

Also, time to hack smartphones....

It doesn't allow access until I confirm it.