• Hail Guest!
    We're looking for Community Content Contribuitors to Stratics. If you would like to write articles, fan fiction, do guild or shard event recaps, it's simple. Find out how in this thread: Community Contributions
  • Greetings Guest, Having Login Issues? Check this thread!
  • Hail Guest!,
    Please take a moment to read this post reminding you all of the importance of Account Security.
  • Hail Guest!
    Please read the new announcement concerning the upcoming addition to Stratics. You can find the announcement Here!

Players Criminally Charged For Stealing In-Game Items And Gold

Lorddog

Crazed Zealot
Stratics Veteran
Stratics Legend
Not long ago Blizzard Entertainment brought down the ban hammer on thousands of their ‘World of Warcraft’ players for using bots, so it isn’t surprising to hear that the company is very much against cheating. But sometimes banning players isn’t enough – Fusion reported in an article the details about two men who plead guilty last year on charges of robbing ‘Diablo III’ players of their valuable in-game goods back in 2012, and how subsequently the pair were prosecuted with real life criminal charges for their virtual crimes.

Back in the summer of 2012, Patrick Nepomuceno of California and Michael Stinger of Maryland worked together to steal armor, weapons, and gold from other players to be, at the time, sold for real money via the ‘Diablo III’ Auction House, which has since been shut down. Court documents claim that the pair stole $8,000 worth of items and gold.

Here’s how they did it: Nepomuceno bought a RAT, a ‘remote access tool’ which can take over computers remotely. Nepomuceno would send players a link to a photo claiming to be a rare item, which would download the RAT into their computers if players clicked on it. Once the RAT was downloaded Nepomuceno would take over their characters and force them to drop all of their gold, armor, and weapons, so Stinger could run in and collect the goods. They did this for 2-3 months in the summer of 2012.

Stinger claims that he originally didn’t know how Nepomuceno was able to do this and assumed he was taking advantage of a glitch, but once he was aware that Nepomuceno was using a RAT he stopped. Stinger explained: “I didn’t really care, lol. I was getting free stuff. I was not driven for the money. I simply wanted to get better gear for my character: good weapons and armor.” Nepomuceno declined to be interviewed.

Just a few months later, on December 10th 2012, Stinger says that FBI agents stormed into his house and seized his computer equipment, accusing him of felony level crimes.

Besides the initial shock of the ‘muggings,’ in the end the experience wasn’t too bad for the victims (which the court documents claim was anywhere between 20-30 players) who were simply given back their lost items and gold by Blizzard. “Blizzard gave the victims the goods back,” said Tracy Wilkison, the federal prosecutor. “That made the loss calculation difficult because the victims were reimbursed. So instead we calculated the [perpetrators’] gain.”

Because the total of goods stolen is over $8,000 the crime is considered a felony, but Stinger claims that he was banned before he could sell any of the items and made nothing off of his crimes. Still, Stinger and Nepomuceno pled guilty to a misdemeanor for “unauthorized impairment of a protected computer.”

One of the main issues with the crime was the very use of the RAT. “Most people use it to steal passwords and bank accounts, but these guys were going after video game goods,” Wilkison said. Even if in the end it was just used to take virtual, easily replaceable items, the very use of the RAT was dangerous alone.

Both men were given probation (three years for Stinger, two for Nepomuceno) and have to reimburse Blizzard for the money spent investigating the case, which totals to $5,654.61. Stinger claims to be paying Blizzard back in installments of $100 per month.
 

Merus

Crazed Zealot
Stratics Veteran
Stratics Legend
UNLEASHED
I've always been of the opinion that unauthorized access to someone's account should be a misdemeanor. If that access was gained by the use of malicious code (rather than having them voluntarily given you the info at some point) it should bump it up to a felony... Regardless of whether there is any "value" to the virtual items. EA technically owes all items in UO, but I pay for my account. Accessing it without my knowledge or permission should be a crime.
 

Jirel of Joiry

Certifiable
Stratics Veteran
Stratics Legend
YES! I'm glad to see this, its too bad EA is/was too freakin lazy to try to get account hackings prosecuted as crimes. I think its safe to say we've all known someone that's been hacked. A former real life friend of mine had a poed ex-roommate access her UO accounts, dry loot them, and EA wouldn't do crap.
Not even when she had proof this same person attempted to access her credit card and bank accounts. The only way she got anything done was the ex-roommate's father contacted her after the ex-roommate was hospitalize for a mental illness. the father made everything right.

I'm happy to see the law catching up. I'd love to see cyber-bullying/harassment, and accounting hacking become things of the past now that both are being prosecuted as crimes.
 

Merlin

The Enchanter
Moderator
Professional
Governor
Supporter
Stratics Veteran
UNLEASHED
Campaign Patron
Accessing it without my knowledge or permission should be a crime.
What responsibility does the victim have for having installed malware on their computer? Afraid to say that there's a big gray area here. Simply accessing an account is NOT a crime. Sorry.

EA wouldn't do crap.
And what did you expect them to do? Revert the whole shard for one person? Make all the stuff lost magically appear back in their bag/bank box? EA aren't prosecutors. It's not their job to get involved, nor should it be. Outside of account management (i.e., getting password reset, etc.), EA doesn't really owe you any particular service here.

If there are CC issues/hacking, its YOUR job to 1) call CC company immediately and place hold on card and 2) contact the police.
 

Merus

Crazed Zealot
Stratics Veteran
Stratics Legend
UNLEASHED
What responsibility does the victim have for having installed malware on their computer? Afraid to say that there's a big gray area here. Simply accessing an account is NOT a crime. Sorry.



And what did you expect them to do? Revert the whole shard for one person? Make all the stuff lost magically appear back in their bag/bank box? EA aren't prosecutors. It's not their job to get involved, nor should it be. Outside of account management (i.e., getting password reset, etc.), EA doesn't really owe you any particular service here.

If there are CC issues/hacking, its YOUR job to 1) call CC company immediately and place hold on card and 2) contact the police.
The victim has no responsibility. And yes, accessing it without permission should be a crime. If you forget to lock the door to your house and a burglar comes in it is still against the law.
 

Merlin

The Enchanter
Moderator
Professional
Governor
Supporter
Stratics Veteran
UNLEASHED
Campaign Patron
The victim has no responsibility. And yes, accessing it without permission should be a crime. If you forget to lock the door to your house and a burglar comes in it is still against the law.
This is a video game, not your house. And simply accessing an account, without stealing anything, is not a crime.

And yes, the victim bears some responsibility for their own negligence.
 

Jirel of Joiry

Certifiable
Stratics Veteran
Stratics Legend
What responsibility does the victim have for having installed malware on their computer? Afraid to say that there's a big gray area here. Simply accessing an account is NOT a crime. Sorry.



And what did you expect them to do? Revert the whole shard for one person? Make all the stuff lost magically appear back in their bag/bank box? EA aren't prosecutors. It's not their job to get involved, nor should it be. Outside of account management (i.e., getting password reset, etc.), EA doesn't really owe you any particular service here.

If there are CC issues/hacking, its YOUR job to 1) call CC company immediately and place hold on card and 2) contact the police.

It wasn't ME. Perhaps you could try reading THE WHOLE post before jumping on me? Oh, I'm sorry I guess Hooked On Phonics didn't work for you.

All EA had to do was retrieve the items from the former roommate's account cause she was so dippy she stole PBD blessed items. The Ex-roommate got the credit card info from the UO accts. This was under the OLD ACCT mgmt system where you could see the whole CC number.

If you'd read the WHOLE post you'd also seen where I said the ex-roommate's father made everything right. After the ex-roommate was hospitalized for mental illness her father was made her legal guardian and he cleaned up the ex- roommate's mess.

Merlin apparently the only exercise you get is running people down, shooting off your mouth, and jumping to conclusions.
 
Last edited:

Merus

Crazed Zealot
Stratics Veteran
Stratics Legend
UNLEASHED
This is a video game, not your house. And simply accessing an account, without stealing anything, is not a crime.

And yes, the victim bears some responsibility for their own negligence.
What makes a virtual account that you pay for any less "real" than anything else you buy? How is renting a virtual account with Broadsword any different than renting a storage unit? Breaking into a storage unit, even if you take nothing is against the law.

Unfortunately for a long time too many people have thought the way you do. But that is changing. As more and more people enter virtual space, they are catching on... The law is just slow to catch up.
 

Merlin

The Enchanter
Moderator
Professional
Governor
Supporter
Stratics Veteran
UNLEASHED
Campaign Patron
It wasn't ME. Perhaps you could try reading THE WHOLE post before jumping on me? Oh, I'm sorry I guess Hooked On Phonics didn't work for you.

All EA had to do was retrieve the items from the former roommate's account cause she was so dippy she stole PBD blessed items. The Ex-roommate got the credit card info from the UO accts. This was under the OLD ACCT mgmt system where you could see the whole CC number.

If you'd read the WHOLE post you'd also seen where I said the ex-roommate's father made everything right. After the ex-roommate was hospitalized for mental illness her father was made her legal guardian and he cleaned up the ex- roommate's mess.

Merlin apparently the only exercise you get is running your mouth, and jumping to conclusions.
Actually, I did read the whole thing and was aware it wasn't you. That doesn't mean my questions weren't relevant. If you took it personal and felt I was 'jumping on you', then you took it the wrong way. Maybe you're the one that requires phonics, because there was nothing wrong with my post. Don't get your panties in a wad. It seems to me that unable to answer my inquiries, you have to resort to personal insults... something I did not do in my previous posts. DERP
 

Jirel of Joiry

Certifiable
Stratics Veteran
Stratics Legend
Actually, I did read the whole thing and was aware it wasn't you. That doesn't mean my questions weren't relevant. If you took it personal and felt I was 'jumping on you', then you took it the wrong way. Maybe you're the one that requires phonics, because there was nothing wrong with my post. Don't get your panties in a wad. It seems to me that unable to answer my inquiries, you have to resort to personal insults... something I did not do in my previous posts. DERP
Oh Really?????

And what did you expect them to do? Revert the whole shard for one person? Make all the stuff lost magically appear back in their bag/bank box? EA aren't prosecutors. It's not their job to get involved, nor should it be. Outside of account management (i.e., getting password reset, etc.), EA doesn't really owe you any particular service here.
Okay boy-o there were three roommates, and "Princess Poed" accessed and DRY LOOTED the other two's main accounts. YES, EA is responsible because under the old account management system you could see the WHOLE credit card number, EA was too lazy to implement the coding to block all but last four digits. This happen in 2005. My Amex and bank both had it to were only the last four digits were visible back then. So I would say that EA was lazy, cheap and stupid. That is also probably the reason they didn't want law enforcement involved, because under California Law they would have been held responsible for her gaining access to their CCs.

If there are CC issues/hacking, its YOUR job to 1) call CC company immediately and place hold on card and 2) contact the police.
You mean THEIR and yes they did. I didn't know you wanted and entire BLOW by BLOW. Its kinda of a given that if someone gets all up in you financial business, and they have no business in there you call the financial institution and the cops. However the ex-roommate had been hospitalize. Since she had a recognized mental illness it would have been impossible to prosecute. It's called "not guilty by reason of mental disease or defect." That's why the ex-roommate's father as her legal court appointed guardian made things right with the other two. Even the cops agreed this was the best route given the circumstances of the situation.

Don't get your panties in a wad.
I really don't think the state of my panties are any concern of yours. LOL
 

Goldberg-Chessy

Crazed Zealot
Stratics Veteran
Stratics Legend
YES! I'm glad to see this, its too bad EA is/was too freakin lazy to try to get account hackings prosecuted as crimes. I think its safe to say we've all known someone that's been hacked. A former real life friend of mine had a poed ex-roommate access her UO accounts, dry loot them, and EA wouldn't do crap.
Not even when she had proof this same person attempted to access her credit card and bank accounts. The only way she got anything done was the ex-roommate's father contacted her after the ex-roommate was hospitalize for a mental illness. the father made everything right.

I'm happy to see the law catching up. I'd love to see cyber-bullying/harassment, and accounting hacking become things of the past now that both are being prosecuted as crimes.
A former real life friend with an ex-roommate with a mental illness.

What an interesting start to a story posted on the internet lol. If this story came from anyone else I wouldn't believe it ;)
 

Kirthag

Former Stratics Publisher
Alumni
Stratics Veteran
Stratics Legend
Campaign Benefactor
If I were to go and lease furniture, then someone comes into my home and steals it, yes, that would be instantly pushed to legal action and the thieves would be caught and prosecuted. Although I didn't technically own the furniture, I could still get restitution.

Is basically the same thing with online accounts. I am leasing time in a virtual reality hosted on someone's server and if another someone steals that account, then yes, I can call the cyber crime unit of the Honolulu Police Department and they would be all over it. Of course, I'd probably not get my account back (for it is then considered evidence) for a while and of course, the HPD would have to work with the FBI (for it is a crime crossing state lines) as well as whatever other task force involved with cyber crime AND the virtual reality owner's security ppl would get involved. I'd probably not see "my" account for a few months, at the very least, seeing how things go with the HPD here.

It happened to a friend of mine - someone hacked his computer, took his Blizzard account. He called HPD cyber crime hotline. Took him 8 months to get is account back. Meantime, everything was taken from all his WoW toons, and his guilds (3 of them) were also ripped off and drained. His Diablo toons were deleted - which if you play seasonals is a major thing - all the gear probably mailed off to someone for resale.
Somehow, the Blizzard ppl replaced everything to his accounts (including all the mats and stuff stolen from the guilds AND his Diablo toons). One of the WoW guilds I was in with him as bank officer - it took me 4 weeks of working with him to get everything reorganized in the guild bank. Overall - took almost 10 months to get it all worked out again.

Did they catch the hacker? Dunno - investigation is "still pending" from what he says, which probably means no. But he was told that he wasn't the only victim and the hack came over wifi somewhere. Since then, he will not use any public wifi for anything. He uses his own portable hot spot (which is locked down) he pays for on his Sprint account, and removed wifi from his home network (much to the dismay of his kids). He asked me to completely hard-wire his home, which I did - 2 drops in each room, 4 in his den. He shelled out plenty to secure his home LAN - smart TV, computers, printers, etc. Honestly, if more ppl would secure their wifi, there might be less temptation for stuff like this.

I caught some kids doing "drive-by hacks" in my neighborhood, called HPD - they got the kids real quick and I had to ID them and turn in a report thingy. How did I catch them? Well, being kids, they talk loud and bragged at the local park. One kid said he jumped a LAN where 4 people were all playing Diablo and he was planning to hack their Blizzard accounts.

The point is, secure your wifi ppl.
 

Angel of Sonoma

Certifiable
Stratics Veteran
Stratics Legend
UNLEASHED
Campaign Supporter
interesting thread. law enforcement is so behind when it comes to cyber crimes.

a neighbor fell for the "shipping agent" scam while selling a tanning bed. she was sent a forged certified check and asked to western union $2000 to someone in nyc. she complied and got scammed, but authorities were never able to find the culprit.

then there's all the IRS scams. why can't the police track these?
 

james64468

Journeyman
Stratics Veteran
Stratics Legend
At the end of the day I believe that code developers and Admins of the servers for games are responsible for their bad code. They should always fix their code. Keep the server updated on security. Some may disagree with me on that but I believe that steps could be taken to prevent stuff like that from happening.
Players shouldn't cheat. Stealing is wrong. It does cost the company a lot money. One reason Toontown online closed was because of people stealing memberships.
Blizzard gets F on security. I once got a account stolen on Blizzard game and because I didn't sign up with credit card at the time. I will never get the account back. The other problem is that they allow private servers in the mix. Even with their security thing added.
 

Jirel of Joiry

Certifiable
Stratics Veteran
Stratics Legend
interesting thread. law enforcement is so behind when it comes to cyber crimes.

a neighbor fell for the "shipping agent" scam while selling a tanning bed. she was sent a forged certified check and asked to western union $2000 to someone in nyc. she complied and got scammed, but authorities were never able to find the culprit.

then there's all the IRS scams. why can't the police track these?
I don't know. Heck our federal government can't even secure the IRS, 5 members of RSU faculty were victims of fraudulent tax returns. Apparently the criminal scum file tax returns in your name and collects the money. The University sent out emails to everyone. According to campus scuttle apparently the police could only take a report and the IRS was doing the investigating. I can't help but wonder if the fraudsters used the free online Turbo Tax. I read an article where this woman filed a fraudulent tax return for 3 million dollars using Turbo Tax and received $2.1 million refund on a debit card. You can read the rest here : http://abcnews.go.com/Business/oreg...udulent-tax/story?id=16548378&singlePage=true

These scumbags tried to defraud the state of Georgia for 99 million and 94 million dollars.
http://www.wsbtv.com/videos/news/woman-accused-in-94-million-tax-fraud-scheme/vCtWnC/

Our laws needs catch up with technology and they needed to do it yesterday.
 

Loren

Seasoned Veteran
Stratics Veteran
The victim has no responsibility. And yes, accessing it without permission should be a crime. If you forget to lock the door to your house and a burglar comes in it is still against the law.
I think the issue is what a business entity has to do according to law, vs what we want them to do, and again all vs what actually happens in court vs the law. I see both sides. I tend to agree more with Merlin's views. There is another angle to consider in my opinion, which is the legal concept of "reasonable expectation". Like when a trespassers idiocy collides with a danger on my property. Could be a civil suit involved, and I would have to argue that "Well they shouldn't be on my property in the first place", vs their likely position "but it is reasonable to expect a homeowner would 'x,y,z,' and you did not, so little Billy was maimed". You can have that sort of quagmire, for RL flesh and blood problems, so I think if you have no way to enforce a business to help you recover goods (virtual or otherwise), unless it benefits them somehow, they will probably give you runaround or directly say to you gtfo.

If that is too much of a tangent, I apologize. Seems related to me. Also HAI Goldberg. It's DOM / Armani from Cats, a looooong time ago I used to farm Heartwood runics and you use to buy em. I think.

for clarification, I am not getting behind either "side", I am on my side. My side is always interested in getting my stuff back vs being right.
 
Last edited:

james64468

Journeyman
Stratics Veteran
Stratics Legend
I think the issue is what a business entity has to do according to law, vs what we want them to do, and again all vs what actually happens in court vs the law. I see both sides. I tend to agree more with Merlin's views. There is another angle to consider in my opinion, which is the legal concept of "reasonable expectation". Like when a trespassers idiocy collides with a danger on my property. Could be a civil suit involved, and I would have to argue that "Well they shouldn't be on my property in the first place", vs their likely position "but it is reasonable to expect a homeowner would 'x,y,z,' and you did not, so little Billy was maimed". You can have that sort of quagmire, for RL flesh and blood problems, so I think if you have no way to enforce a business to help you recover goods (virtual or otherwise), unless it benefits them somehow, they will probably give you runaround or directly say to you gtfo.

If that is too much of a tangent, I apologize. Seems related to me. Also HAI Goldberg. It's DOM / Armani from Cats, a looooong time ago I used to farm Heartwood runics and you use to buy em. I think.

for clarification, I am not getting behind either "side", I am on my side. My side is always interested in getting my stuff back vs being right.
In my view the laws do need to be upgraded on the federal level. Some laws should require that the gaming servers be kept up to date and security should be upgraded every week.
 

Rodge

Visitor
Stratics Veteran
That's great I am going to start reporting people that script, dupe and grief to the FBI. Screw the murder investigation! Get my pixels back!
 
Top