Careful Where You Browse |
Careful Where You Browse |
Jul 4 2017, 11:09 AM
Post
#1
|
|
Shooting Target Group: Dumpshocked Posts: 1,973 Joined: 4-June 10 Member No.: 18,659 |
Looks like Catalyst and the shadowruntabletop forums both got defaced and redirected again.
|
|
|
Jul 4 2017, 11:46 AM
Post
#2
|
|
Neophyte Runner Group: Members Posts: 2,188 Joined: 9-February 08 From: Boiling Springs Member No.: 15,665 |
Looks like Catalyst and the shadowruntabletop forums both got defaced and redirected again. Thank God, I only come here for anything related to Shadowrun! (IMG:style_emoticons/default/smile.gif) |
|
|
Jul 6 2017, 06:00 AM
Post
#3
|
|
Shooting Target Group: Dumpshocked Posts: 1,755 Joined: 5-September 06 From: UCAS Member No.: 9,313 |
Any idea what's up, sites been down for while now. Doesn't seem to be any official word.
|
|
|
Jul 6 2017, 08:25 AM
Post
#4
|
|
Shooting Target Group: Dumpshocked Posts: 1,973 Joined: 4-June 10 Member No.: 18,659 |
I'm a cynic, so I'm going to assume Catalyst paid their hosting provider like they did their Freelancers, so they'll get it fixed 'eventually'.
|
|
|
Jul 6 2017, 09:55 AM
Post
#5
|
|
Runner Group: Members Posts: 3,009 Joined: 25-September 06 From: Paris, France Member No.: 9,466 |
They could have prevented this hacking by turning wireless off, but then the comments sections wouldn't have worked.
|
|
|
Jul 6 2017, 11:06 AM
Post
#6
|
|
Shooting Target Group: Dumpshocked Posts: 1,973 Joined: 4-June 10 Member No.: 18,659 |
Ever tried to actually use their forum?
'Working' is now how I would describe its operation in the best of times. |
|
|
Jul 6 2017, 11:49 AM
Post
#7
|
|
Target Group: Members Posts: 78 Joined: 31-May 09 From: Fairfax, VA Member No.: 17,228 |
Not sure about the previous times recently (CGL has been hacked more than once within the last month or so), but since the 28th of June, they've been hacked by a group known as the Xai Syndicate. I do not know of the motivation behind their hacking. You can theorize all day as to why they did it.
From the looks of things, someone had been scanning up gifs on the battletech side of things called lhous#.gif (# being 3, 4, 5, 6, etc) since at least March 18th. It looks like around the 28th of June 'they' found the malware (lhouse6.gif). (It looks like there was malware on there since March 18th, too, but it was found and someone has been occasionally looking around trying to find more) I am assuming someone was already doing triage at the time and just accidentally publically submitted the malware. It also looks like there were at least 5 malware samples that were looked into on March 18th.I didn't bother downloading the malware and analyzing it or looking to closely into it, but can if bothered enough to do it. Over the past several days, I assume CGL, Topps, and probably Rackspace have likely been doing triage on their webserver (it's been up for at least a couple of days, you could ping it, etc, but the webpages themselves were offline). Instead of getting a working website going, they went with the option of keeping everything offline for X amount of time. I assume to try and continue to look into how they were hacked, make sure all trojans, rootkits, etc have been removed (which could very well mean someone had to change out hardware). ... Okay, as I look more into this, I think I need to get in touch with their forensics people / whoever they hired for forensics just so I can get a few things straight and potentially provide a bit of insight. If this post looks chaotic, it's because I was changing what I had typed on the fly. Most of this stuff I've known over the past several days, but there is more and more information I'm seeing (this is all publically available if you look, btw) since I decided to care more (Shadowrun has been my favorite game since the 90s and is literally the reason why I do the job I do right now). |
|
|
Jul 6 2017, 03:04 PM
Post
#8
|
|
Great Dragon Group: Dumpshocked Posts: 5,082 Joined: 3-October 09 From: Kohle, Stahl und Bier Member No.: 17,709 |
Over the past several days, I assume CGL, Topps, and probably Rackspace have likely been doing triage on their webserver (it's been up for at least a couple of days, you could ping it, etc, but the webpages themselves were offline). Instead of getting a working website going, they went with the option of keeping everything offline for X amount of time. I assume to try and continue to look into how they were hacked, make sure all trojans, rootkits, etc have been removed (which could very well mean someone had to change out hardware). ... Okay, as I look more into this, I think I need to get in touch with their forensics people / whoever they hired for forensics just so I can get a few things straight and potentially provide a bit of insight. If this post looks chaotic, it's because I was changing what I had typed on the fly. Most of this stuff I've known over the past several days, but there is more and more information I'm seeing (this is all publically available if you look, btw) since I decided to care more (Shadowrun has been my favorite game since the 90s and is literally the reason why I do the job I do right now). Ahahaha, "forensics people"? (IMG:style_emoticons/default/rotfl.gif) I'm sorry, but you seem to have a very wrong impression of scale here: There is no triage and no forensics team looking into possibly replacing hardware after a sophisticated attack on a high-value target. CGL is a tiny company with an off the self hosting package who had their website defaced. Topps isn't involved anywhere in this, the hoster doesn't care as long as the server isn't used for anything criminal or disruptive to others, and even CGL themselves are not exactly in a hurry... |
|
|
Jul 6 2017, 03:29 PM
Post
#9
|
|
Target Group: Members Posts: 78 Joined: 31-May 09 From: Fairfax, VA Member No.: 17,228 |
I know 100% that someone has at least been going through suspect files to see if they are bad since the server was brought down.
Also, it wasn't a simple defacement. Also, they've had malware tied to their IP address for quite some time. I could go in depth, but I really like for people to go and do research. Tons of free resources out there. IPs: 67.192.254.201 (Rackspace) has been associated with CGL since at least 2013. This IP address has also been listed as owned for quite some time. 138.68.247.168 (Digital Ocean) is their new IP address as of today. But I could be wrong. I haven't had my coffee yet today. |
|
|
Jul 6 2017, 06:13 PM
Post
#10
|
|
Shooting Target Group: Dumpshocked Posts: 1,755 Joined: 5-September 06 From: UCAS Member No.: 9,313 |
|
|
|
Jul 7 2017, 03:51 AM
Post
#11
|
|
Shooting Target Group: Dumpshocked Posts: 1,973 Joined: 4-June 10 Member No.: 18,659 |
I know 100% that someone has at least been going through suspect files to see if they are bad since the server was brought down. Also, it wasn't a simple defacement. Also, they've had malware tied to their IP address for quite some time. I could go in depth, but I really like for people to go and do research. Tons of free resources out there. IPs: 67.192.254.201 (Rackspace) has been associated with CGL since at least 2013. This IP address has also been listed as owned for quite some time. 138.68.247.168 (Digital Ocean) is their new IP address as of today. But I could be wrong. I haven't had my coffee yet today. You realize that for the most part, Rackspace does not do server or website administration, right? They are simply hosting providers. |
|
|
Jul 7 2017, 06:18 PM
Post
#12
|
|
Great Dragon Group: Dumpshocked Posts: 5,082 Joined: 3-October 09 From: Kohle, Stahl und Bier Member No.: 17,709 |
I could go in depth, but I really like for people to go and do research. Tons of free resources out there. Yeah sure, "there is proof just google it" is always an indication of a solid argument (IMG:style_emoticons/default/biggrin.gif) |
|
|
Lo-Fi Version | Time is now: 19th April 2024 - 01:58 PM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.