A SA-MP story (aka threats in the past)

1. Cheaters of a certain clan, NB, cracked the password of a SA-MP betatester on another server. He appeared to use the same password everywhere, so they got access to his SA-MP forum account and therefore the files stored on the SA-MP forums. Including the source code of SA-MP 0.2.5. After this case (anyone with powers should secure his account to the fullest), Kyeman didn't give anyone else access to the source anymore...and released 0.2x, with an entirely rewritten core.

2. Netzeek. A raging dude, but this time a raging kid with knowledge about the internet. Back then, SA-MP had an official list instead of hosted. Beta-testers chose which server got on it, instead of payments and stuff. And of course, friends got in it easier. Netzeek was pissed by this, and desperately wanted his server in it. He threatened Kyeman. Kyeman refused to give him any of these privileges. Reaction of Netzeek: DDoS SA-MP. The internet list itself. With his self-made botnet. SA-MP then entirely blocked off Argentina, home country of Netzeek.

Not the end of the story here. Netzeek made a better virus, along with his friend N3ptun0. Infecting mainly Cuba's government PC's. 75,000 computers were infected! He used them all to attack SA-MP, the internet list, the forums, ALL servers in the hosted tab, etc etc. Including MM - I joined at that time :| Pretty massive. SA-MP blocked South America entirely. Kyeman made his own 'virus': it sent a pop-up to all attacking computers, telling about the attack, how to remove the virus and how to contact him. Even after sending e-mails to the government, the computers didn't get fixed at all. And I believe Kyeman DDoS'ed Netzeek's local botnet as well - to get it offline.

In the end, both n3ptun0 and Netzeek got arrested and sentenced to some years of jail. These years are soon to end.

Imagine how they will feel after losing some years of their life by SA-MP. Imagine what could happen (again).

Both hackers (yes, hackers, not cheaters) are closely related to...FenixZone. A server you should never in your life join. They systematically attack all competitive servers, hack into those servers, abuse everything they can, and developped the tools people are currently using. Though nothing has been proven...

^That is what I consider a threat.

History will repeat itself, no matter what, where or when.


---------------------------------------------------
Sources


---------------------------------------------------
http://forum.littlewhiteys.co.uk/index.php?topic=9252.0
Threats and history of SA-MP
---------------------------------------------------
Well I created this topic to talk about the sa-mp, and talk about the future that awaits him.

San Andreas Multiplayer

(SA-MP or also known as SA: MP) is a module for the multiplayer video game Grand Theft Auto: San Andreas. It is based on the programming language C + + for server scripts.

History

The project began with the codification of a SCM module for Grand Theft Auto: Vice City, which was canceled after months of your project (you can still find the BETA module on the network). After leaving San Andreas, the scripters went to work, based on the SCM code of Vice City. The first official test was a disaster and decided to change the code to a PAWN script. Finally, in late 2005, the mod was released, version 0.1b.
This version had some bugs and limitations, in addition to many cheaters who bother servers. Some bugs were in the climate, and how to shoot. They had snipers and grenades blocking game. Thus, about 2 or 3 months after version 0.2 was released, very well received by players. [Citation needed]
In mid 2007, there were complaints that the war Rhino tanks produced errors in the game. In addition the systems of the cheaters had been improved, so the code was amended and released the version 0.2.2. There are currently over 12,000 servers around the world, some private individuals and other internet forums.
Today the SA-MP Team has abandoned the project and who is responsible for maintaining the master server is "littlewhitey" GTA-HOST. The future of this project is uncertain and questioning its output from version 0.3. This version has already gone, now is the version (V0.2X u1). Although DDoS program that has created this samp destroyed there are still servers that are reluctant to lose its fun and learning networks to try to mitigate DDoS attacks.

Attacks on servers

In total there have been six major attacks to the servers of SA-MP, in chronological order:
The first was developed by a hacker known as CurliBoy, which was put on and take off at a fast speed players.
OopsCrasher made by OopsIDied allowed to close any server in seconds.
Motorhead's Stupid Thing, developed by Motorhead, filling the slots of the server not allowing more players to connect.
The next attack on the server SA-MP, was made by a hacker known as nuckfuts, he managed to forge servers and saturate the master server SA-MP.
The last was caused by the cracker Argentino Netzeek and are detailed below.

Netzeek

The attack is stronger than SA-MP is caused by a cracker known as Netzeek Argentino. This is a DDoS attack caused by a large botnet, whose density is greater in Latin America. The attack affects the master, officers and servants. Currently as temporary solution, they are banned ip ranges from Argentina and some countries nearby ISP.
Netzeek himself a god and the network began its first attacks on servers sa: mp server to eliminate any that dare to compete with yours. Time then began to attack the master server and servers official SA-MP DDoS attack using a large-scale measurements of the second team of over 20 Mbps samp the condition for stopping the attack was to include server Netzeek (in Prysmax time) on the official list of servers.
SA-MP after time change its policies on official servers, seeking to belong to the world's top 50 servers. Because these policies Prysmax removed from the list. Retaliation was a video showing how netzeek officers fired multiple servers and the return of the attacks on the master servers. In response to that video, the dev team made public the samp Aiz data, current leader of the community Prysmax, viculandolo as an accomplice. As a result, its servers prysmax hill and fired samp netzeek the rest of the staff server. The attacks became more intense and the development team at SA-MP was forced to block all traffic to Latin America. Netzeek opened its own separate server, called Fenix Zone and continues through today, with attacks on multiple servers and master servers and web pages sa-mp world.
Netzeek also opened a blog, where samples of your published periodically hechorias and tools that allow anyone to attack servers SA: MP. With each publication Kyeman insult and disparage a game by making unsafe. Day May 30, 2009 netzeek delete all entries in your blog and aunció was going to stop writing in it. Yet by his own statements, it is uncertain whether or not to follow their attacks.

Present

Today we can join the official SA-MP from the majority of countries. The master server and load the list of servers, with which we can connect. Has regained contact with "littlewhitey" and many fans have learned and come back to play. Is expected to recover, which is very likely and the release of version 0.3 will be available soon. Even still blocked the address ranges of Argentina, and some internet providers from countries nearby.

NOTE

I imagine that some did not know that Latin America is banned, we can not see the official website of the sa-mp and not the server list, we can only play by adding servers to favorites.

And sorry if a repetition of the same topic.
Also if something is wrong translated, I do not speak much English.

Data only in Spanish (I could not find it in English).


---------------------------------------------------
http://forum.sa-mp.com/showthread.php?t=110437
Arrestation of N3ptun0
---------------------------------------------------
The DDoSer, virus writer and extortionist known as 'n3ptun0' has been arrested by the Police and is currently in jail awaiting trial.
He is responsible for DDoSing popular SA-MP servers such as GamerX and the Partyserver, demanding money from them in return for him to stop sending attacks.
Additionally, he also attacked the SA-MP website, SA-MP forums, serverFFS website and the SA-MP IRC network from time to time.

elhacker.net and several other parties have been active in tracing him down and collecting evidence, finally leading to this arrest.

Quote from Spanish Interior Civil Guard:
Citaat:
The Civil Guard attributed to a minor computer attack more than 75,000 computers


The youngest, a computerized self-taught, he managed to evade security protocols considered insurmountable

After controlling more than 75,000 computers spread around the Internet world, launched a massive attack over twelve million hits, a prestigious site for computer security


The Civil Guard, as part of Operation CANDELARIA, "developed in Catalonia, have been attributed to a minor residing in Tenerife, as the alleged perpetrator of a crime of damage to computer systems, having" infected "thousands of computers located in different countries, with the aim of dominating and launching massive attacks on certain websites, including personal challenge to demonstrate the vulnerability of those other websites.

The investigations were initiated following a complaint by the Administrator of the website www.elhacker.net in which he stated that his page had been canceled for several days following a massive increase of visitors, well above normal, and certainly caused by this intention, which is known as DDoS (Distributed Denial of Service).

The contents of this page, and the vast majority of people who work in it, programmers and system administrators are intended to help develop their knowledge and experience on network security in several areas, both private business.

From the investigations made, it appeared that a person using the network in the nick "n3ptun0" had developed a "virus" taking advantage of security flaws in the UDP protocol (one of the channels of information in the network), for infect PCs

Thus, real mastery of Internet hosts and initiate, when he decided, mass visits to selected pages.

Furthermore Site Administrator which filed the complaint, the Civil Guard was able to observe the attacks being carried out by the same procedure to other pages, mainly devoted to forums and game servers, called San Andreas ..

Infection of computers (Zombies):

The child hung a video on youtube with attractive phrases to capture the attention of the Internet, so getting the user and automatically download content was infected.

This virus had spread to the peculiarity through programs like Messenger so widespread, Fotolog, etc..

Once infected with the virus, the minor went to dominate the PC at will with the intention to make visits at the same time, the pages I wanted to attack, crashing the servers of the same.

One example was the www.elhacker.net page, which suffered in minutes over twelve million hits simultaneously, when the regular average hovered about a hundred thousand.

Through this operation had succeeded in controlling more than 75,000 computers

The alleged perpetrator of these attacks, a child under 16 years who lacked any academic training in this specialty has been developing their knowledge through 13 years, entirely self-taught individual and ..

The child was transferred to the Juvenile Prosecutor of Santa Cruz de Tenerife.

For more information, please contact the Office Peripheral Communication (OPC) of the Civil Guard in Barcelona, telephone 93 476 60 81 and 93 476 60 91.
Official news:
http://www.guardiacivil.org/prensa/notas/win_noticia.jsp?idnoticia=2724

Translated to English:
http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.guardiacivil.org%2Fprensa%2Fnotas%2Fwin_noticia.jsp%3Fidnoticia%3D2724&sl=es&tl=en

More news:
http://www.elmundo.es/elmundo/2009/11/26/navegante/1259238023.html
http://www.europapress.es/islas-canarias/noticia-menor-detenido-tenerife-presunto-autor-ataque-informatico-20091126162644.html
http://www.publico.es/agencias/efe/273108/imputado/hacker/anos/infectado/ordenadores
http://www.abc.es/20091126/nacional-islas-baleares/menor-tenerife-imputado-ataque-200911261636.html
http://www.elpais.com/articulo/sociedad/hacker/anos/ataca/75000/ordenadores/elpepusoc/20091126elpepusoc_10/Tes
http://www.20minutos.es/noticia/575229/0/ataque/informatico/ordenadores/
http://www.elperiodico.com/default.asp?idpublicacio_PK=46&idioma=CAS&idnoticia_PK=665299&idseccio_PK=1012


---------------------------------------------------
http://madoshi.net/forum/showthread.php?44281-Attacked-again&p=630722&viewfull=1#post630722
Kaisersouse's interesting information
---------------------------------------------------
They were going down through the list of official servers and attacking. I'm always the first by default because he's still bitter over our little spat back in June of 06 (when the boards went down for a month or so due to him).

BAsically:

When SAMP first came out he wanted his server on the official server list. He was told no..so he attacked any server with players on it as well as the samp forums, file repository etc. Eventually he got what he wanted and was official for a year or so.

Then the current owner of SAMP got tired of his bullshit, because netzeek not only threatened DDoS to keep official...he wanted to dictate who got official status as well. Kye told him to go fuck himself and zeek DDoSed. Retaliation came in the form of DDoSing HIS server until his host canceled his account...its been a back and forth since then.

RyanC (guy who crashed 4chan) got involved first by attacking servers before zeek could get to them, zeek DDoSed Ryan, Ryan DDoSed zeek.

Ryan ended up getting arrested. Argentina won't touch Netzeek. Kye and a few other SAMP devs made a script that would propegate to the infected machines and display a popup telling them they're infected and how to remove it. A few did, most ignored it.

Fun fact: Almost every computer system belonging to the Colombian government is infected with his bot control program. To this day not one has been cleaned.

So its basically a bunch of script kiddies showing how big their DDoS dick is over a FREE game modification.

EDIT: the spat involves him trying to hold my server hostage, me telling him to go to hell and that he won't get a dime nor an apology out of me. He said he'd make sure the server never came back, I told him I wasn't going to give him what he wants so its up to him how he wants to handle that. 2 years later I have not paid him or apologized...nor do i intend to.


---------------------------------------------------
http://forum.sa-mp.com/showthread.php?t=85381
Kalcor's official information about 0.2.5 leak
---------------------------------------------------
Recently we had a breach of an account on these forums by the same people who were responsible for leaking the SA-MP 0.2.5 beta. I'm sure everyone is aware these hack attempts and leaks have only lead to delays in further releases of SA-MP.

It it appears that they obtained the password of one of the SA-MP beta testers because he used the same password across sites. We're still investigating which site he used that same password. Our logs indicate that the NB group member known as "Lop_Dog" was responsible for the unauthorised access using several web proxies. Chat logs then indicate NB obtained some private files from our site and attempted to brute force crack the password on them.

NB are based on the GTANet IRC network, which has been a constant source of problems for this mod. I'm recommending users of SA-MP not to associate with this group and do not sign up/register on any of their services. If you use the same password across GTANet IRC or any servers run by anyone associated with NB you should change your password.

SA-MP has always been dedicated to protecting to the security and privacy of its players. Please remember that servers, server providers and people that have been banned from SA-MP are banned for a reason. Associating with these people online is putting yourself at risk.

-----------------------------
By Luke, GTANet IRCop:

Thanks Kye, for a moment there I was concerned we hadn't had a policy in place for years of limitting those with access to the services database, and hundred thousand or so accounts used accross our IRC and site networks, including those of R* staff... Oh wait... yeah, we do.

Not only that, but we've proactively banned users like lop_dog time and time again and suspended the NB's channel months and months ago thanks to the fact they're a spectacular waste of space intent on harassing our otherwise calm network.

But thanks for lumping us in with them, I appreciate it. We're definitely in the same league, clearly our strong stance against this group of morons means we're also security risk to your users. So I trust you'll be issuing a similar warning against yourself?

NB and it's goofy brigade of self-indulgent moronic members are clearly worth avoiding all association with. Your dig at GTANet IRC is a cheap sideline thanks to our many differences of opinion. Not the place, if you give a toss about protecting your users then stick to the facts.

-----------------------------
Kalcor's reply:

Well, you know I never miss an opportunity to take a stab at GTANet IRC.

If you read what I wrote, I'm not really suggesting there is anything wrong with GTANet IRC apart from some of the users there.. oh and the fact that you took over my channel by force, banned me from my own channel and the fact that one of your IRC operators literally blackmailed me by posting my personal info on his website - apart from that it's fine.

As a precaution I'm asking if people use the same pass across GTANet IRC and this forum that they change it. It turned out that the only place the beta tester remembered using this password was on GTANet. So make of it what you will. We still don't really know how they obtained the pass.


---------------------------------------------------
http://pastebin.com/f5daf9f08
IRC Log of N3ptun0 on SA-MP IRC
---------------------------------------------------


---------------------------------------------------
http://www.telegraph.co.uk/technology/news/9354188/LulzSecs-Ryan-Cleary-admits-hacking-into-CIA-and-the-Pentagon.html
RyanC, SA-MP attacker, also involved in other threats
---------------------------------------------------
LulzSec's Ryan Cleary admits hacking into CIA and the Pentagon

LulzSec hacker Ryan Cleary today admitted hacking into the websites of the CIA and the Pentagon as well as the Serious Organised Crime Squad in the UK.

Cleary confessed to launching a string of cyber-attacks on major institutions in Britain and the US with fellow hacker Jake Davis, 19.
The duo targeted sites including the NHS, News International, Sony, Nintendo, Arizona State Police, and film studio 20th Century Fox, and other sites, in a series of so-called distributed denial of service (DDoS) attacks, where websites are flooded with traffic to make them crash.
Cleary and Davis plotted to carry out the attacks with other unknown members of internet groups Anonymous, Internet Feds, and LulzSec.
Other websites targeted by the pair were Westboro Baptist Church, Bethesda, Eve Online, HBGary, HBGary Federal, PBS Inc, Infragard, and the Arizona State Police.
Cleary also confessed today to four separate charges, including hacking into US Air Force Agency computers, based at the Pentagon.

Both men appeared in the dock at Southwark Crown Court to enter guilty pleas to a series of charges brought against them.
But both Cleary and Davis denied allegations they posted 'unlawfully obtained confidential computer data' to public websites including LulzSec.com, Pirate Bay, and PasteBin, in order to encourage offences contrary to the Serious Crime Act.
Alleged co-hackers Ryan Ackroyd, 25, and a 17-year-old A-level student, from south-London, deny their involvement in the DDoS attacks and will stand trial on April 8, 2013.
The name Lulzsec is a combination of 'lulz' or 'lols', meaning 'laugh out loud' and security.
Davis, of Lerwick, Shetland, and Cleary, of Wickford, Essex, pleaded guilty to two counts of conspiracy to do an unauthorised act or acts with intent to impair, or with recklessness as to impairing, the operation of a computer or computers.
They both pleaded not guilty to encouraging or assisting an offence, contrary to section 45 of the Serious Crime Act 2007, and encouraging or assisting offences, contrary to section 46 of the Serious Crime Act 2007.
All the offences are said to have taken place between February and September 2011.
Cleary also pleaded not guilty to four further charges under sections 1 and 3 of the Computer Misuse Act 1990 said to have been committed between January 2009 and June 2011.
Ackroyd, of Oak Road, Mexborough, Doncaster; and the 17-year-old, from south London, also denied two counts of conspiracy to do an unauthorised act or acts with intent to impair, or with recklessness as to impairing, the operation of a computer or computers.
The also deny encouraging or assisting an offence, contrary to section 45 of the Serious Crime Act 2007, and encouraging or assisting offences, contrary to section 46 of the Serious Crime Act 2007.
The hackers will be tried on the remaining charges of April next year. The court heard it will take 3,000 hours to view the material which has been served against Ackroyd alone.
All apart from Cleary were released on bail.
Last week it was reported the US prosecutors have claimed they will no longer be seeking to extradite Cleary but will leave him to be dealt with by the UK courts.