G2A: The dark underbelly of gaming.

[borka]

I have recently had my PayPal account hacked for the second time in just a few months. It's pretty annoying so I did some research and learned some interesting things. Firstly there is a security flaw in many routers which can allow nefarious entities to circumvent firewall protection. Luckily there is a workaround. In any case it seems somebody has gotten in through this loophole and stolen several of my cookies, which they have then used to access online accounts of mine.

What router model?

[ven]

I think it's highly unlikely somebody hacked into your personal router or something. Did you log into public wifi anywhere? If you log into public wifi somebody can literally see all your passwords and steal your cookies/sessions with a simple browser plugin.

I thought the thing with firesheep and the like had been fixed, but it was probably naive of me to think so. Is that still going on?

[shadyg0d]

I think it's highly unlikely somebody hacked into your personal router or something. Did you log into public wifi anywhere? If you log into public wifi somebody can literally see all your passwords and steal your cookies/sessions with a simple browser plugin.

I thought the thing with firesheep and the like had been fixed, but it was probably naive of me to think so. Is that still going on?

I'm not really sure how that could be "fixed" unless it was pulled by firefox or something. It's just a simple concept that somebody made into a plugin. Anyone with decent networking knowledge could probably do it with command prompt or make their own program. Besides there are plenty of programs on the internet for this. It doesn't even have to be a browser plugin.

[loftar]

Firstly there is a security flaw in many routers which can allow nefarious entities to circumvent firewall protection.

Not that I use a hardware router, but I'm curious what this is. Care to tell?

[borka]

i.e.
http://malware.dontneedcoffee.com/2015/ ... -csrf.html

http://seclists.org/fulldisclosure/2015/Mar/15

http://routerpwn.com/

[Jalpha]

Sure I guess. It's a Netgear WNR2020 and the exploit has something to do with a default response sent by the router when queried, which exposes certain pieces of sensitive information, such as IP and MAC addresses of connected devices and even the routers username and password. Pretty sure it's solved with a firmware update but I could be wrong. Not sure how likely it is that this is the primary security flaw though tbh. If anyone has a better theory I'm very open to suggestions.

I guess this is my invitation to finally enter the realm of the hacker and learn more precisely how such things are done if only to better protect myself. Internet security has always interested me but there are so many things to be interested in and so few hours in the day.

[TeckXKnight]

I've seen a few blog posts from game developers and publishers on G2A in the past. A sizeable portion, if not majority, of the keys that are sold on that website have been bought with stolen credit cards. The majority of the remainder are bought from websites like Humble Bundle and resold at a profit to people who don't check charity video game distributors. It's incredibly scummy and G2A could give a shit about it.

It's like buying stuff from those chinese rip-off product websites. Sure you could save a few bucks but chances are you're getting completely fucked in quality, if you ever get a product at all. It's just not worth it.

[Onep]

I've seen a few blog posts from game developers and publishers on G2A in the past. A sizeable portion, if not majority, of the keys that are sold on that website have been bought with stolen credit cards. The majority of the remainder are bought from websites like Humble Bundle and resold at a profit to people who don't check charity video game distributors. It's incredibly scummy and G2A could give a shit about it.

It's like buying stuff from those chinese rip-off product websites. Sure you could save a few bucks but chances are you're getting completely fucked in quality, if you ever get a product at all. It's just not worth it.

It doesn't surprise me about them reselling humble keys. Those things get discounted so obscenely, I don't understand how anyone makes a profit there. I've only bought one key off of a scummy resale sites. It was hardly worth the savings, I spent more time fretting about being ripped of than anything. I know one of their big source of keys is also buying them from regions with a weak currency and retailing them to people on the Euro, Pound and Dollar.

[TeckXKnight]

I know one of their big source of keys is also buying them from regions with a weak currency and retailing them to people on the Euro, Pound and Dollar.

If that was all they were doing there'd be no problems. That's basically performing currency exchange.

I don't think anyone selling on the humble bundle is looking to make a profit. Aren't those usually geared towards mostly covering operation costs and otherwise raising money for charities?

[shubla]

g2a is most shady site and I suggest no one to use it. 99% of games have been stolen or acquired in illegal/shady methods. It's just used to sell stolen goods and launder money. G2A itself is probably not evil. But they only provide platform for people to sell their stolen goods.
Most keys are bought with stolen credit cards. Then sold 50% cheaper so they can get money to themselves with reduced risk of getting caught. They are abusing bugs on other sites to get keys. People buy bundles with bots from sites like humblebundle and then re-sell those, which is not meaning of such sites. Recently I read some article about one indie key selling site going bankrupt because someone abused their system to buy keys for almost 300 000 dollars by buying keys and then refunding the transactions, and then re-selling these keys on g2a for profit.