Top Mud Sites Forum - View Single Post - Cyber-Attack on Atonement (warning)

DonathinFrye · 08-04-2012, 05:21 AM

On August 3rd, Atonement RPI suffered a cyber-attack by a member of the community who has been active on a number of games. They were an ex-programmer of ours who was not removed, so much as was lazy, only moderately skilled and went inactive. We never developed a negative relationship, to our knowledge, with said person - so his attack on the game came as quite a surprise. He literally erased every piece of information on our server in an attempt to destroy three years and hundreds of thousands of hours of storytelling and community. Luckily for us, our host had just recently done an off-site automatic backup, so we only lost two days of information.

Now for most MUDs, reverting two days or a week (or even a month) wouldn't be the end of the world ... but for an RPI, especially one as moment-to-moment driven as Atonement is - it could have been a nightmare. In fact, it would have erased the entire current gameworld and forced us to rebuild it from scratch, as Atonement frequently moves and spans across space and many locations; it is not a stagnant or sandbox world.

Luckily for us, our data loss was ultimately small and manageable. While we will not be pursuing legal recourse against the attacker because we do not see it as a fruitful use of our time, we do want people to be aware of who he is, what he did, and why he is a security risk. The point of this article is to make sure that anyone who has online interactions with or runs a game where this guy is a player (or programmer) is aware of the potential threat he poses. Below is his contact information and some information from Kithrater, our Lead Programmer.

---

Name: Richard Robert Lang
Known Aliases: Langric, Reiteration, Deiteration, Negation
Email:
Facebook:

---

At around 10am AEST 03/08/12, someone began modifying playerfiles on the ARPI database. The most obvious modification was changing the "state" of all playerfiles to "alive": many people reported that their characters past and previous were suddenly accessible from the main menu. After hearing reports of odd things going on, Taiamat asked Holmes to take a look at the server, via the web interface. Holmes logged on, and saw that the JDK user account, which belonged to an ex-coder of ARPI, was active. After attempting to kill the connection, Holmes was forced out of the web-interface. Tiamat informed me via email that something was going on, and that she suspected JDK might be behind it.

I looked at AIM, saw JDK was online, and proceeded to have a conversation with him, replicated below and complete with Android-induced typos:

JDK went offline at that point, and so did the game. During the conversation, I was attempting to log on to the control panel for our Virtual Private Server and shut down everything, hoping to create some space with which to figure out what was going on. JDK kindly figured out a much faster way of shutting down the server, and so part way through our conversation, began erasing every file possible on the server. Did he panic, and decide to delete everything before being locked out? It's hard to say.

Meanwhile, an account named "negation" was logged on to the ARPI chat, and was boasting about hacking the server. According to those in the room at the time, no one was paid him any attention, not even when he posted "time for rm -rf /" shortly before the server going down. The life of a hacker isn't as glamorous as they make out in the movies.

Given all of the above, it was highly unlikely it could be anyone but JDK, abusing his staff login to seize control and then wipe everything from the server. However, one further piece of evidence makes it all-but-obvious that it was JDK. On his public, unlocked Facebook, JDK posted a link to an image: . That is a screenshot of someone attempting two MySQL commands:

- The first query is an attempt to change everyone's description to "a tall, muscular man" [which is the "default" NPC on Armageddon] and assign every pfile to a randomly selected account. That query failed, because I guess MySQL is hard for some.

- The second query, however, did work - its effect was to set the room of all pfiles to a PC's bedroom, much to the surprise of said PC when people started appearing from nowhere!

JDK goes by a few handles on the internet: langricr appears to be a common pseudonym of his. Trawling through Google, it appears he has earned himself a reputation for being a troll with little redeeming feature in other roleplaying communities. reiteration and disiteration are his Arm handles. If you're an admin on a roleplay MUD, forum, game, or whatever, I strongly advise you to keep a close eye on JDK/langricr.

08-04-2012, 05:21 AM	#1
DonathinFrye Senior Member Join Date: Dec 2005 Name: Donathin Frye Location: Columbus, OH Home MUD: Optional Realities Home MUD: Atonement RPI Home MUD: Project Redshift Posts: 510	Cyber-Attack on Atonement (warning) On August 3rd, Atonement RPI suffered a cyber-attack by a member of the community who has been active on a number of games. They were an ex-programmer of ours who was not removed, so much as was lazy, only moderately skilled and went inactive. We never developed a negative relationship, to our knowledge, with said person - so his attack on the game came as quite a surprise. He literally erased every piece of information on our server in an attempt to destroy three years and hundreds of thousands of hours of storytelling and community. Luckily for us, our host had just recently done an off-site automatic backup, so we only lost two days of information. Now for most MUDs, reverting two days or a week (or even a month) wouldn't be the end of the world ... but for an RPI, especially one as moment-to-moment driven as Atonement is - it could have been a nightmare. In fact, it would have erased the entire current gameworld and forced us to rebuild it from scratch, as Atonement frequently moves and spans across space and many locations; it is not a stagnant or sandbox world. Luckily for us, our data loss was ultimately small and manageable. While we will not be pursuing legal recourse against the attacker because we do not see it as a fruitful use of our time, we do want people to be aware of who he is, what he did, and why he is a security risk. The point of this article is to make sure that anyone who has online interactions with or runs a game where this guy is a player (or programmer) is aware of the potential threat he poses. Below is his contact information and some information from Kithrater, our Lead Programmer. --- Name: Richard Robert Lang Known Aliases: Langric, Reiteration, Deiteration, Negation Email: Facebook: --- At around 10am AEST 03/08/12, someone began modifying playerfiles on the ARPI database. The most obvious modification was changing the "state" of all playerfiles to "alive": many people reported that their characters past and previous were suddenly accessible from the main menu. After hearing reports of odd things going on, Taiamat asked Holmes to take a look at the server, via the web interface. Holmes logged on, and saw that the JDK user account, which belonged to an ex-coder of ARPI, was active. After attempting to kill the connection, Holmes was forced out of the web-interface. Tiamat informed me via email that something was going on, and that she suspected JDK might be behind it. I looked at AIM, saw JDK was online, and proceeded to have a conversation with him, replicated below and complete with Android-induced typos: JDK went offline at that point, and so did the game. During the conversation, I was attempting to log on to the control panel for our Virtual Private Server and shut down everything, hoping to create some space with which to figure out what was going on. JDK kindly figured out a much faster way of shutting down the server, and so part way through our conversation, began erasing every file possible on the server. Did he panic, and decide to delete everything before being locked out? It's hard to say. Meanwhile, an account named "negation" was logged on to the ARPI chat, and was boasting about hacking the server. According to those in the room at the time, no one was paid him any attention, not even when he posted "time for rm -rf /" shortly before the server going down. The life of a hacker isn't as glamorous as they make out in the movies. Given all of the above, it was highly unlikely it could be anyone but JDK, abusing his staff login to seize control and then wipe everything from the server. However, one further piece of evidence makes it all-but-obvious that it was JDK. On his public, unlocked Facebook, JDK posted a link to an image: . That is a screenshot of someone attempting two MySQL commands: - The first query is an attempt to change everyone's description to "a tall, muscular man" [which is the "default" NPC on Armageddon] and assign every pfile to a randomly selected account. That query failed, because I guess MySQL is hard for some. - The second query, however, did work - its effect was to set the room of all pfiles to a PC's bedroom, much to the surprise of said PC when people started appearing from nowhere! JDK goes by a few handles on the internet: langricr appears to be a common pseudonym of his. Trawling through Google, it appears he has earned himself a reputation for being a troll with little redeeming feature in other roleplaying communities. reiteration and disiteration are his Arm handles. If you're an admin on a roleplay MUD, forum, game, or whatever, I strongly advise you to keep a close eye on JDK/langricr. Last edited by DonathinFrye : 08-04-2012 at 05:35 AM.