Social Engineer Blizzard - Advanced level

[Fisher]

Disclaimer: Information, methods, anything you read bellow is purely for educational purposes. Do not use anything mentioned to steal, scam or otherwise commit a crime. If you use any of the info you find here for unwanted purposes, I will send 5th Echelon after you. Do not attempt to remove a ban from your account using info you can find in the text, fail, and come to me crying, because I'm out of tissues. You may use it to have fun with Blizzard all you want.

Hello everyone, and welcome to the Advanced version of my "Social Engineer Blizzard" series. In this one, we'll cover some of the information you may want to hunt down as well as methods of obtaining them. Finally, we'll cover some of the possible info I pieced together over the years of dealing with Blizzard. I won't be diving this guide into sections as I've done with the previous, as it really is one big subject and needs to be in context. But enough of that, let's get started.


Information is power. But not all information is accessible. Keep in mind that Blizzard has one of the most trained customer support teams out there. Also, keep in mind they are monkeys. Depending on what you want to do with the information you are trying to gather, some of the possibilities might be:

• How much are they getting paid for their work?
• What are their work hours?
• How do they lock down RAF accounts?
• Why do they ban some of the botters while skipping others?
• Which criteria do they use to ban botters?
• Do they track any of your information: IP, HWID, MAC etc?

There are just some of the examples. Some of these may be useful to you if you are running an Unban service for instance (number 1 and 2), while other may or may not be worth quite some cash. As discussed in previous guide, you go in over the phone. There's stuff to keep in mind here. First and most important, they sign a contract when they start their job. This means that they can and will be pursued in a court of law if they reveal any information they are not suppose to. However, you won't simply ring them up and be like "Yo, which hooks are for honorbuddy again?". Your job here is to parse together something viable from bits and pieces of intel. For instance:

"Hey I got banned, but I didn't do anything wrong!"
"Yes you did"
"No I didn't"
27 tickets later
"Sir, you've used your software to automate movement, mining and herbalism, while gathering X nodes over Y hours. Please don't open another ticket or we will close your battle.net account."

Hey, thanks! So that affects their criteria for banning. But this is not enough. He might have just said pieced that information together based on logs, so you have to go in again and again until you are certain the information is valid. You must be ready for sacrifice. Take one of your accounts, let it expire and leave it like that for a day or two. Fire up a vpn, apply RAF gametime to it, login, whisper someone completely random few sentence in a different language (possibly another one of your accounts, or a new one, just don't strike a conversation with an actual person) and let it bot until it gets banned. This way, we've created a scenario where someone obviously hacked you. Best approach would be to run it from a real machine in a different country, but you get the picture. Once it does, immediately call Blizzard while making your voice sound distant/obstructed:

You: Hey there Donovan, I'm currently on a vacation in <random country that doesn't match the one you logged the bot form> and I received this E-mail from you guys about my account. Now, I let my account expire on purpose, just for security reasons while I'm away, so do you mind telling me what's going on?
Donovan:Just a moment sir. It appears someone penetrated your account and ..
You: Oh my god, please tell me my characters are still there!
Donovan: Yes, yes, no worries sir, it appears they've used your character to run a third party software and abuse it for making gold.
You: They WHAT?! Would you mind giving me their address to pay them a visit?
Donovan: I'm afraid I can't do that sir, <if you're lucky> besides it appears they are in another country.
You: Sons of a .. so you can see my account right? Did they steal anything? I had <x number of resources> and <y number of other resources> I hope they haven't touched that.
Donovan: No they haven't, they just ran the software to gather even more and I'm assuming steal it afterwards.
You: Oh really? Can you leave it on the account? Would serve as a compensation, since there isn't anything I can do to them.
Donovan: <doesn't matter what he says here>.
You: So for how long did they run it? Since I was I gone? My last login date was <lastlogindate>
Donovan: Yes, it appears they logged it in as soon as you left and kept it online until it got banned.
You: Do you have any idea how much resources they've gathered?

And there's your check. Don't end it there, of course, drop a few more lines, and be worried near the end, ask the representative to lock your account until you get back or something similar. Also, repeat your obnoxious request at the end, asking him to provide you with the location or identity of the people behind the hack. This will leave an impression on the agent, making it harder for him to piece together what you were really after. In big companies, in case of an outer breach, such as this one, protocols should be changed immediately. So if you are caught, whatever you learned, whatever you invested, it's all gone and information you have is useless and outdated. Repeat this a few times in a similar manner (write down the name of the customer support agent, just in case). Yes, a few times. Nobody said this is cheap and easy. Unless you have physical access to your mark, you will need to devote some resources into crafting a scenario you need for specific purposes. In this case, you'll need a minimum of 2 accounts and a maximum of 8. Creating a scenario you need is one of the trickiest parts of such activities, so you have to do it right. Consider all the options and most importantly, consider all the questions representative may ask you in case they doubt your story.

So what did we learn here? They track your resources gathered and based on a few other factors they will ban you when you hit a threshold. But that's not enough. You need to know the numbers. So this is when it stops being theoretical science and starts being practical. You grab a few accounts, and test. Quite a few lets say. Keep in mind that parameters of the test have to be identical in order for results to be valid. So yes, every new account will be ran from new, never used before, IP. Every new account will have to adhere to your other test parameters, such as time online, other activity (besides farming), farming zone etc. You will get what you are after. I have tested this in the past, but results I came up with mean nothing as they've changed it all by now. At some point, we pieced together their ban timer and knew exactly how long the accounts would survive under certain conditions. However, they changed that as well. Found out the hard way.

You may repeat a similar process to hunt for any other information. The best case is when you are innocent, so create a scenario where you were wrongfully banned and you can have a nice conversation with Donovan or whoever. That's your best bet. You may wait for a faulty banwave season to pitch your stuff in (more on this later) as well. Also, invent new stuff. They listen to guys attempt this day and night. You need to be creative.

You: Hey, I just noticed I'm banned on my <email> account, license World of Warcraft. I want to tell you what happened as I'm still shocked. I play from the internet caffee, since I work here, and I went to the bathroom only to return and see my account banned. So I checked security cameras and it appears some guy that hangs out here a lot messed with my account. So I check the archives and it appears he did this on more than one occasions. Well I gave the bastard a nice beating and banned him, so I won't have similar trouble in the future. Would you like me to talk to my boss and check if it's okay with him to hand you the footage?

Disarmed. This will shock the representative enough to forget for a minute all his training and embrace compassion for his fellow player, you, who was banned because he had to take a leak. Downside? You can't be all talk. You actually need to have that video footage, and you need to create a scenario where your story appears to be true. So log from same IP, do some damage to your own account every couple of days (small scale, nothing a player would notice in a similar situation, such as destroy an item from the bank) and get it banned. Shout something extremely offensive in town, basically violate a chat rule and do /reload after that. You will need to have all this on tape, just in case. If the representative asks you for it, and you actually provide it (don't give that ass too easy, tell the rep your boss asked if anyone else will see the footage or will they delete it right after looking at it) they will be disarmed even more. Do a few more "angry village" phrases, pitch in your real question, go back to "angry villager" and you're done.

One of methods that should be mentioned here is infiltration. Doesn't necessarily have to be inside Blizzard, may be inside one of their representative lives. No matter which method you choose, it requires a lot of patience, time and money. So unless you are really sure it's worth it and you know what you are doing, I'd advise against it. It may take months of shadowing an employee, learning everything there is about them before you even approach them or bump into them. From that point on, it may take a few more months before you can even slightly mention the topic you are after. And again, more months before you are able to use or abuse that information. Some people will argue against this. Some people will tell you a "hit&run" is possible in these types of infiltration. And it is. However, now only do you need to be a grand master, you also lose any other shot at working your asset in the future. You also lose your protection. While painfully slower, my way will ensure you will never be detected, and it will ensure your assets loyalty, which means, if it ever comes to that, they will swear on their lives you never did anything. One thing you should keep in mind is that you will destroy the person if they ever find out. They may or they may not, entirely depends on you. I won't go into great detail here, but if they do figure it out, they will be messed up for the rest of their lives, so tread carefully. Then again, all of them are monkeys so you should be fine. Nope, not random hate. They really are monkeys. I'll explain later.

As for infiltration inside Blizzard, it will require a greater sacrifice. While you may or may not have more use of that, I'd always suggest running an asset instead of doing it yourself. Cuts down on the risks, and leaves you with options. To any asset, I am Fisher, that funny guy from down the block, but to Blizzard, I am exactly who I am, a person with a real name, real identity, real location to send the lawyers to. The timing is also messed up if you do it yourself, you will need to prepare a lot more, wait a lot longer and abuse a lot less. So skip that one. If you really feel like messing with them, do a simple "hit&run" type of thing and satisfy your inner child, as the risks are a lot lower.

I'm not sure if you've noticed, but there are quite a few requirements, except time and money, for operations like these. For starters, it helps if you have a team. You understand this just fine, more people = less work, less time, better ideas. Second, you need to be free of any obligations. No job, no girlfriend, no nothing. Not just because of the time you will have to invest, but also because of your methods. Sometimes, no matter how good you are at reading people and guessing what's your best approach, you will make a mistake. Not because you're bad, simply because the person is a bit more complex than you initially thought and you'll have to change your approach. Sometimes, the approach requires just a small modification, but other times it will require a full revamp and you may end up in bed or relationship with your mark. Not uncommon, has happened a lot of times. While this gives you an edge, it also makes you vulnerable in case say you are engaged and run into your fiancee while walking around with your mark. It all really comes down to why are you doing what you are doing and how badly you want the information. In certain cases, say, having a customer support girlfriend or one that's even higher up the chain, it can be very fruitful and you will be able to make tons of money, however, you will need to spend a lot more time working her, you will need to have the right contacts to supply you with that money aka buyers, and you will, inevitably, have to destroy that person by leaving when it's all done. So let's not do that =)

Right, since we covered some of the advanced methods and types of approaches you may use, let's go over some of the stuff that's known about Blizzard and that I've parsed over the years. Please take into consideration that all the stuff written bellow is simply my opinion or assumption, and there is no way I can claim that it's 100% true. It simply has better odds to be true than the alternative.

1) Faulty banwaves
I know you've been longing for this one. It's not really a mystery. But it takes a lot of brainstorming and looking at all the numbers to get this one. Every once in a while, Blizzard does a clean-up. That time when people scream "BANWAVEEEE". They do this by running a clean-up script most likely, which, based on some parameters and data gathered over time, bans account that match the criteria. And every once in a while, Blizzard makes a mistake here and a lot of innocent players end up banned. Maybe not a lot, but quite enough for their lines to catch fire. This is the time when they are vulnerable. This is the time when you call them and they answer with "Привет, cпасибо за звонок... Uh, I'm sorry, Hello, thank you for calling Blizzard..." They are tired, they are mad, they are probably there longer than they are suppose to be. Which means their guard is thin or down. Which, in turn, means you should go for the jugular. Strike a small conversation, nothing too big, and let it rip.

2) They are monkeys
This isn't some random hate I throw Blizzards way. By "they are monkeys" I mean that they are trained to do something and they can't stray too much from it. They do repetitive actions, use the same words, performs the same tasks which eventually makes them dull. There is no challenge or American dream among customer support representatives. While their job may be better than the next guys', it will inevitably make them dull. It also means they have strict rules on what they can and can't do, as well as what they can and can't say, since all the stuff is being recorded. So it's up to you to find a way, from those few sentences you swap while you chitchat, to give them a banana and ask for something in return. Just read this paragraph from the beginning and realize that, while being a monkey is their weakness, it's also their strength. A monkey, thrown in a new situation you just created, will become defensive and start asking questions. So you want to ease them in, not let them realize what's going on. Patience is the key.

3) They don't know each other
Pick up the phone, call them, wait for the operator to say his name and hang up. Call right back, talk your issue, and at the end ask about that operator. Ask if the current one knows him and can they please say hi to him as he was really nice to you. Their support team is just too big. I'm not saying there aren't friends there, but odds are the representative you are talking to doesn't know many of their colleagues. This can be used in many many ways, but most of them are too complex and would require a separate thread for each, so I'm going to skip them here. But you're smart, you'll figure this one out.

4) They have some sort of blacklist for IPs
While I spent most of my days refusing to believe this, I was shown irrefutable evidence that they do this. How, when, why, who, I don't know. By the time I've gotten this intel, I was out of this world, so I didn't have much use of it. But yes, they do monitor something. There was simply too many new accounts banned and what not for them not to be. I'm not just talking about that guy that streamed botting and got all accounts that touched his PC during the last 30 days banned, no. I'm talking about those discrete guys that bot 5-10 accounts for years now, and suddenly anything they log or create from that IP gets banned.

5) Developers and GMs can't stand each other
I've covered this partially in the previous guide, so I won't go into great detail again. The point is that they aren't even in the same building, so there is a huge disconnect there. Not information of great value, but can be inserted as an icebreaker for one of your approaches.

6) Blizzard knows you are botting
Stop. Before you quote me on this and flame the living hell out of me, please understand that this observation was made from the business perspective. Blizzard may look dumb on the outside, however, the recent actions they took with Vivendi and buying out shares and all that jazz should be an indicator there are smarter monkeys out there. So yeah, they made the game, they should be able to see it. Why not ban you all? Why would they. They let you run your little scheme for some time, they wipe it all, you buy new accounts and keep going. Let me clarify. You buy new accounts. It may be as simple as that. I'm just finding it hard to believe. So many engineers, so many developers, so much stuff and they can't see a 10mb piece of code running in their client. Anyone who spent some time on "the other side" of WoW can see the bots with their own eyes, so why not employ 2 people per realm and let them hunt the bots down. Can't deny that.

7) They most likely don't keep pictures of IDs you send them
Even if they do, no matter you skill level, you will never get them to admit that. Just one confirmation and you can shut them down. Privacy is suddenly this big thing. I said most likely as I've had situations that led me to believe otherwise, however, nothing could be proven. Keep in mind this doesn't mean you can just send them 10 same IDs with different name and it will work. Just kidding. I've used only one ID I've templated in over 500 recovery cases. Worked every single time. It does require, however, a bit of effort, so your first try will probably fail, and they'll ask for a picture next to your face or on top of todays paper. Hey, I used different paper. Don't wanna be a douche.

8) They do keep the pictures you send them to change your country
Oh yeah. Found out the hard way. They save those and run a cross-reference with whatever new you send them. So do be careful not to burn your account for using a template. You won't be banned, but country change service will be denied for that attempt and most likely there will be a nice "OMFG PHOTOSHOPZ" comment left at your account.


And there you go. While this is only part two out of planned three in the series, I don't think I'll be able to deliver the master level guide until I'm on the ground or run into something groundbreaking. The next step would be physical entry, or in a different case, a security hole that leads to more information discovery. But other than that, I've got nothing to offer you that's advanced than this for the time being. So thank you for taking time to read both of the guides, and I hope you've learned something.

I'll continue to monitor the thread, of course, if you have any questions, please post them bellow.
Peace!

[jppgibbs]

Thanks Fisher.
Great read +rep

[Maartin955]

Intresting and usefull
Great job! +rep!

[Pnurt652]

Nice, some tinkering with the Blizz support inc.

I recently got banned for botting the second time on my account, now I'll try to squeeze them for more information :P

[Fisher]

Thank you everyone =D

@Pnurt652 by all means, have some fun. Just make sure to read the disclaimer =D

[xDiego]

Nice guide Fisher! Keep up the good work!

[tuleyoil]

I recently got banned for botting the second time on my account

[Strath]

Just some info I have accumulated over my long life of exploiting...

1.) If you send in one ID, and then a different one, they WILL notice the difference. This happened to me personally. It was about 3 days between each submission, so do with that what you will.
2.) I botted on a bunch of accounts during my time on wow, but only recently got one of those accounts banned. I tried a new "high performance" profile, which was roughly double my current nodes-per-hour. This account got banned in 2 days!

I used to know their shift schedules, but I forgot. It wasn't really hard to get that info, I just got many ticket responses at like... 3am and said something like... "damn dude, its 3am aren't you tired?" they usually respond with "oh nah I just started my shift x hours ago; etc."

[Fisher]

1.) If you send in one ID, and then a different one, they WILL notice the difference. This happened to me personally. It was about 3 days between each submission, so do with that what you will.
2.) I botted on a bunch of accounts during my time on wow, but only recently got one of those accounts banned. I tried a new "high performance" profile, which was roughly double my current nodes-per-hour. This account got banned in 2 days!

I tried to find the section where it says they will purge all that info immediately upon looking at it, but failed, I can dig deeper if you really want, point is they aren't allowed to do that. You just got extremely unlucky I guess. I've done stuff similar to this a million times, never had an issue. They do tend to decline with a different reason in such cases, like "We can't accept this ID" but you just spam them a bit more and you're good to go =)

As for the second one, yeah I've seen people getting trashed using new and popular profiles, but never got anything more out of it. On a large scale of running 100+ accounts, we used to switch to new profiles all the time, didn't have many issues or bans connected to it, so I didn't pay much attention ^^

[Strath]

I tried to find the section where it says they will purge all that info immediately upon looking at it, but failed, I can dig deeper if you really want, point is they aren't allowed to do that. You just got extremely unlucky I guess. I've done stuff similar to this a million times, never had an issue. They do tend to decline with a different reason in such cases, like "We can't accept this ID" but you just spam them a bit more and you're good to go =)

As for the second one, yeah I've seen people getting trashed using new and popular profiles, but never got anything more out of it. On a large scale of running 100+ accounts, we used to switch to new profiles all the time, didn't have many issues or bans connected to it, so I didn't pay much attention ^^

Out of curiosity, what was running 100 accounts like? Profit and cost wise.

[Fisher]

Out of curiosity, what was running 100 accounts like? Profit and cost wise.

Add me to skype: fisherns, don't wanna go too far offtopic =D

[Deathyaw]

Very Detailed and good written guide! +5 rep man! I will surely use this if i ever get banned x)

[H4x0rAbdullah]

Thank you, very fun reading