Top Mud Sites Forum Return to TopMudSites.com
Go Back   Top Mud Sites Forum > MUD Players and General Discussion > Tavern of the Blue Hand
Click here to Register

Reply
 
Thread Tools
Old 08-04-2012, 05:21 AM   #1
DonathinFrye
Senior Member
 
DonathinFrye's Avatar
 
Join Date: Dec 2005
Name: Donathin Frye
Location: Columbus, OH
Home MUD: Optional Realities
Home MUD: Atonement RPI
Home MUD: Project Redshift
Posts: 510
DonathinFrye is on a distinguished road
Send a message via AIM to DonathinFrye
Cyber-Attack on Atonement (warning)

On August 3rd, Atonement RPI suffered a cyber-attack by a member of the community who has been active on a number of games. They were an ex-programmer of ours who was not removed, so much as was lazy, only moderately skilled and went inactive. We never developed a negative relationship, to our knowledge, with said person - so his attack on the game came as quite a surprise. He literally erased every piece of information on our server in an attempt to destroy three years and hundreds of thousands of hours of storytelling and community. Luckily for us, our host had just recently done an off-site automatic backup, so we only lost two days of information.

Now for most MUDs, reverting two days or a week (or even a month) wouldn't be the end of the world ... but for an RPI, especially one as moment-to-moment driven as Atonement is - it could have been a nightmare. In fact, it would have erased the entire current gameworld and forced us to rebuild it from scratch, as Atonement frequently moves and spans across space and many locations; it is not a stagnant or sandbox world.

Luckily for us, our data loss was ultimately small and manageable. While we will not be pursuing legal recourse against the attacker because we do not see it as a fruitful use of our time, we do want people to be aware of who he is, what he did, and why he is a security risk. The point of this article is to make sure that anyone who has online interactions with or runs a game where this guy is a player (or programmer) is aware of the potential threat he poses. Below is his contact information and some information from Kithrater, our Lead Programmer.

---

Name: Richard Robert Lang
Known Aliases: Langric, Reiteration, Deiteration, Negation
Email: langricr@bell.net
Facebook: Richard Robert Lang | Facebook

---

At around 10am AEST 03/08/12, someone began modifying playerfiles on the ARPI database. The most obvious modification was changing the "state" of all playerfiles to "alive": many people reported that their characters past and previous were suddenly accessible from the main menu. After hearing reports of odd things going on, Taiamat asked Holmes to take a look at the server, via the web interface. Holmes logged on, and saw that the JDK user account, which belonged to an ex-coder of ARPI, was active. After attempting to kill the connection, Holmes was forced out of the web-interface. Tiamat informed me via email that something was going on, and that she suspected JDK might be behind it.

I looked at AIM, saw JDK was online, and proceeded to have a conversation with him, replicated below and complete with Android-induced typos:

Quote:
Me: Hey.

JDK: hey

Me: Are you f***ing with the arpi server?

JDK: ARPI?

JDK: Oh, atonement

JDK: What’s going on with it?

Me: why dos Tia think you’re locking folk out of webmin?

JDK: webmin, what port is that...

JDK: 10000, right

JDK: ATONEMENT RPI - Error – File not found

Me: hmm

JDK: game ports are down as well

JDK: can’t connect through SSH either

JDK: MySQL is down too it seems

Me: fun

Me: thorough job

JDK: any way to restore it?

Me: presumably on we garnish your wage we can pay for some data recovery

JDK: can’t you submit a support ticket?

Me: sure. You wouldn’t happen to have your ip address handy, would you?
JDK went offline at that point, and so did the game. During the conversation, I was attempting to log on to the control panel for our Virtual Private Server and shut down everything, hoping to create some space with which to figure out what was going on. JDK kindly figured out a much faster way of shutting down the server, and so part way through our conversation, began erasing every file possible on the server. Did he panic, and decide to delete everything before being locked out? It's hard to say.

Meanwhile, an account named "negation" was logged on to the ARPI chat, and was boasting about hacking the server. According to those in the room at the time, no one was paid him any attention, not even when he posted "time for rm -rf /" shortly before the server going down. The life of a hacker isn't as glamorous as they make out in the movies.

Given all of the above, it was highly unlikely it could be anyone but JDK, abusing his staff login to seize control and then wipe everything from the server. However, one further piece of evidence makes it all-but-obvious that it was JDK. On his public, unlocked Facebook, JDK posted a link to an image: http://puu.sh/O6DN. That is a screenshot of someone attempting two MySQL commands:

- The first query is an attempt to change everyone's description to "a tall, muscular man" [which is the "default" NPC on Armageddon] and assign every pfile to a randomly selected account. That query failed, because I guess MySQL is hard for some.

- The second query, however, did work - its effect was to set the room of all pfiles to a PC's bedroom, much to the surprise of said PC when people started appearing from nowhere!

JDK goes by a few handles on the internet: langricr appears to be a common pseudonym of his. Trawling through Google, it appears he has earned himself a reputation for being a troll with little redeeming feature in other roleplaying communities. reiteration and disiteration are his Arm handles. If you're an admin on a roleplay MUD, forum, game, or whatever, I strongly advise you to keep a close eye on JDK/langricr.

Last edited by DonathinFrye : 08-04-2012 at 05:35 AM.
DonathinFrye is offline   Reply With Quote
Old 08-04-2012, 06:14 PM   #2
camlorn
Member
 
Join Date: Aug 2011
Posts: 144
camlorn is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Wow. That's...wow. I could see someone doing this if there was a negative relationship, to use your term, but to just do it to do it is surprising. Glad to hear you got back up and running; let me take this time to remind all admins that backups are good.

I imagine that atonement rpi will suddenly be keeping full logs of all developer activity, or something.

Still, this is, for lack of a better word, sad.
camlorn is offline   Reply With Quote
Old 08-04-2012, 09:26 PM   #3
Darren Brimhall
Member
 
Join Date: Jun 2010
Posts: 241
Darren Brimhall is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Thanks for the heads-up.

We in Eterena are currently looking for Programmers to help 'put the pieces together' on our Server.

I'll pass this along to my Boss, who ironicly I communicated they very possibility of this occuring--but in a reversed manner involving those who are known as Internal Threats due to their using their work computer's Internet connection to surf and download from the Web.

Please keep the community informed to any further dealings or sightings of this person.

Thank you,

Darren Brimhall

Last edited by Darren Brimhall : 08-04-2012 at 09:32 PM.
Darren Brimhall is offline   Reply With Quote
Old 08-04-2012, 09:51 PM   #4
Sebguer
New Member
 
Join Date: Jul 2007
Posts: 18
Sebguer is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Quote:
Originally Posted by Darren Brimhall View Post
Thanks for the heads-up.

We in Eterena are currently looking for Programmers to help 'put the pieces together' on our Server.

I'll pass this along to my Boss, who ironicly I communicated they very possibility of this occuring--but in a reversed manner involving those who are known as Internal Threats due to their using their work computer's Internet connection to surf and download from the Web.

Please keep the community informed to any further dealings or sightings of this person.

Thank you,

Darren Brimhall
Holmes, here. Not actually an active Administrator on Atonement, anymore, but I've been closely involved with the recent events, so I hope Jaunt doesn't mind me posting a little update:

On August 4th, 2012, Richard Robert Lang once more vandalized AtonementRPI.com, though this time only managing to deface the front page of the website and causing even less permanent damage (this time, literally none beyond brief downtime for the forums). He did this via a backdoor he'd installed some point in the past few weeks. Kithrater is currently examining logs, here's a copy and paste from his latest update on our forums:

Quote:
Originally Posted by Kithrater
Hi everyone,

Going through the server logs, it appears JDK pulled off the latest attack via some pre-placed script-kiddie, web-accessible backdoors, which he uploaded to the server on the 23rd and 26th of last month. I'm combing through the rest of the server now, seeing what other surprises he may have left us.

Fortunately, because the logs were not wiped this time, I have several pages of JDK trying to log on to the server in the past 24 hours to see if any of his passwords were still working. Pages and pages of seeing if there is any account named after some combination of the words "atonement" "rpi" and "com", and then trying to guess the password of these non-existent accounts through his Chinese proxy.

After about 24 hours of various ingenious attacks, such as trying even harder to guess passwords and user accounts, I suppose JDK finally remembered his backdoor, because then there is a successful log-on and things start getting changed.

JDK, if you'd be kind enough to disclose any other backdoors you've left lying around, maybe I'll give you a valid account name so you can double your h4x0ring efficiency?
Also, after the latest attack, our culprit admitted to passing along his log-in information to several other individuals, who he blames for ultimately deleting our server in a prank that "quickly escalated". He's since written a letter of apology:

http://puu.sh/OD5o
Sebguer is offline   Reply With Quote
Old 08-04-2012, 10:16 PM   #5
Darren Brimhall
Member
 
Join Date: Jun 2010
Posts: 241
Darren Brimhall is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Now for the big question; why did he do it?

Darren Brimhall
Darren Brimhall is offline   Reply With Quote
Old 08-04-2012, 10:17 PM   #6
Sebguer
New Member
 
Join Date: Jul 2007
Posts: 18
Sebguer is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Quote:
Originally Posted by Darren Brimhall View Post
Now for the big question; why did he do it?

Darren Brimhall
To quote him:

JDKAtonement: I never had anything against atonement, don't get me wrong, it was just a boring night and some passwords got shared.

Though it's somewhat at odds with his having prepared the attack some weeks in advance.
Sebguer is offline   Reply With Quote
Old 08-04-2012, 11:55 PM   #7
DonathinFrye
Senior Member
 
DonathinFrye's Avatar
 
Join Date: Dec 2005
Name: Donathin Frye
Location: Columbus, OH
Home MUD: Optional Realities
Home MUD: Atonement RPI
Home MUD: Project Redshift
Posts: 510
DonathinFrye is on a distinguished road
Send a message via AIM to DonathinFrye
Re: Cyber-Attack on Atonement (warning)

He has shared the information in detailed format. I suspect that not all of the information is honest, but I believe that the majority of it rings of truth. It does also help me confirm suspicions of another player that I believed to be involved (his friend), but had no evidence towards.

Explantion of the events that took place: A few weeks ago, me and a couple of - Pastebin.com

The issue is fully resolved now, on our front.
DonathinFrye is offline   Reply With Quote
Old 08-05-2012, 09:58 AM   #8
tingonic
New Member
 
Join Date: Jun 2011
Posts: 2
tingonic is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Quote:
Originally Posted by DonathinFrye View Post
He has shared the information in detailed format. I suspect that not all of the information is honest, but I believe that the majority of it rings of truth. It does also help me confirm suspicions of another player that I believed to be involved (his friend), but had no evidence towards.

Explantion of the events that took place: A few weeks ago, me and a couple of - Pastebin.com

The issue is fully resolved now, on our front.


>I give another shrug, think to let **** be ****, and decide to deface the index page of the website. At this point, I'm starting to regret what I did, and why I wronged Atonement a second time when they were justified in their comments.

>I realize I'm ****ed either way and tell him to raze my identity to the ground. I realize I'm only digging myself a deeper hole and start asking what to do to compensate the community.

Guy's a total douche. No 'I'm sorry', no caring about the game he USED to contribute to, and plus he violated the game players' trust by CREATING BACKDOORS and then SHARING THEM WITH RANDOM PEOPLE.
People do make dumb mistakes and deserve to be forgiven... but I fail to see how this guy has adequately handled his Atonement. He seems more sorry he got 'outed' than for any real damage that has been done.
tingonic is offline   Reply With Quote
Old 08-05-2012, 11:59 AM   #9
Darren Brimhall
Member
 
Join Date: Jun 2010
Posts: 241
Darren Brimhall is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Quote:
Originally Posted by Sebguer View Post
To quote him:

JDKAtonement: I never had anything against atonement, don't get me wrong, it was just a boring night and some passwords got shared.

Though it's somewhat at odds with his having prepared the attack some weeks in advance.
He wasn't bored.

The posted evidence agrees with his having prepaired the attack with backdoors in advance.

If random people did this, I believe there would have been more meyham and distruction occuring to the site than what presently occured.

And besides, he knew better than to share those passwords. Either way, he's cooked.


Darren Brimhall
Darren Brimhall is offline   Reply With Quote
Old 08-05-2012, 12:33 PM   #10
langricr
New Member
 
Join Date: Aug 2012
Posts: 3
langricr is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Quote:
Originally Posted by tingonic View Post
>I give another shrug, think to let **** be ****, and decide to deface the index page of the website. At this point, I'm starting to regret what I did, and why I wronged Atonement a second time when they were justified in their comments.

>I realize I'm ****ed either way and tell him to raze my identity to the ground. I realize I'm only digging myself a deeper hole and start asking what to do to compensate the community.

Guy's a total douche. No 'I'm sorry', no caring about the game he USED to contribute to, and plus he violated the game players' trust by CREATING BACKDOORS and then SHARING THEM WITH RANDOM PEOPLE.
People do make dumb mistakes and deserve to be forgiven... but I fail to see how this guy has adequately handled his Atonement. He seems more sorry he got 'outed' than for any real damage that has been done.
I gave an apology, it just didn't make it to this topic it seems, its been brought up on both Armageddon and Atonement.

http://puu.sh/OD5o
langricr is offline   Reply With Quote
Old 08-06-2012, 02:50 AM   #11
one
New Member
 
Join Date: Apr 2011
Posts: 8
one is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Quote:
Originally Posted by langricr View Post
Wait, is it a bloody fingerprint? LOL
one is offline   Reply With Quote
Old 08-06-2012, 09:57 AM   #12
camlorn
Member
 
Join Date: Aug 2011
Posts: 144
camlorn is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

If you knowingly let someone who did this back on your mud, then you're going to lose a lot of players I suspect; you would lose me at any rate. This is something you can go to jail for, potentially, not just a "bannable offense". I doubt there's enough evidence to go that far and I don't advocate it, but this is way beyond bug abuse.

Also, if he's also apologizing to Armageddon, something else is going on that we don't know about. I believe in second chances, I really do, but there's no way to claim this was a "accident", or anything.
camlorn is offline   Reply With Quote
Old 08-06-2012, 10:18 AM   #13
langricr
New Member
 
Join Date: Aug 2012
Posts: 3
langricr is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Quote:
Originally Posted by camlorn View Post
If you knowingly let someone who did this back on your mud, then you're going to lose a lot of players I suspect; you would lose me at any rate. This is something you can go to jail for, potentially, not just a "bannable offense". I doubt there's enough evidence to go that far and I don't advocate it, but this is way beyond bug abuse.

Also, if he's also apologizing to Armageddon, something else is going on that we don't know about. I believe in second chances, I really do, but there's no way to claim this was a "accident", or anything.
I'm not sure Armageddon cares about apologies, I've been extirpated from the community there and a few of them are having a laugh over how atrocious my handwriting is and how mentally unbalanced I must be to sign an apology in blood, not unlike one's comment.

Real life murder/betrayal/corruption?

Oddly, I feel as if I'm receiving more wrath from Armageddon than Atonement.
langricr is offline   Reply With Quote
Old 08-06-2012, 02:33 PM   #14
camlorn
Member
 
Join Date: Aug 2011
Posts: 144
camlorn is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Well, I'm blind. I thought that was a figure of speech--one, obviously, that I'm not familiar with, but a figure of speech all the same.

That's really not what you should have done--that sends up all sorts of red flags. Like, seriously, um. I'm not even sure how to put this nicely, but yeah, you're definitely more than a bit odd. My comment wasn't aimed at Armageddon, it was aimed at Atonement; I know nothing about the Armageddon situation.

Intentionally or not, you came close to destroying years of work. I personally think this was intentional, but I'm not going to debate it, but I'd never let you anywhere near my game (knowingly--it's easy to circumvent bans now, unfortunately) ever if I had been the target (a moot point--I don't have a game to ban you from).

This is seriously sad--surely you have something better (and more constructive) to do with your time that doesn't involve hacking muds.
camlorn is offline   Reply With Quote
Old 08-06-2012, 03:50 PM   #15
SnowTroll
Member
 
Join Date: Jan 2011
Posts: 183
SnowTroll will become famous soon enough
Re: Cyber-Attack on Atonement (warning)

You need to know your staff in the real world. You have to know their real names, addresses, phone numbers, e-mail addresses, and have real life contact information for them, preferrably have interviewed them over the phone, and maybe even reviewed a resume or two and checked a couple of references. I know that's a lot to ask for a free, hobbyist game, but you can't just get a private message on the topmudsites forums from "Cyberrpdude47" saying "hi i want to code on ur mud," exchange a few e-mails with this guy's free e-mail address, grant him unrestricted access to your creation, then be surprised when he deletes or changes a bunch of stuff. I know there are other safe ways to go about this, various levels of administratorhood that can be progressively earned with time and trust, and that this guy was probably pretty well vetted, or so it seemed, but my point still stands. You have to know your staff in the real world, because when cloaked in the anonymous nature of the internet, people are tools.
SnowTroll is offline   Reply With Quote
Old 08-06-2012, 04:20 PM   #16
DonathinFrye
Senior Member
 
DonathinFrye's Avatar
 
Join Date: Dec 2005
Name: Donathin Frye
Location: Columbus, OH
Home MUD: Optional Realities
Home MUD: Atonement RPI
Home MUD: Project Redshift
Posts: 510
DonathinFrye is on a distinguished road
Send a message via AIM to DonathinFrye
Re: Cyber-Attack on Atonement (warning)

We have his contact information. We did interview him, though I was not around at the time that we brought him on and can't speak to the thoroughness of it. Simply put, he didn't give us any warning signs over this issue. I'm also not sure what would make anyone think that we would allow him to play our game again. He and everyone involved are permanently banned and we marked the internet with their contact information to help others avoid finding themselves in the same predicament. We are certainly not forgiving or forgetting him.

I posted this here as a friendly warning to the community on this person, since there was no warning for us. Trust me, I am more than capable of fending for my game, protecting it and dealing with incursions. I didn't post here to ask for your criticisms over a situation that you have negligible information regarding. IMO, it's fairly trollish to give it.
DonathinFrye is offline   Reply With Quote
Old 08-06-2012, 09:15 PM   #17
Ide
Senior Member
 
Join Date: Feb 2006
Location: Seattle
Posts: 361
Ide will become famous soon enoughIde will become famous soon enough
Re: Cyber-Attack on Atonement (warning)

I don't think it's trollish at all. I appreciate that you brought it up, but if you're going to discuss it in a public forum, you should expect it to be...discussed.

I agree with ST, no one but your most trusted staff should have server access. There's no reason that this guy should have had the access he did. That's just a fundamental security error Atonement made and they should recognize it as such.
Ide is offline   Reply With Quote
Old 08-06-2012, 10:14 PM   #18
camlorn
Member
 
Join Date: Aug 2011
Posts: 144
camlorn is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

I just read the entire topic to see if I was in error; I was. Apparently, something got crossed with something else, and I started taking the ongoing investigation for backdoors as something it wasn't: namely, investigations that it *wasn't* his fault.

Sorry for any hurt feelings. I can see, now that I've reread, why that came across the way it did.
camlorn is offline   Reply With Quote
Old 08-07-2012, 03:43 AM   #19
swampdog
Member
 
Join Date: Jul 2010
Posts: 31
swampdog is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Quote:
Originally Posted by DonathinFrye View Post
I posted this here as a friendly warning to the community on this person, since there was no warning for us. Trust me, I am more than capable of fending for my game, protecting it and dealing with incursions. I didn't post here to ask for your criticisms over a situation that you have negligible information regarding. IMO, it's fairly trollish to give it.
I think the people with smarts already have a pretty good warning system called 'why on earth does anyone outside of the owner and PERHAPS a couple of core wizards need shell access'. If critiquing that decision is trolling there's not much to say here, aside from 'well you shouldn't have done that'. I'm not gonna mark this guy down in a blacklist because elementary security precautions prevent situations like this in the first place!

Maybe that's a little harsh, because this situation:

Quote:
get a private message on the topmudsites forums from "Cyberrpdude47" saying "hi i want to code on ur mud," exchange a few e-mails with this guy's free e-mail address, grant him unrestricted access to your creation, then be surprised when he deletes or changes a bunch of stuff.
happens all the time. I don't know why, aside from a complete lack of foresight. ST has some good advice on the level of trust required for shell.
swampdog is offline   Reply With Quote
Old 08-07-2012, 06:20 PM   #20
camlorn
Member
 
Join Date: Aug 2011
Posts: 144
camlorn is on a distinguished road
Re: Cyber-Attack on Atonement (warning)

Here's my thought on shell access: With current mudding technologies, it's almost necessary.

We do have lpmud which doesn't, and a few others, but anyone who's going to do anything beyond building will for the most part need shell access (I discount lpmud in this argument because I can just write malicious utilities myself, there, and get them run--in lpmud, even builders are coders). There's currently no way around this, not really, anyway--you can use version control, which imho is a good thing and more mud admins should use it, but shell access is still needed for the compilation (kind of--some versioning utilities will rebuild the mud).

But this doesn't matter. As soon as you give someone sourcecode-level access in any form, they can code anything they want to do; with c, this includes executing commands with the same privileges of the mud. Even builders nowadays have really powerful tools--a builder can't delete the sourcecode (Or can they? I'm sure there's a hack somewhere), but they can wreck players if they want in a lot of these codebases. For once, the limited mobprogs of diku get a positive mention for not really allowing this easily...I can't do "player.maxHp = 1", for example on a diku.

Essentially: I wouldn't give shell access to pr/rule enforcement unless they're also coders but most others will be able to do damage anyway (still, not giving it to people who don't need it is good--you might or might not limit the damage that way); I agree with snowtroll about trust, but see no reason to believe Atonement RPI didn't take necessary precautions.

The real problem with this, and I suspect where most of the I'm someguy123 coders come in, is for new projects. If I don't want to do everything myself, I need immortals, both builders and coders, and for many projects there's no game to make a potential coder play on first. For new projects, I personally think either code it yourself/with friends, or take nightly backups, keep logs of what people do, and hope for the best.

So, to sound hypocritical, I don't think it was Atonement's "fault", or anything--I misread the conversation above and assumed they were looking for justification to let him play again (for which I have previously apologized), but he's right--we shouldn't criticize; they did nothing wrong to bring the attack upon themselves, unless there's internal politics that we aren't aware of (I don't play Atonement--I wouldn't know, and I don't think there is or anything). Atonement is an established game; there's no reason to believe they don't have a competent application process and screening and the like.

I understand that no one's mentioned Atonement as the target of his/her advice, but I can't tell myself if it's intended as criticism or not--everything that's been posted, however, will be helpful to someone who's new to mud development, so I really don't think that there's a point in arguing about it.
camlorn is offline   Reply With Quote
Reply


Thread Tools


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

All times are GMT -4. The time now is 11:03 AM.


Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Style based on a design by Essilor
Copyright Top Mud Sites.com 2014