Originally Posted by hdev_swc
If I wanted to pursue charges against the core management of the SWC team, the first link in that kill chain would be confiscating everything that beeped from the home of its one public member and sifting through it bit by bit.
Its hard to imagine that there isnt a wealth of forensic evidence in there to lead them to the other members doorsteps.
"Birds born in a cage think flying is an illness." - Alejandro Jodorowsky
"America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs
Off topic, if you saw fit to elaborate on the security issues that popped up in Romania, either via PM or here, I would be grateful.
"Birds born in a cage think flying is an illness." - Alejandro Jodorowsky
"America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs
Was SealswithClubs based out of Micon's house in Las Vegas or was it incorporated in some foreign country?
Will Micon be totally gray when he gets out of prison?
i dont think swc was incorporated at all.
"Birds born in a cage think flying is an illness." - Alejandro Jodorowsky
"America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs
The physical server, which was set up as a hypervisor for multiple servers, had a hard fault that caused the machine to be taken down without us being notified. The root cause was said to be a failed drive, though the hardware should have been fine to have a drive hot swapped in and that did not happen. Our host replaced the drive while the machine was down, which took much longer than expected. The event logs support the theory that the drives could have been imaged during this time. The timing of the outage was also very suspect.
Unlike the password fiasco from a couple years ago, this wasn't a break in attempt to steal funds; it appears to have been an attempt to get information about the operator of the server. There is still the possibility that it was a freak timing and hardware coincidence but given everything that was happening we couldn't seriously write off the events as coincidence. The reality is that it was becoming clear that no matter where your server is hosted, it is going to be under constant attack. If not from people trying to break in to steal, then by people trying to extort money from you, and with the NGCB actions, from governments.
We always put the security of player balances first and with everything going on around us, it was getting to the point that I didn't know if we could honestly live up to that.
The physical server, which was set up as a hypervisor for multiple servers, had a hard fault that caused the machine to be taken down without us being notified. The root cause was said to be a failed drive, though the hardware should have been fine to have a drive hot swapped in and that did not happen. Our host replaced the drive while the machine was down, which took much longer than expected. The event logs support the theory that the drives could have been imaged during this time. The timing of the outage was also very suspect.
Unlike the password fiasco from a couple years ago, this wasn't a break in attempt to steal funds; it appears to have been an attempt to get information about the operator of the server. There is still the possibility that it was a freak timing and hardware coincidence but given everything that was happening we couldn't seriously write off the events as coincidence. The reality is that it was becoming clear that no matter where your server is hosted, it is going to be under constant attack. If not from people trying to break in to steal, then by people trying to extort money from you, and with the NGCB actions, from governments.
We always put the security of player balances first and with everything going on around us, it was getting to the point that I didn't know if we could honestly live up to that.
far fucking out man. dat timing. its certainly suspicious.
thoughts:
- if the narrative being presented is 'oh the drive failed so we gotta hot swap', whether or not they mirrored the original would not have impacted that timeline... is there forensic evidence in like, dmesg indicating that a third drive was introduced to the system at some point that went away after a measure of time attributable to a full-drive dd?
- an obvious point perhaps but this is why we use raid + striping; grab a drive, you get nada.
- did the .ro provider have root on the hypervisor OS? if so, the keys to your kingdom are in those memory images and those get wiped when the machine loses power.. suggesting this wasnt an attempt to grab data or that the belligerent parties were fantastically incompetent. i mean, if youre going to compromise a clients host for profit, ok sure you might have to boot into single user mode, but why bother mirroring a drive when you can install a thin backdoor, wait a few hours for RAM to gather significant passwords, then log in via backdoor and bobs your uncle.
- wow
- gecmis olsun my friend. what a huge pain in the ass this must have been. hopefully your troubles are behind you.
"Birds born in a cage think flying is an illness." - Alejandro Jodorowsky
"America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs
Exactly, which is why we described this as a breech of operational security as opposed to the standard theft related attempted break-ins that we constantly fought off. I don't believe Micon actually had any real information about any other team members but it's hard to be sure. The only sensible thing to do was to close operations and begin the process of getting everyone their balances as quickly as possible.
If I wanted to pursue charges against the core management of the SWC team, the first link in that kill chain would be confiscating everything that beeped from the home of its one public member and sifting through it bit by bit.
Its hard to imagine that there isnt a wealth of forensic evidence in there to lead them to the other members doorsteps.
dmesg would have been great compared to Windows Event Logs. The most that came from the shutdown was that power suddenly was cut. Since the server had an internal controller for drives there was less data to go off than a you would expect. Having been Mavens based nearly everything was built around Windows, it was only recently that we were starting to branch away from it. There was no indication that anyone logged in (not that they had the passwords anyway) or any logs had been wiped, they obviously plugged in their KVM to click the "Update and Reboot" option on the login screen but after that there was nothing out of the ordinary.
far fucking out man. dat timing. its certainly suspicious.
thoughts:
- if the narrative being presented is 'oh the drive failed so we gotta hot swap', whether or not they mirrored the original would not have impacted that timeline... is there forensic evidence in like, dmesg indicating that a third drive was introduced to the system at some point that went away after a measure of time attributable to a full-drive dd?
- an obvious point perhaps but this is why we use raid + striping; grab a drive, you get nada.
- did the .ro provider have root on the hypervisor OS? if so, the keys to your kingdom are in those memory images and those get wiped when the machine loses power.. suggesting this wasnt an attempt to grab data or that the belligerent parties were fantastically incompetent. i mean, if youre going to compromise a clients host for profit, ok sure you might have to boot into single user mode, but why bother mirroring a drive when you can install a thin backdoor, wait a few hours for RAM to gather significant passwords, then log in via backdoor and bobs your uncle.
- wow
- gecmis olsun my friend. what a huge pain in the ass this must have been. hopefully your troubles are behind you.
I'm now a firm believer in using cloud services that allow you to upload your own drive images so that you can build them securely before hand. Also, I hate Windows a great deal.
thats wildly unfortunate that mavenware tied you into a windows based deployment, but now i understand the 'oh shit what the hell happened' factor.
"Birds born in a cage think flying is an illness." - Alejandro Jodorowsky
"America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs
What's wildly unfortunate is they were running the servers in Romania where it likely cost $200-500 at most to have a shady IT guy copy the disk.
Both are wildly unfortunate and are in fact related, though they did work with us on making their DDoS protection work well for both the website and the game server over time. I don't believe having someone else host hardware for you is viably secure anymore, regardless of where, who or what.What's wildly unfortunate is they were running the servers in Romania where it likely cost $200-500 at most to have a shady IT guy copy the disk.
There have been constant crashes and restarts on the new site. Do you think player funds are secure on the new site? All of the online sites seem to be under attack. A player on merge figured out how to crash everyone while still staying connected in their big tournament .The physical server, which was set up as a hypervisor for multiple servers, had a hard fault that caused the machine to be taken down without us being notified. The root cause was said to be a failed drive, though the hardware should have been fine to have a drive hot swapped in and that did not happen. Our host replaced the drive while the machine was down, which took much longer than expected. The event logs support the theory that the drives could have been imaged during this time. The timing of the outage was also very suspect.
Unlike the password fiasco from a couple years ago, this wasn't a break in attempt to steal funds; it appears to have been an attempt to get information about the operator of the server. There is still the possibility that it was a freak timing and hardware coincidence but given everything that was happening we couldn't seriously write off the events as coincidence. The reality is that it was becoming clear that no matter where your server is hosted, it is going to be under constant attack. If not from people trying to break in to steal, then by people trying to extort money from you, and with the NGCB actions, from governments.
We always put the security of player balances first and with everything going on around us, it was getting to the point that I didn't know if we could honestly live up to that.
hdev Sonatine is a hacker!
Who the fuck really knows what else he is, careful telling this scumbag anything, that can be used against you. In future cases, or whatever else. I go at HIM for a reason!
AND SHUT IT THE FUCK DOWN SONATINE.
You weren't a seal, did not play, you didn't own bitcoin and just talk. You regurgitate all kinds of shit you prob read on ArsTechnica and profess as your own. The exact kinda guy who comes late to the party professing to know everything to seed information. You are so fake and dirty it makes me sick!
it depends on the threats youre attempting to mitigate.Both are wildly unfortunate and are in fact related, though they did work with us on making their DDoS protection work well for both the website and the game server over time. I don't believe having someone else host hardware for you is viably secure anymore, regardless of where, who or what.
the best you can do these days is to raise the bar. running windows, having a non-striped array, non-encrypted file system, non-passworded bios, relying on third parties instead of simply having them snake your own KVM up using established OOB access channels.. these are fairly standard opening strains to an enterprise level colo deployment.
point being, viable security is best measured in incremental countermeasures, not trying to decide who are the least biggest scumbags to host with (although deploying anything in an eastern euro shithole is begging for problems, lets face it).
"Birds born in a cage think flying is an illness." - Alejandro Jodorowsky
"America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs
it depends on the threats youre attempting to mitigate.
the best you can do these days is to raise the bar. running windows, having a non-striped array, non-encrypted file system, non-passworded bios, relying on third parties instead of simply having them snake your own KVM up using established OOB access channels.. these are fairly standard opening strains to an enterprise level colo deployment.
point being, viable security is best measured in incremental countermeasures, not trying to decide who are the least biggest scumbags to host with (although deploying anything in an eastern euro shithole is begging for problems, lets face it).
SHUT IT THE FUCK DOWN MOTHERFUCKER
hdev, not sure if youve been lurking here long, but this is garrett, like in real life:
yeah he drinks and he beats his family and then goes to jail and then threatens to self harm so they put him in the suicide smock.
point being, sure, take everything you read on the internet with a grain of salt when judging peoples character, but also consider the source.
id hate to see you turned sour on an otherwise interesting conversation because a bipolar fetal alcoholic made you nervous.
"Birds born in a cage think flying is an illness." - Alejandro Jodorowsky
"America is not so much a nightmare as a non-dream. The American non-dream is precisely a move to wipe the dream out of existence. The dream is a spontaneous happening and therefore dangerous to a control system set up by the non-dreamers." -- William S. Burroughs
garrett.
where is your proof.
and shut up.
hdev knows who i am and it rhymes with dizzy. I say it for a reason, and also nothing critical to the new site!!!
100% Sonatine is a hack and hes seeding info right now.
And BTW Sonatine I look damn good you fuckin 350lb miserable neck bearded hacker!
I KNOW WHO YOU ARE SONATINE
LOL great comment at the end of this article:
what's the diff between bitcoin and casino chips?
There are currently 3 users browsing this thread. (0 members and 3 guests)
Reply With Quote
