A Warning to the EQP99 Community: Database Hacking

Aadill · #1 08-08-2011, 12:25 PM

With the recreation of The Mystical Order from the merging of two previously competing guilds to become stronger against opposition, the forums administrators of TheMysticalOrder.net quickly determined that something was amiss. With further research we found the possibility of a spy within the guild. That spy (or spies), however, had gone further than simply entering the ranks of a competing guild and reporting back to their own. It was obvious that a Transatlantic Rampage member had entered our ranks as not shortly after a post involving a bug was made public in the TMO forums (of which was removed and reported to the GMs considering it could be used for more than just harmless items) had been copied off of our forums and sent to the GMs.

Quote:

Originally Posted by chatlog

12:20:40 amelinda btws. is alkorin an officer or just a member?
12:21:04 aadill member but forums admin, why?
12:21:36 amelinda ohhhh looks like someone removed the thread.
12:21:38 amelinda probably jeremy
12:21:47 amelinda that's another sekrit.
12:22:14 amelinda :-P i have access to the forums - not to spy or anything. but durison knows.
12:23:37 amelinda because alkorin had that 'if you didn't know' thread up. tr copied it and emailed it to me.
12:30:26 aadill hahahahah
12:30:28 aadill yeah i removed it
12:30:33 aadill i don't want everyone in the guild trying it
12:30:35 aadill also what the fuck
12:30:39 aadill it said straight in the post
12:30:43 aadill "i told the gms"
12:30:49 aadill why the HELL are they wasting their time with that
12:30:52 aadill are they retarded
12:31:00 amelinda yeah.
12:31:13 amelinda well i already knew that he'd posted that and what i said was 'if you aren't supposed to do it then don't'
12:31:17 amelinda 'i know it's fun. but don't
12:31:24 aadill i mean illusions
12:31:26 aadill cool
12:31:28 aadill but the other stuff
12:31:29 aadill not cool
12:31:31 amelinda yeah.
12:31:33 amelinda exactly.
12:31:34 aadill this is what i said when i moved it back to officers
12:32:03 aadill I moved it because the general population of the guild doesn't need to know or know how to use something that isn't being dealt with simply because enough people aren't doing it. It's obviously an exploit as it's a problem of the entire client. If even a few more people start using it don't you suspect that people outside of the guild will want to know why members of TMO are all of the sudden disappearing into thin air and complete healing themselves and doing all this other shit? Illusions are pretty harmless but what happens when TMO_member_065 says, "Shit I wanna start fear kiting as a warrior!" and picks up that necro fear staff and some other shit and starts BLATANTLY doing that in public eye? If you want full disclosure you break it to the whole server and FORCE the devs to fix it. They use the petition/exploit forum to hide shit like that so people don't do it at large. If everyone starts doing it they'd have no choice and therefore taking it public would be the perfect way to force the GMs to do something. To keep it just in guild, and tell everyone EXACTLY how to do it, will only cause trouble for us. And if anyone with access to our forums is watching us, it won't take long until it's misconstrued much like Transcendence's little fiasco with MQ.

I am happy to see Haynar fixing it but with that said we don't need people abusing it at large right before it gets fixed.

12:33:54 amelinda good job.

At this time we were aware of the possibility of a spy but the membership at large had not been in any danger of any data compromise (or so we thought). The post in question was archived but removed from view to ensure no one attempted anything. The act of taking the post directly to the GMs was not surprising but obviously a waste of time by a member of Transatlantic Rampage in attempts to get someone in trouble. It had already been reported and a response was given by the developers.

Not long thereafter, we had discovered a sum of suspicious illegal activity being recorded by the forum server. An individual with an IP that was a proxy or a VPN in the UK was logging in as one of the guild leaders/forum admins. The guild leader lives nowhere near the UK and was therefore an issue that was quickly looked into further. This IP was linked to an individual attempting to download backup copies of the entire forums database via the Admin Control Panel as well as other private intellectual property (coding/program) created by one of our other players. The posts viewed were very selective by the hacker and indicate a specific interest in Everquest related activity.

Some of the activity recorded by the administrators includes the encrypted passwords of each and every member being downloaded and therefore compromised. Multiple non-existing portions of the site were accessed in attempts to fish further into the site. Whether or not the hacked download of the database and intellectual property succeeded lies in the hands of the individual that took such great measures to commit an illegal act.

EDIT: I edited a pronoun in the phrase "had done it" to lessen confusion.

Doktoor · #2 08-08-2011, 12:47 PM

Yay, I'll have something to read today!

Shiftin · #3 08-08-2011, 12:47 PM

It is a logical fallacy that because your database was hacked and because a TR member forwarded on an exploit you talked about (even in a "don't do this" way) on your member forums that a TR member hacked your database. We have had former/disgruntled TMO / DA in our app pool consistently for a solid 8 months, including apps received as recently as this morning. People offer us, unsolicited, a ridiculous amount of information about what goes on in your guild.

I am sorry you got hacked. I don't know jack and/or crap about database security, but it seems pretty out of line to point the finger without any actual evidence when this server is a cesspool of people who know entirely too much about the internet. We're not the only people your guild's leadership has pissed off.

Bardalicious · #4 08-08-2011, 12:51 PM

The fact that anyone, TR or not, would get so obsessive over an emulated video game as to illegally hack into a guilds' forums is pretty fucking sad.

Vohl · #5 08-08-2011, 12:57 PM

Even if this information was provided by someone outside your guild as you say, wouldn't the ethical choice be to inform this other guild about who provided this information, and let them know that you were informing GMs?

Alarti0001 · #6 08-08-2011, 01:26 PM

Quote:

Originally Posted by Shiftin [You must be logged in to view images. Log in or Register.]

I don't know jack and/or crap about database security

Then shut up.

Guild in game spies is one things, having a member give u forum access or read you our forums is one thing. Having access to the admin control panel is completely another.

Zeelot · #7 08-08-2011, 01:40 PM

Personal information including RL pics, discussions of where people live, and passwords to mail accounts and p99 accounts.

Barkingturtle · #8 08-08-2011, 01:44 PM

Quote:

Originally Posted by Zeelot [You must be logged in to view images. Log in or Register.]

Personal information including RL pics, discussions of where people live, and passwords to mail accounts and p99 accounts.

Yeah, of your guildies. No one else gives a shit nor needs to. Of course, if I were a member of TMO I'd be reconsidering how much information I'd want to share, since it evidently won't be very secure.

Honestly, is this thread anything more than innuendo intended to make TR look bad before it came out that you had exploits posted on your forums? Because as an unbiased observer I just don't see any other reason to bring this to the server's attention in this manner.

Messianic · #9 08-08-2011, 01:46 PM

Quote:

Originally Posted by Barkingturtle [You must be logged in to view images. Log in or Register.]

Yeah, of your guildies. No one else gives a shit nor needs to. Of course, if I were a member of TMO I'd be reconsidering how much information I'd want to share, since it evidently won't be very secure.

Honestly, is this thread anything more than innuendo intended to make TR look bad before it came out that you had exploits posted on your forums? Because as an unbiased observer I just don't see any other reason to bring this to the server's attention in this manner.

It's definitely entertaining if nothing else.

There's not a reason not to make it public knowledge; but yeah, one of the possible realities here is pre-emptive damage control.

Doktoor · #10 08-08-2011, 01:52 PM

Quote:

Originally Posted by Zeelot [You must be logged in to view images. Log in or Register.]

Personal information including RL pics, discussions of where people live, and passwords to mail accounts and p99 accounts.

I would say this point is legit.

Also, as our Swedish friend pointed out, everything happening behind the scenes = bad.

And this is why people read the forums, because they want to know what's going on. Yeah, its guild drama, but everyone continues to open the thread...