These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
123Next pageLast page
 

Is the guessing of a password on Eveboard illegal?

First post
Author
Previous Topic Next Topic
Aylanaa
Center for Advanced Studies
Gallente Federation
#1 - 2013-07-19 09:18:55 UTC
So this RoCkEt X guessed Mino IV's password on Eveboard, which allowed him to figure out when Mino IV would log his titan chararcter on enabling RoCkEt X to kill said titan. The story is here http://themittani.com/news/legion-alts-downs-avatar-low-sec, and here http://pastebin.com/u9XjXtAa Too me it seems in the grey area just curious on other people's thoughts.
Chribba
Otherworld Enterprises
Otherworld Empire
#2 - 2013-07-19 09:24:35 UTC  |  Edited by: Chribba
As far as eveboard goes, that doesn't really give any details to that kill apart from when the skill ran out which sure could give a theory in what timeframe a pilot would log on to change queue. Plus they had been monitoring him for quite some time it appears.

Is it illegal, from my view no it's not illegal in that sense, but not really wanted either, but should there be a need for me to implement additional security measures to prevent brute force (than those already in place) I will do so. Guessing passwords for 60 seconds I don't think will trigger any police action (especially not in the case of eveboard, and if there had been substantial load I'm sure my monitors would have gone haywire). PS. I don't at all condone.. condole(?) or approve of this technique at all, just giving my view on how I feel about it.

If anything, I'd rather see the whole ISboxer setup being more of a grey zone in this case.

/c

★★★ Secure 3rd party service ★★★

Visit my in-game channel 'Holy Veldspar'

Twitter @ChribbaVeldspar
Anna Karhunen
Inoue INEXP
#3 - 2013-07-19 09:27:02 UTC  |  Edited by: Anna Karhunen
It is illegal*. As the EVE board is Chribba's I suppose it falls within Swedish law, though ask Chribba if you want to know for sure. Accessing other person's account (any account) without their explicit approval is never a good idea.

Edit: *Whether authorities do anything, that is different question. Unless there has been damage, they are probably not going to make a move. Losing ships in a game... I think they will laugh.

As my old maths teacher used to say: "Statistics are like bikinis: It's what they don't show that's interesting". -CCP Aporia
Cannibal Kane
Viziam
Amarr Empire
#4 - 2013-07-19 09:30:02 UTC  |  Edited by: Cannibal Kane
I dont think so..

The hundreds of chars using a combination of 123 to 12345 does not make it hard.

"Kane is the End Boss of Highsec." -Psychotic Monk
Inxentas Ultramar
Ultramar Independent Contracting
#5 - 2013-07-19 09:38:09 UTC  |  Edited by: Inxentas Ultramar
As we know our governments excell in retardation when it comes to anything internet, including legislation concerning it. The only proper answer would be who cares about legality. Legality is defined by people that have no clue anyway. Whether or not Chribba approved is a more interesting question. He might even consider this legit gameplay, and as such allow it explicitly, making it legal. I couldn't find a EULA on Eveboard to check.

Im my country some dude got sentenced because he guessed the GET parameter of a badly secured website. The trick is that the website in question was of the government, so instead of fixing it they deemed prosecuting the 'hacker' more usefull. A person like Chribba might actually have a life and not press charges over this form of data mining! Big smile
Pak Narhoo
Splinter Foundation
#6 - 2013-07-19 09:40:27 UTC  |  Edited by: Pak Narhoo
Chribba wrote:


Is it illegal, from my view no it's not illegal in that sense, but not really wanted either,


Well, you could maybe make it harder by preventing passwords like 1234, by making them 6-8 characters long with a mandatory character/number combo. Like 123456a or abcdefg8.

Then again people will create dumb passwords, no matter what you do.
Looks to me like he didn't wanted that Avatar anyway. What?
Chribba
Otherworld Enterprises
Otherworld Empire
#7 - 2013-07-19 09:49:05 UTC
Pak Narhoo wrote:
Chribba wrote:


Is it illegal, from my view no it's not illegal in that sense, but not really wanted either,


Well, you could maybe make it harder by preventing passwords like 1234, by making them 6-8 characters long with a mandatory character/number combo. Like 123456a or abcdefg8.

Then again people will create dumb passwords, no matter what you do.
Looks to me like he didn't wanted that Avatar anyway. What?

There could be plenty of things made of course. I could even do token authentication with RSA dongles... question would be how far to take it really.

It's a small character sheet site after all while I do take security seriously it needs to be balanced so I'm most likely not going to start to block passwords or force the use of complex ones (I'd need to open up a support division to handle all the requests from ppl who forget their already easy 1234 passwords lol)

/c

★★★ Secure 3rd party service ★★★

Visit my in-game channel 'Holy Veldspar'

Twitter @ChribbaVeldspar
RoCkEt X
Hostile.
PURPLE HELMETED WARRIORS
#8 - 2013-07-19 09:52:46 UTC
from: http://community.eveonline.com/support/api-key/

Quote:
I still don't like it.
If you are not certain that the web site or program asking for your API key is safe, please do not give it to them! You are responsible for any usage of the information obtained by using your API keys.


I think that pretty much says it all.

1234 was my first guess, by the way :)
Thorn Galen
Bene Gesserit ChapterHouse
The Curatores Veritatis Auxiliary
#9 - 2013-07-19 09:53:46 UTC
Consider this.

Dude has a bunch of keys.
He goes around to random houses to see which key will fit a lock.
Eventually he finds one which opens a door.

Just because the key fits the door does not make his action legal, it's still a crime.

Likewise, nor should such an action as discussed here be condoned. Same legal principles apply.
There's nothing "meta' about it, it is illegal, plain and simple.

o7

COO - Bene Gesserit Chapterhouse  CEO - Sanctuary Pact Alliance
Tippia
Sunshine and Lollipops
#10 - 2013-07-19 09:57:56 UTC
Thorn Galen wrote:
There's nothing "meta' about it, it is illegal, plain and simple.
What law does it break?
dexington
Caldari Provisions
Caldari State
#11 - 2013-07-19 10:00:46 UTC
RoCkEt X wrote:
from: http://community.eveonline.com/support/api-key/

Quote:
I still don't like it.
If you are not certain that the web site or program asking for your API key is safe, please do not give it to them! You are responsible for any usage of the information obtained by using your API keys.


I think that pretty much says it all.

1234 was my first guess, by the way :)



That don't give you the right to hack someones profile on another site, if i send a xml dump of my api data to my private email adresse, would it then be okay for you to hack it?

I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous.
dexington
Caldari Provisions
Caldari State
#12 - 2013-07-19 10:03:06 UTC
Tippia wrote:
Thorn Galen wrote:
There's nothing "meta' about it, it is illegal, plain and simple.
What law does it break?


Depends on the country, i Denmark it would be § 263

I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous.
Tippia
Sunshine and Lollipops
#13 - 2013-07-19 10:06:11 UTC
dexington wrote:
Tippia wrote:
[What law does it break?

Depends on the country, i Denmark it would be § 263

What does this paragraph state?
Lucas Kell
Solitude Trading
S.N.O.T.
#14 - 2013-07-19 10:08:36 UTC
It's illegal as it's unauthorized use of a system, illegal in most places under varying terminology. That said it is so low down on the list, I doubt any law enforcement agency would take it seriously.

It doesn't violate the EULA since it's not CCP owned so CCP shouldn't do anything either.

It should however be illegal to use the password 1234 and someone should clout that guy up the side of his head for being so stupid.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
dexington
Caldari Provisions
Caldari State
#15 - 2013-07-19 10:09:45 UTC
Tippia wrote:
dexington wrote:
Tippia wrote:
[What law does it break?

Depends on the country, i Denmark it would be § 263

What does this paragraph state?


You are not allowed to access other peoples private data, or invade their privacy and so on.

I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous.
RoCkEt X
Hostile.
PURPLE HELMETED WARRIORS
#16 - 2013-07-19 10:14:18 UTC  |  Edited by: RoCkEt X
dexington wrote:
Tippia wrote:
dexington wrote:
Tippia wrote:
[What law does it break?

Depends on the country, i Denmark it would be § 263

What does this paragraph state?


You are not allowed to access other peoples private data, or invade their privacy and so on.



data isn't private when it's on eveboard; passworded or not, you are sharing your API. the only way this effects the individual is ingame. and does nothing to their RL privacy. Technically the data doesn't belong to them, as all EVE online accounts and such are property of CCP... and as CCP states that all information gained by sharing of API keys is solely the responsibility of the player who shares them.... :)

Stop whining, my ribs are hurting from the laughter :)
Anna Karhunen
Inoue INEXP
#17 - 2013-07-19 10:14:36 UTC
If it was under Finnish law, it would result in fine or up to one year prison sentence. If it was planned or done for criminal organization, then it would be fine or up to two years prison sentence.

As my old maths teacher used to say: "Statistics are like bikinis: It's what they don't show that's interesting". -CCP Aporia
dexington
Caldari Provisions
Caldari State
#18 - 2013-07-19 10:20:37 UTC
RoCkEt X wrote:
dexington wrote:
Tippia wrote:
dexington wrote:
Tippia wrote:
[What law does it break?

Depends on the country, i Denmark it would be § 263

What does this paragraph state?


You are not allowed to access other peoples private data, or invade their privacy and so on.



data isn't private when it's on eveboard. the only way this effects the individual is ingame.


If it was public available why did you then need to guess the password, that pretty much proves the data was not public available and the owner had not given you access, else you would have already know the password.

It's the same with postcards, you are not allowed to read a postcard you have not send or received without permission, just because there is no envelope protecting the content does not make it legal for you to read it.

I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous.
Malcanis
Vanishing Point.
The Initiative.
#19 - 2013-07-19 10:20:48 UTC
Tippia wrote:
Thorn Galen wrote:
There's nothing "meta' about it, it is illegal, plain and simple.
What law does it break?


Quite a few countries have laws against unauthorised access.

Of course it's really only against the law when it embarrasses a big corp or the government but eh

"Just remember later that I warned against any change to jump ranges or fatigue. You earned whats coming."

Grath Telkin, 11.10.2016
Nevyn Auscent
Broke Sauce
#20 - 2013-07-19 10:20:59 UTC
RoCkEt X wrote:


data isn't private when it's on eveboard; passworded or not, you are sharing your API. the only way this effects the individual is ingame. and does nothing to their RL privacy. Technically the data doesn't belong to them, as all EVE online accounts and such are property of CCP... and as CCP states that all information gained by sharing of API keys is solely the responsibility of the player who shares them.... :)

Stop whining, my ribs are hurting from the laughter :)


If it is passworded and you have come by the password via illegal means including guessing, it is private.
If I 'guess' the combination to your safe, I can't take whatever is in it without it being stealing, what you did is no different.
Personally I consider this good grounds for the player to request CCP reimburse him, as for all it wasn't particularly secure, he was hacked as part of the attack on his titan.
123Next pageLast page