Joint Statement from RIA and PC

[Hyperonic]

[quote name='Hyakkimaru' date='29 April 2010 - 02:11 AM' timestamp='1272521470' post='2279572']
Uhm...........All three are one singular theory I'm sorry but learn a little, will you?
[/quote]

Do you really believe someone hacked his server full of lots of other potentially awesome information just to go through with a really stupid conspiracy?

Because that is part of the story.

[Hyakkimaru]

[quote name='Xiphosis' date='29 April 2010 - 01:13 AM' timestamp='1272521611' post='2279577']
The odds of a tor node resolving to the hometown of the accused, who also was bragging about doing it, and that it even would be a tor node without it showing up in the hostmask are all next to nothing.

[b]Furthermore[/b] if he was using TOR it'd generate a different IP every time he logged into it. This is how Tor functions. It wouldn't have matched his IP on TOP if that was the case. I'm still failing to see a technical reason for you to deny his guilt, simply misguided and blind loyalty.
[/quote]
If you missed the point that we've already determined that it was infact a tor node.

let's not forget that the node resolved to about 100 miles away

oh and ever heard of this thing called "sticking" exit nodes?

please learn about Tor.

[Xiphosis]

[quote]If you missed the point that we've already determined that it was infact a tor node.[/quote]

Actually, no, we didn't. I repeat, if anyone would like to offer a technical riposte to the things I've said I'd welcome it. Simple impassioned no u's from his last few supporters do not suffice.

Edited April 29, 2010 by Xiphosis

[Hyakkimaru]

[quote name='Hyperonic' date='29 April 2010 - 01:14 AM' timestamp='1272521657' post='2279578']
Do you really believe someone hacked his server full of lots of other potentially awesome information just to go through with a really stupid conspiracy?

Because that is part of the story.
[/quote]
First, his database was compromised also, he actually shut down the ZNC for about a week and had everyone change their passwords after it was hacked.

also, ever heard of a bot-net?

[Hyperonic]

Again

Do you really believe someone hacked his server full of lots of other potentially awesome information just to go through with a really stupid conspiracy?

[Xiphosis]

[quote]also, ever heard of a bot-net? [/quote]

Another theory! Goodie. Chalk up a fourth, scorekeep.

[Hyakkimaru]

[quote name='Xiphosis' date='29 April 2010 - 01:21 AM' timestamp='1272522086' post='2279588']
Another theory! Goodie. Chalk up a fourth, scorekeep.
[/quote]
That wasn't a theory, that was simply proving his logic flawed.


Xiphosis, have you considered intelligence over blatant child flaming?

[Xiphosis]

[quote]Xiphosis, have you considered intelligence over blatant child flaming? [/quote]

My dear, I've been posting nothing but intelligent arguments. I would thank you to do the same.

[Hyperonic]

Hyakkimaru,

You never answered my question.

[Van Hoo III]

[quote name='Hyakkimaru' date='28 April 2010 - 11:22 PM' timestamp='1272522159' post='2279589']
That wasn't a theory, that was simply proving his logic flawed.


Xiphosis, have you considered intelligence over blatant child flaming?
[/quote]


Jumping Jesus on a pogostick, stop posting. You're making it [b]worse[/b] and not better with your terrible posting style and lack of actual argument.

You're making me cringe. Call it a night, champ.

[Tilton53]

I love logs so here we go

[quote]<bros> The hacker, who we agree is not Tilton, has used TOR multiple times during this hacking.
Mar 10 00:25:17 <Hyperonic[RIA]> For all I know, every one of you $%&@ers that uses Tors is the same person.
Mar 10 00:25:19 <Hyperonic[RIA]> Including me.
Mar 10 00:25:30 <Hyperonic[RIA]> All of you are my alts.
Mar 10 00:26:36 <bros> Hyperonic[RIA] why the sudden change in attitude from "lol tilton did it" to "hey look at me everyone i'm a dip!@#$"?
Mar 10 00:27:34 <Hyperonic[RIA]> I guess I learned from the best, bros[/quote]

[quote]Mar 10 00:59:51 <Ogaden> Ogaden, I Shyox a board administrator would like to aplogize for letting the hacker writing this email onto our forums. I am a retard who used 'aaaaaa' as their password.[/quote]

[quote]Mar 09 23:15:31 <bros> Hyperonic[RIA] - Do you believe that if boy was in the server, he could have grabbed Tiltons IP + Useragent + Username?
Mar 09 23:15:36 <Hyperonic[RIA]> You could tell me someone climbed in the window and touched your server funny at night, but I don't see how that relates to you being in our accounts.
Mar 09 23:15:54 <~ShadowSlayer> bros
Mar 09 23:15:57 <~ShadowSlayer> wasn't tilton using TOR?
Mar 09 23:15:58 <Hyperonic[RIA]> How do you know boy was in the server?
Mar 09 23:15:59 <~ShadowSlayer> so no
Mar 09 23:16:18 <Hyperonic[RIA]> I don't know anything about boy, really.
Mar 09 23:16:34 <bros> ShadowSlayer - Yes. Exactly why it would be so easy to grab his IP + Useragent + Username, since it logs that !@#$ in the html access logs or w/e
Mar 09 23:16:36 <Hyperonic[RIA]> He's a CN hacker, but beyond that I don't know anything.
Mar 09 23:16:52 <Hyperonic[RIA]> Wouldn't it be a lot simpler just to get his IP somewhere else?
Mar 09 23:17:02 <Hyperonic[RIA]> I mean, geez, why does he have to hack the server to get client info
Mar 09 23:17:10 <Hyperonic[RIA]> He could have done this tons of ways.
Mar 09 23:17:11 <bros> Hyperonic[RIA] - There were numerous attempts by IPs associated with boy to get into the server, 20+ bans in total (a ban occuring every 10 times a user fails to get a password correct)
Mar 09 23:17:20 <bros> Hyperonic[RIA] - Tilton doesn't exactly seem like the active type
Mar 09 23:17:25 <~ShadowSlayer> IPs meaning proxies
Mar 09 23:17:26 <Hyperonic[RIA]> Yes, but logs and graphs provided by Tilton aren't exactly good evidence to me.
Mar 09 23:17:27 <~ShadowSlayer> correct?
Mar 09 23:17:35 <bros> ShadowSlayer - Yes, IP meaning his TOR exit node
Mar 09 23:17:46 <~ShadowSlayer> no
Mar 09 23:17:48 <~ShadowSlayer> for boy
Mar 09 23:17:50 <~ShadowSlayer> IP meaning proxies
Mar 09 23:17:53 <bros> Yes
Mar 09 23:17:57 <bros> His proxies that he has used
Mar 09 23:18:00 <bros> And you have to admit, Tiltons server is a rather... tasty target.
Mar 09 23:18:07 <bros> It has logs of numerous alliances high gov channels
Mar 09 23:18:55 <Hyperonic[RIA]> Yeah. It makes sense. Let's hack the jackpot of info so we can frame this one guy and make everyone think he was messing with the gayiest !@#$@#$ alliance ever the RIA.
Mar 09 23:19:34 <Hyperonic[RIA]> I'd say we are a target for that kind of !@#$ like pop tarts are gourmet dining.
Mar 09 23:20:26 <Hyperonic[RIA]> I have no idea what motive someone would have to mess with us beyond our security hole.[/quote]

[quote]Mar 06 12:25:21 <bros> http://torstatus.kgprog.com/router_detail.php?FP=bcb3c5d9605d483c57a015024b51fa87713b6dc4 hay look its yooou
Mar 06 14:46:06 <Tilton53> O.o
Mar 06 14:46:34 <bros> And showing them that made them thing even further it was you
Mar 06 14:46:40 <Tilton53> why?
Mar 06 14:47:02 <bros> because "ZOMG IT SAYS SIINGLE USSSER"
Mar 06 14:47:37 <Tilton53> Dude single user means the computer has one account on it
Mar 06 14:47:38 <Tilton53> O.o
Mar 06 14:47:50 <bros> yeah
Mar 06 14:47:54 <bros> they don't seem to understand that
Mar 06 14:48:00 <bros> They want you to join #riatop again btw
Mar 06 14:48:13 <Tilton53> give me a minute
Mar 06 14:49:09 <Tilton53> let me guess saber made the single user point
Mar 06 14:49:10 <Tilton53> >_>
Mar 06 14:49:16 <Tilton53> Since ria is no longer in the channel
Mar 06 14:49:25 <Tilton53> I am assuming the admins talked to them
Mar 06 14:50:23 <bros> [13:02] <Saber[TOP]> however I think that line means single user can use that exit node
Mar 06 14:50:30 <Tilton53> LoL
Mar 06 14:50:34 <Tilton53> that is not how tor works
Mar 06 14:50:54 <Tilton53> Please ask Saber to find the config option blocking all but a single tor user
Mar 06 14:51:56 <bros> and they say that because your TOR IP visited the rok site 17 hours before with a different browser than when you registered on the RoK forums post hacking doesn't matter
Mar 06 14:52:31 <Tilton53> O.o
Mar 06 14:52:32 <Tilton53> Huh?
Mar 06 14:52:52 <Tilton53> explain that more[/quote]

[Hyperonic]

Side A:

Tilton did it.

Side B:

Tilton is the victim of an interalliance wide conspiracy to damn him for whatever reason that has yet to be accounted for.

[Hyperonic]

Alright. Neatly picked out logs.

That prove...?

[Xiphosis]

Actually what they were saying was the odds of someone else being on the exact same Tor node - if it was one - [b]on your account[/b] and "hacking" the RIA and RoK forums shortly before you mightily wrested control back is one hell of an elaborate and unlikely scenario.

Chalk it up with Lanna's testimony and you're guilty as sin. Lovin' that your only defense is posting arguments Bros made better than you could, though.

[Tilton53]

[quote name='Xiphosis' date='29 April 2010 - 02:08 AM' timestamp='1272521270' post='2279564']
I've seen three stories:

One, it was Tor.

Two, it was some conspiracy by 'boy' also involving Tor.

Three, that someone set up a tunnel on his hacked server.


All of which are equally retarded, though two probably the most.
[/quote]


Since you have gotten only half the logs apparently or haven't bothered to read them all;

One we are saying that when my server was hacked into the TOR IP was taken from the logs, and two my TOR client was stickied to a list of fast exit nodes, since all I needed to do was evade filters not become untraceable; a fact RIA was made aware.

https://www.torproject.org/faq#ChooseEntryExit

Edited April 29, 2010 by Tilton53

[Hyperonic]

If he says conspiracy and tor enough people will start to believe him.

[Hyakkimaru]

[b]Quote from: \ IRCop[/b]
[quote]
Of course, when "convicted" by judge, jury and executioner, an informed opinion doesn't do a whole lot. Nonetheless, my own take on the subject.

(I do have an active, unsuspended player account, I simply choose not to log into it and post at this time, which makes me unavailable for replying to any comments someone has on what I've posted vicariously)

As I have made clear to RIA upon reading this thread, the evidence comes from two servers that are claimed to be compromised. [i]Nobody[/i] appears to have considered this point. The fact that these servers are compromised means that nothing in these logs may be taken at face value to begin with. A user who can break into a forum can choose to edit the logs if they choose to, to appear to come from any IP they choose, or simply delete all trace of the activity to begin with. Indeed, it may simply be that a script was run that opened a PHP "Shell", that edited the log to show all requests to come from the same IP.

I've had to deal with a fair few compromised forums in the past, and have been watching the RIA fallout from a distance, and the evidence doesn't track for me. The logging in to other accounts, Signing with "The CN hacker" (or similar), doesn't match the pattern of the other forum hackings that I've heard about. Admittedly, I have better things to do than listen to who's running scripts against vulnerable versions of what, but this doesn't match anything else I've heard about in relation to these hackings.

Tilton himself runs a "BNC" service on Coldfront, which is essentially a legitimised IRC proxy that allows the illusion of a persistent connection between the user and the server. There are repercussions to using a proxy, which include [i]all data sent, including passwords, being available to the person who runs the proxy service[/i].

A casual look at who is using this BNC service lends to prominent figures in NPO and TOP amongst others. Although NPO was targeted by a childish script, I'm not aware of the same happening to TOP. Furtheremore, the NPO accounts broken into were not the members who use Tilton's service. A "hacker" will use what is available to them, not what is harder to attain. These usernames and passwords would have been quite available to him if he chose to use them.

The chat logs, while suspect, are certainly not a confession. In fact, they look rather like how I would reply after having to deal with the accusations for months, although I'd probably be less inclined to talk about it to begin with.

The logs, in fact, clearly start with him protesting his innocence. Case in point, the mention that RIA provided logs that didn't match the "known logs". From there, everything should be read with that in mind. The part about treating it as a security lesson is distinctly like something I would say, as I say it [i]every time[/i] something like this happens.

As for the use of TOR tracing back to his own city, the IP listed is a known TOR node. Your forums preclude the possibility of pasting a link, but anyone with that information may look up the IP in question and see that it is, in fact, a TOR node. Nobody is disputing that, in fact.

Tilton has used that IP regularly for some time, and I've come to associate it with him myself. The usage of TOR to begin with indicates that if Tilton wanted to hide his tracks, he most certainly would have done so and known how to, which makes it showing up in this distinctly suspect.

I'd also like to point out to anyone who posted in the thread that Tilton is not accused of "hacking" the RIA forums according to the evidence I've seen, but logging into two accounts. Anything about him "destroying" communities is uncalled for and - Were I in a position of authority - I would have demanded an apology on that part, regardless of whether he did or did not log into the accounts in question.

To summarise, we have someone who knows how to hide their tracks, but didn't, while their server is reportedly being compromised. When broken into, the logs of both broken servers are treated as fact rather than as tainted evidence. Some logs that start off with Tilton53 finding humour in RIA supposedly editing evidence to frame him are then taken as proof (By RIA, no less) that he logged into the two accounts. The pattern doesn't match Tilton53's known resources, and the IP points to a local TOR node that anyone may log into. In short, I think someone's laughing into their evening meal at the moment.

I will not be responding to replies made on these forums, and I most certainly won't respond to IRC queries on the subject. Any harassment of or by Tilton on IRC however, will be dealt with as [i]I[/i] see fit.
[/quote]

Edited April 29, 2010 by Hyakkimaru

[Tilton53]

[quote name='Hyperonic' date='29 April 2010 - 02:36 AM' timestamp='1272522982' post='2279612']
If he says conspiracy and tor enough people will start to believe him.
[/quote]

And if you claim that when forums are broken into no data is stolen, RIA members will believe you.

[Hyperonic]

No one broke into the apache user on the RIA side, so no, the logs that RIA has are NOT compromised.

[ZeTyon]

I find it fascinating that after all this time some people still dont know what TOR is.


Kind of funny.

[Tilton53]

[quote name='Hyperonic' date='29 April 2010 - 02:41 AM' timestamp='1272523244' post='2279615']
No one broke into the apache user on the RIA side, so no, the logs that RIA has are NOT compromised.
[/quote]

Hyperonic do you have any proof of this? So far all you have shown is a complete of the basics in computer secuirty, including running outdated software after serveral other alliances were broken into; And then upgrading your forums without at least forcing the admins to change their passwords.

[quote]<@\> Someone kindly point out to him that the Apache user doesn't need to be broken into, since Apache runs as the Apache user for some odd reason.[/quote]

Edited April 29, 2010 by Tilton53

[Tilton53]

[quote name='ZeTyon' date='29 April 2010 - 02:41 AM' timestamp='1272523294' post='2279616']
I find it fascinating that after all this time some people still dont know what TOR is.


Kind of funny.
[/quote]

I find it funny that people are touting features of TOR that can be overridden by simple settings as fact.

[Xiphosis]

[quote]I'd also like to point out to anyone who posted in the thread that Tilton is not accused of "hacking" the RIA forums according to the evidence I've seen, but logging into two accounts.[/quote]

One of which was an administrator's account and a Triumvir of the RIA, which for anyone on CN past or present, RIA or anyone else, is an instant ZI sentence.

[Tilton53]

[quote name='Xiphosis' date='29 April 2010 - 02:44 AM' timestamp='1272523466' post='2279621']
One of which was an administrator's account and a Triumvir of the RIA, which for anyone on CN past or present, RIA or anyone else, is an instant ZI sentence.
[/quote]

Ok when the person who's account was broken into used the password 'aaaaaa' we can hardly calling it breaking into, thats like leaving a note on your doorstep labeled "Key is under the mat have fun." >_> Anybody brute forcing a password would have started at that password or damn near it.

I am surprised RIA wasn't 'hacked' into Months ago.

[Delta1212]

Tilton, your posts in this thread have leaned rather heavily on the usage of "RIA is full of jerks and idiots" as your defense. Now, while this can potentially be an effective strategy as no one likes helping, or agreeing, with people that have successfully been presented as unlikeable, it doesn't actually have any impact on or relevance to your level of guilt. The fact that you have been pushing that line of attack rather than a coherent defense of yourself from the very beginning, and that almost every non-aggressive argument I've seen as originated with someone else, does not help your case. It's a fairly basic tactic when you do not wish to admit to something to flip it around and go on the attack in an attempt to distract from the actual issue. It's common, and as I said, generally fairly effective.

Unfortunately, when you are watching for it, it does more to undermine your case than help it because it is a tactic much more commonly used by people who are actually guilty than those who are confident in their innocence.