Being ejected for unacceptable behavior is quite simply the user’s own fault. As Lisa Vaas on the Sophos NakedSecurity blog puts it, “ArenaNet [the game developer] is trying to run a civilized environment without Holocaust jokes, gay-bashing and the like.”
Trolling and cyberbullying have been getting increased publicity recently. In the, a UK policeman has been arrested for taunting a woman on social networks after she posted a message of support for an X-Factor contestant; while in Australia, TV celebrity Charlotte Dawson was hospitalized after being viciously targeted on Twitter. Her crime had been to appear on a current affairs television program to expose cyberbullying.
The second problem is not so simple. Gold selling is the process of selling a game’s booty for hard currency. Players can be tempted to purchase the online gold or other game attributes rather than take the time and effort to earn them through game playing (a bit like some Twitter users buying their followers rather than earn them). Sophos again: “Gold sellers are, reportedly, grossly underpaid computer sweatshop workers who work 12+ hours a day to earn as little as $50/month.” It is little wonder, then, that rather than working in a sweatshop for paltry returns, some users are turning to hacking accounts and stealing the ‘gold’ that they can then sell on.
This is a joint ‘fault’ between the user and the game maker, as GFI Software senior threat researcher Christopher Boyd explains: “Guild Wars 2 was always going to be a magnet for scammers and phishers, and sure enough NCSoft [the game publisher] has had to take swift action to try and preserve the experience for legitimate players.” He points to a weakness in the email authentication, a new feature that “works in a similar manner to Steam Guard, which asks a user for credential validation when logging in from a new location. However, just like Steam Guard it relies on the individual having a secure email address.” Most people simply don’t take enough care over their email addresses nor passwords; and Boyd recommends using something like Google’s two-factor authentication.
“If two factor isn't available,” he continued, “they should check for weak password reset questions and ensure their email login is unique to that account only. Anybody already using LastPass to store their gaming logins should consider using that to keep their EMail password, lock LastPass down with two factor authentication and - if especially concerned - enable the feature that allows logins from specified countries.” This, he says, “should make life a little trickier for those wanting to plunder a Guild Wars account.”