forums.rs

Forums

Hacked how to secure account

Quick find code: 408-409-127-66284684

Satilmalardx

Satilmalardx

Posts: 6 Bronze Posts by user Forum Profile RuneMetrics Profile
Hello , i will try to be brief as im sure you guys heard this story a million times. I got my 10-12 yr old account hacked very recently , it was due a malicious external plugin in runelite. It has been such an unpleasant experience as it would normally be ; I lost close to 4b of gold in the process.

Quite frankly , non of the lost gold matters and i know i should have been more carefull, but you only learn from your mistakes. However , this account is very valueable to me , and i have weird emotional attachment because it is literally virtual embodiment of my childhood.

Anyway to cut the drama short here is what i seek your advice in

My account was protected with the following :
* Regular unique password.
* 2FA used via app code on mobile
* communication email on account is 2FA protected
* attached email to jagex account id that has two factor authinticated linked to an icloud account only for recovery puposes that is also 2FA authenticated
* in game bank pin - requires entry after 5mins

After installation of thr plugin the following sequence happend

Incident 1 : the first time the exploiter forced a client crash indirectly and without awareness by me at the time, which prompted me to enter the in-bank client pin.After that I believe when he was sure i entered it again; he issued another attack to cause my runelite to crash. This time he wiped my bank. I loged backed back again to find out.

Incident 2: i wiped my pc changed every email associated with the account, disabled/enabled 2FA and created new emails with 2FA enabled as well ( all changes were made in a different device and network). Loged out that day only to find out he cleared around 50m that i moved from my ult to fresh start again - this time he had no acess to my bank pin.

——————

My question is how can he bypass all of this security? And what else i could do to secure my account . Please read the next thread where i explain some of my findings. Rs player for 15 yrs

04-Aug-2023 18:29:37

Satilmalardx

Satilmalardx

Posts: 6 Bronze Posts by user Forum Profile RuneMetrics Profile
What i figured out is the folowing. There has to be a way for him to extend my session. Such that he does not have to enter any authentications. And i actually was able to replicate it but i would like a second opinion on it.

Jagex launcher has to pass some information about credentials to runelite in order to authenticate logs. That file is extractable by using some config changes . The file has the following attributes

JX_CHARACTER_ID
JX_SESSION_ID
JX_REFRESH_TOKEN
JX_DISPLAY_NAME
JX_ACCESS_TOKKEN

I tried changing display name, and ending all sessions from jagex account setting webportal and this file was still able to be used by runelite to access my account (on a different machine)

Any advice how can i handle this siutation ? How long this active session remain active ? Why cant i simply just end it from the portsl? Rs player for 15 yrs

04-Aug-2023 18:38:55

Malua
May Member 2006

Malua

Posts: 43,113 Sapphire Posts by user Forum Profile RuneMetrics Profile
Hi there
Satilmalardx


If there has been a second hijack event, you should check the 'Linked Accounts' tab in account management. Unlink any accounts you see linked. Click on 'Manage Steam' to check for a linked Steam account.
If the hijacker has set up a linked account, they can get back door login access, bypassing your security setup.

The 'End All Sessions' button only works effectively if the account has been upgraded to a Jagex Account.
Forum Community Helper -
Information about Moderators and Community Helpers

04-Aug-2023 22:48:02

Satilmalardx

Satilmalardx

Posts: 6 Bronze Posts by user Forum Profile RuneMetrics Profile
hi malua,
thank you for your inputs.

there are no connected accounts on mine, and i do not believe the hacker has access to my jagex account portal online as its quite secure with 2FA for any instance of logging in.

i have carried out a couple of experiments. the end all sessions does not work for characters. it works for the global jagex account. using this credentials.properties file i accessed my account on another computer via run-elite directly... with out a need for 1) username entry 2) password entry 3) 2FA 4) no alerts on my email that my account got accessed.

i can never trust my account not being accessed with our getting clarity how to actually terminate a session ... Rs player for 15 yrs

04-Aug-2023 22:59:47

2_Tron

2_Tron

Posts: 23,025 Opal Posts by user Forum Profile RuneMetrics Profile
@Satilmalardx,

... here's what I have to say.

The way you are talking about the state of your account(s), security wise, is quite irresponsible to a point that whomever have 'tried to hack/hijack' you has now a better understanding of your defences and how you react to any intrusion.
Fiddling with the software is also strongly discouraged by me as you could damage your trust more than you can think of.


Your question of '
how can he bypass all of this security?
' ... you gave this possible 'hacker/hijacker' a lot of intel that could be pretty useful.

Solving security issues is at best done '
only in connection with Jagex/JMods
' and even than Jagex/JMods share only the necessary details to solve your problem.

What you are doing here is pretty ridiculous.

'
Only use software that is created/suggested by Jagex/JMods only
' and for certain '
do not add/plugin other pieces of software that aren't approved/suggested
' by Jagex/JMods.

You have created your own downfal by
using software you shoudn't be using in the first place and discussions/debates about how someone is able to hack/hijack you, in these forums, is still prohibited by all means.

05-Aug-2023 10:06:25

Satilmalardx

Satilmalardx

Posts: 6 Bronze Posts by user Forum Profile RuneMetrics Profile
Hello tron,

Thank you for taking the time to read this. Here are a couple of my thoughts on what you have mentioned. My post is made specifically for the purpose of getting feedback on how i could secure my account there is no other motive driving me to post here nor experiment with how it could have been done other than that.

This is the first time in my lifetime i have ever experienced anything like this, so naturally i would aim to seek for answers. Im sorry, but your words “ you playing with the software discredit you” or “what you are doing here is ridiculous” are quite invoking…. what do you actually mean? What is so ridiculous about making a mistake and seeking for help?

“ you created your own downfall” , you know you use alot of buzzy lines that has actually no value to anybody reading this nor to me. I’m not blaming anyone here and i have stated originally in my msg that i should have been more careful and it was a lesson learned . i repeat i have never experienced anything like this before thats why im posting here in the hopes maybe somebody could help out , if not then its another option of mine exhausted.

This instance has been quite a stressful and emotional for me as a person. so if your words will not help then why would you share them.


Thank you. Rs player for 15 yrs

05-Aug-2023 11:23:52

2_Tron

2_Tron

Posts: 23,025 Opal Posts by user Forum Profile RuneMetrics Profile
@Satilmalardx, 2 pages in '
Jagex's Support Centre
' that are truly important to you are ...

Security tips ... <- (link)
The second one is equally important to have read ...
Safety tips ... <- (link)
Original message details are unavailable.
...'
Only use software that is created/suggested by Jagex/JMods only
' and for certain '
do not add/plugin other pieces of software that aren't approved/suggested
' by Jagex/JMods...

Original message details are unavailable.
... I got my 10-12 yr old account hacked very recently , it was due a malicious external plugin in runelite...
This was your downfal and finding out what it did, how it intruded your system, you can ask a computer security expert if the file(s) still exists on your computer. They can look at its content.

Here in these forums nothing else can be done other than warn all players to not use other software, Jagex/JMods have created/suggested, as such software can be malicious software and if you do not have enough knowledge, do not add it to any program/computer to prevent from experiencing issues you just have experienced.

05-Aug-2023 12:07:55

2_Tron

2_Tron

Posts: 23,025 Opal Posts by user Forum Profile RuneMetrics Profile
To add, hackers/hijackers gained access to your system(s) but you do not how far/deep they got access.

Telling about how your computer/accounts are secured, in your OP, you might give them more details where to look for and how to go around the next time they decide to pay your computer another visit.

05-Aug-2023 12:12:30

Satilmalardx

Satilmalardx

Posts: 6 Bronze Posts by user Forum Profile RuneMetrics Profile
hi tron,

thanks again for going through my comments. let me rephrase my questions so that anybody reading this thread will not get confused by the details about the case it self ; rather focus on the ask.... i tried to give context to my post so that it becomes clear when i reach to the questions/ asks. However let me restate it again , if its not the place to ask then hey i tried.

Also thank you for sharing the links, i truly appreciate it but i have gone through the articles couple of times before and i followed the best practices suggested already, twice.

what i'm trying to ask is :
The session cookie/ ID for characters under the jagex account are not terminated by using the "End all sessions" option on jagex account web portal controls. how can i reboot those tokens so that my account is secure.

thank you, Rs player for 15 yrs

05-Aug-2023 12:34:22

Quick find code: 408-409-127-66284684 Back to Top