1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

How was Noobinator's hijacked?

Discussion in 'SteamRep General Discussion' started by gukingofheart, Apr 18, 2014.

  1. gukingofheart

    gukingofheart New User

    Messages:
    452
    Steam:
    STEAM_0:1:49222635
    Was it just a phishing link, or something much scarier?
    If it was Phishing, then surprised since I figured an admin would never fall for one, unless if he was half out of it.
    If it was something scarier, but you don't want to go into details, that's fine, but at least reply if it was Phishing or not.
  2. Mattie!

    Mattie! SteamRep Admin

    Messages:
    5,251
    SteamRep Admin:
    STEAM_0:0:5712733
    As mentioned in another thread, it was his trusted friend (hijacked :( ) who sent him a "can you explain these screenshots?" SCR trojan.

    As he is a semi-retired admin who has not been active with us this year, he didn't recognize this as the latest hijacking approach when his team's captain sent it to him.

    It's a distressing fact that phishing/infection can hit anyone if it catches them at the wrong time or in just the wrong context. (We all fear these kind of accidents greatly.) The only real protection is to train yourself not to click links without a lot of careful paranoia, asking for context, etc. But if someone catches you with your guard down, it's going to hit someone trusted sooner or later.

    It's very frustrating that the hijacker was able to exploit the trust of this admin's account to manage some scams, but hopefully the account was frozen fast enough to mitigate the damage. We're going to put processes in place to ensure that only the most active admins for SR on official day-to-day business have green tags on SteamRep. We'll also discuss putting into place some additional recommended security checks for when an SR admin confirms their identity.

    This is a depressing event, caught fairly quickly, but we absolutely welcome any other mitigation suggestions from the community.
    Last edited: Apr 19, 2014
  3. Inu

    Inu TF2Bazaar Owner Retired Staff Partner Community Donator - Tier V

    Messages:
    399
    Steam:
    STEAM_0:1:62120987
    Happens to the best of us, shame. This should also be a wake-up-call to people who were so certain, that phishing will never work on them. It will work if you are not paying attention for a moment.
  4. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
    true, but problem is, people are too easily to get fooled to download something, instead of demanding it be hosted somewhere. The issue here was a dropbox link that was supposedly images. more then enough image hosters around with account access for removal later or privacy options to not accept such in that way.
  5. Inu

    Inu TF2Bazaar Owner Retired Staff Partner Community Donator - Tier V

    Messages:
    399
    Steam:
    STEAM_0:1:62120987
    Unfortunately the archive kind of made sense. Archives are useful to group up files and then compress them. This all could have been avoided by extracting it and then realizing they were .scr files made to look like images, or using a sandbox for this kind of stuff. Most people are not proficient enough with technology to see things like these coming unfortunately so general paranoia is all the protection they are going to get.

    Essentially the issue in my opinion is that people are not used to think on the internet. "My anti virus will handle it" is a mindset that is toxic but unfortunately widely spread, hence phishing still exists in a broad array. Most people won't go as far as to even think the way you suggested. They won't question why the images are not on imgur or a comparable host, but in an archive instead. The provoking message just reinforces blunt action. I am not saying you are wrong, I am saying that you might be overestimating the overall awareness for scams like these.

    Let paranoia save you when nothing else will.
  6. Horse

    Horse Administrator SteamRep Admin

    Messages:
    73,474
    SteamRep Admin:
    STEAM_0:1:34690691
    It is wrong to live in a state of fear. You do what you can and you go on with life. I'm certain it won't happen to me, so certain that I don't worry about it and won't let it disturb my beer drinking while I hunt for Easter eggs.
  7. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
    lol. overestimating the overall awareness... I didn't. I didn't even imply it, I said: "true, but problem is, people are too easily to get fooled to download something*snip*". If any, I'd say I'd have my estimation of their "awareness" is way lower. Well, you could say that is still way overestimated, but that's just making fun of it. (Because it would make it debatable if it was a good or bad thing of me to have it that low, or me being nice or w/e). Lets just say that 99.99 % of the ppl are totally blind for any of such issues.
  8. Noobinator

    Noobinator Retired Staff

    Messages:
    888
    SteamRep Admin:
    STEAM_0:0:12759940
    Basically I screwed up by clicking on the link and will admit that right off the start. Having previously fended off 12, 912 phishing links sent to me in the past, I finally fell for number 12,913. I will say my best friend is dying of cancer, and my sister was just diagnosed with it as well, so things have been stressful here and yeah, not my usual self. That being said, I have always treated TF2 as two separate games. The competitive play as one and the trading/steamrep/scammer world as another.

    I have been playing competitively for a long while and am on two Silver division teams. Thus, when I received a PM from a trusted UGC team leader that I have known in competive play for a long time, saying take a look at these screenies, I had (unfortunately) let my guard down and clicked on it, thinking it was an in-game cheater or some cool accomplishment he'd done. The trading world and competive play world paths do not cross that much usually (but now more just so recently), and my problem was being unsuspecting in the end. I still do not blame myself, but rather in the big picture of things, keep focused and blame the hijacker/scammer, since he was the true thief with malicious intent. I was just one of the ones screwed in all this and was violated.

    The files were scr, unfortunately I was not familiar with those, and thinking SCReenies, and then it was history after that. A Trojan was implanted, and SteamRep was quickly aware of my hijacking after the scammer prolifically used my account to scam and phish included admins, and the damage had been done in the short time it was comandeered. I received all my stolen unusuals back (thanks Steam), and very fortunately so did the victims that were scammed using my account.

    I quickly opened up a Steam ticket, then removed the trojans using a trio of AV softwares, and reset my pw a few times just to be safe, and reset my ssfn number, which the scammer had abscounded with. I had limited account control the next day, and full complete control back in about 3 days. In the end, the scammer didn't make out from my account at least, thanks to expedititious reactions of both Steamrep and Steam. That is the story.