Allegations of Admin Abuse
 

Dear Planetarion Users,

It came to the attention of NetGamers that allegations of corruption were being leveled against one of our server administrators.

I'm sure you all know the story by now, so I wont bore you with a full recount of the details. Neither are we prepared to go into extreme detail regarding the investigation which took place by several of us at netgamers abuse-com.

Suffice it to say that such an investigation has taken place, and we have found no evidence to support the accusations that Expl8t obtained the information which he passed on to others by corrupting his administrative privileges.

We will say, on record, that while we do not find Expl8t's involvement in this matter to be technically in breach of his status as a server admin.. we are very disappointed in his reckless and immoral actions. Obviously handing out personal information is not a very good way to earn the trust of our users, even if he didn't abuse his admin access to gain the information.

I would therefore like to take this opportunity to apologise on behalf of NetGamers and Expl8t. This matter has been taken very seriously by all concerned, and we aim to never have such a conflict of interest occurring again.

We now consider the matter closed. Thank you.

-Jedi
CSC Assistant Manager
On behalf of Netgamers IRC.

Re: Alligations of Admin Abuse
 

what about the other server ops? Are there now procedures/checks in place to prevent this? What assurances do we have this wont happen again?

Re: Alligations of Admin Abuse
 

he admits giving out dozens passwords for alliances but "cant remember" where he got them, they dont have enough evidence for him to be guilty of using his netgamers server to obtain the passwords so he is innocent.

how can we trust him????

Re: Alligations of Admin Abuse
 

can't remember is quite frankly unnacceptable

Re: Alligations of Admin Abuse
 

This is not a conclusion, this is not an answer, solution, assurance, and only belittles us the user.

Re: Alligations of Admin Abuse
 

Innocent until proven guilty. No evidence, no conviction. Simple. Time to move on.

Re: Alligations of Admin Abuse
 

Totally agree, i do trust that NG staff didnt find any evidence of him using his admin rights to obtain the information in question.
However that doesn't mean that i think he didnt use it.

And i will have to say that his explanation on how he did get the password is very weak, not remembering it..

Re: Alligations of Admin Abuse
 

maybe jbg paid him in beer for the passwords ?

Re: Alligations of Admin Abuse
 

oh man i'm so paranoid i think i might explode!

what if my pm's with jbg are read what will the world find out?!

oh i know, that i'm playing a shitty internet game oh no the horror

Re: Alligations of Admin Abuse
 

JESUS CHRIST DONT ADMIT STUFF LIKE THAT ON THE INTUHNET!

---
Srsly tho.. if he didnt use his server op to gain accesss... why should he have to tell anyone?

Re: Alligations of Admin Abuse
 

Uhm, I don't really care if he actually sniffed the passwords from PMs, got them delivered by UPS, dreamed of them or whatever.
A fact is, he is a netgamers admin and therefore a person we all have to trust. He seems to admit he used access data he got from somewhere. No matter if 'somewhere' is his logs or not, the trust is lost and therefore he should not be irc oper.
If he still is irc oper on netgamers the only possible conclusion is the other irc opers support password stealing.
And no, this is not a case of 'innocent until proven guilty', it is only a matter of trust as the use of passwords he should not have is killing this trust already.

Regards,
_are_

Re: Alligations of Admin Abuse
 

I couldn't care less what he does in his free time. As long as he doesn't abuse his admin powers, I don't see any reason to remove him.

Re: Alligations of Admin Abuse
 

seconded

Re: Alligations of Admin Abuse
 

How can you be sure that he doesn't?
They never said he didn't do it, they said there were no evidence to back up the allegations, which makes sense. If i was a serveradmin i wouldnt either let evidence (if it logs it at all) be left out for someone else to find.
Still it surprises me that they accepts his answer to the question on how he got them, "doesnt remember". I would have thought that was a thing you would remember.

Re: Alligations of Admin Abuse
 

This should really go in announcements along with any official comments from pateam and recommendations for those whos passwords were infact compromised - ie change them.
If they used the same login for external sites as they did for P, then it stands to reason that things such as game logins or other more sensitive sites use the same details too.
It might also be an idea to personally contact each and every one of them incase they dont read announcements or the forums too, explaining the situation and what they should do.

Personally, I think what was done is a disgrace - irrespective of how he got the information, such a person has no place in a position of authority if they cannot be trusted. Thats something for netgamers to decide on though - not anyone else. Its entirely an internal matter to them, which judging from the announcement has been dealt with.

The question becomes - if he did not use his administrative access to gain these logins - how did he get them?

I wonder which jurisdiction this would fall under where data protection or computer misuse laws are concerned though. Some countries take things like this extremely seriously.
Could be some potentially nasty fallout if anyone presses the matter :S

Re: Alligations of Admin Abuse
 

I refer to my earlier statement, innocent until proven guilty. I can't be sure you didn't commit some heinous crime either, that doesn't mean I'm just going to assume you did.

I forget unimportant shit all the time.

Re: Alligations of Admin Abuse
 

its fine for you thought mz heh? as you and your alliance are seemingly 'safe' from this kind of abuse...

Re: Alligations of Admin Abuse
 

Considering the number of people who dislike us, that seems a fairly stupid statement to make.

Re: Alligations of Admin Abuse
 

His statement isn't stupid.

Its more true than you ever will or can belive.

Re: Alligations of Admin Abuse
 

Yeah, we've got all the AD forum mods on our side.

We simply cannot be stopped!

Re: Alligations of Admin Abuse
 

Considering expl8t left the tag and then got removed from ascendancy the day after he gave us the passwords...

You seem to be one of those people who sees conspiracies everywhere though. We also control the multihunters. All that time they spend warning ascendancy members for r/ps and ingame abuse is just a cover :(

Re: Alligations of Admin Abuse
 

Dont forget, Asc also controls all the mods. Especially me. I randomly edit posts, delete threads and ban users on the Bidding of Munin, our Saviour.

Re: Alligations of Admin Abuse
 

Surprising result. Sike.

They aren't "prepared to go into extreme detail regarding the investigation which took place by several of" them at netgamers yet we're supposed to believe they've done enough to reach their conclusion?

Re: Alligations of Admin Abuse
 

Wouldn't have expected you to back him up

Re: Alligations of Admin Abuse
 

you're watching too much Hollywood movies. I don't know many countries where this does apply, especially not the USA where a guy just got released after 27 years in jail when it was proved he was... innocent.

This NG dude may not have used his privileged access to steal passwords, he still stole them... that guilt is already admitted that's just the murder weapon we're looking for...

Re: Alligations of Admin Abuse
 

Yeah and please do take into consideration USA is a f*cked up country.

Re: Alligations of Admin Abuse
 

We do not support his actions in any way. In actual fact, my post clearly states that we condemn his behaviour. But being a plonker doesn't equel abuse of access.

Re: Alligations of Admin Abuse
 

I'm not sure what you mean.

I guess all I can say to your question is that this incident will be held up as an example to others with regards to conflicts of interest and the difference between being squeeky clean and being seen to be squeeky clean.

Expl8t's fault in this matter was to allow himself to be seen in a potential abuse situation.

Re: Alligations of Admin Abuse
 

I mean. Are there any checks in place to make sure that other server ops / pa crew / cservice do not abuse their power?

Re: Alligations of Admin Abuse
 

I appreciate that NG staff takes time to answer this thread.

Question to Jonneh: Are you satisfied with the answer to how he got the passwords, "dont remember" ?

Well with you that doesnt surprise me a bit, but do you really think you forgot where you got 2 or more hc logins from? And some member logins aswell?

Re: Alligations of Admin Abuse
 

Think your missing the point all together
He didnt use his server ops to get the info. Hence none of them care where he got it from.

Its the alliances techies job to secure your arby logins not pa crew/ng staff

Re: Alligations of Admin Abuse
 

They've checked to see whether he abused his priviledges to obtain these passwords. He didn't. That's the end of NG's involvement in this. They shouldn't be condemning his actions either as he seems to have managed to get passwords to your arbiters without abusing power he's been given which is fair play. Stop crying and tighten your security.

Re: Alligations of Admin Abuse
 

An absolute "WhiteWash"

That statement dosnt mean that there isnt any or that there is single point of entry of evidence. He is an Admin he has cause to go all over the system which can be explained as day to day work !.

The fact is he had the means, he had the passwords and he forgot how he got them.

Absolute Balls !

If it did come out that NG staff had abused their privalages then a serious questions would have to be asked about Jolt/PA invovlment with netgamers. With out PA Netgamers is a dead product. This smells of NG protecting their market position

Re: Alligations of Admin Abuse
 

If the arbiter uses one-way hashes to encode the passwords used for login ( I think this likely, its like a standard method of doing simple authentication ) , and there was not a brute force attack on a significant scale in order to gain access then its highly unlikely that their arbiter is the source of the breach, he would have had to gain the passwords from an alternate source in order to do what he did.
If they were stored as plaintext, or even encrypted with a standard function and the arbiter was vulnerable to things like sql injection then its possible that it is the source.

As far as I can see, Netgamers cannot find evidence to support the accusation that he gained them through his server access, not that they are saying he absolutely didnt use his access to do it. ( hello hub, router echo port + wireshark?, plus several other methods if you have root ).

In the short term they've made the correct ( and only ) call possible. They cant find evidence to support he abused his position but they cannot condone what he did - therefore they announce as much to everyone condemning his actions and saying that they have no evidence to justify removing him from his position.
In the long term, if i were in their position - i would be looking into replacements for underworld if the network needs the server capacity and delinking it the moment they had one

Regardless of how it was done - the fact is, he had their login details, and it is this combined with him revealing them that they are ( rightly ) condemning. Its not something he did that should be congratulated or simply swept under the carpet, its a serious failing of ethics.
Its only sad that they have to apologise on his behalf too - he isnt apologising himself for it.

Even if he had been found to have abused his position, its unlikely that jolt/pa would have created their own network for planetarion or joined an alternate one. They might have kicked up a fuss to ensure it wouldnt happen again but thats as far as it would go imho.

Re: Alligations of Admin Abuse
 

The question again to me is simply: How can netgamers accept that one of their admins is using these kind of ways to obtain passwords/logins.

I would ask said person to resign.

Re: Alligations of Admin Abuse
 

All admin access is logged. I couldnt, for example, look up all of your channel access or force my way into some secret channel without it being logged.

Re: Alligations of Admin Abuse
 

Obviously there is alot about this situation which we are not completely happy with. As stated above, the main problem with this is that the perception Expl8t has given out is that he is not "whiter than white" trustworthy. This is something we hope he will bear in mind when he plays Planetarion in future. He's free to play the game, as all network staff are, but he has a responsibility to the network and users that cant be ignored.

As for your specific question regarding his answer.. technically he didnt say "I dont remember". He doesn't have record of where exactly all this information came from. He wasn't meticulous in referencing his sources while he was taking down this 'intel'. We obviously cant check into alot of these things if he had anyway, since we're talking about potentially years of data/logs/etc.

I'd have prefered it if he had the evidence ready to defend himself with, but as we've already stated (as well as several of you); that fact by itself doesn't even come close to making him "guilty".

Re: Alligations of Admin Abuse
 

If Expl8t was guilty, we would have removed his servers(s) from our network, and issued a statement to that fact. He isn't guilty, so we are defending his right to retain his status.

Not once in our discussions was there ever mention of "protecting our market position".

Re: Alligations of Admin Abuse
 

I am sorry i have to disagree.

With being an Admin any where in the It world you need to be whiter than white.
He had the means at his disposal as an Admin to get the passwords.

Unless he does come up with evidence of where he got the passwords from and "cant remeber" is not used as an excuse, then we are right to think he is guilty of mis - use of his Admin rights and should be removed from that position until such evidence is presented to clear his name and re-gain the users trust.

Re: Alligations of Admin Abuse
 

I disagree BADA, yes you are innocent untill proven otherwise.

But i obviously think we cant trust him anymore, since it is not an act an admin/ircop should do to earn the users trust.

Re: Alligations of Admin Abuse
 

Which people have access to these logs? Are their permissions just read-only, or can the logs be modified as well?

Re: Alligations of Admin Abuse
 

Obviously if he has admin access to the server that's running the server, he could easily avoid being logged. For example by sniffing with wireshark or ethercap, and since IRC communications (without SSL) is plain text, it wouldnt really be a problem.

As i see it, that isnt really the issue, the issue is that trust have been broken as we really dont know how he got the passwords. There are only assumptions.

Re: Alligations of Admin Abuse
 

You can't log all possible ways for an irc oper to gain this info via his oper status.
even if you used a server software that has no means within itself to log /msg, it is a trivial change to the software to implement it. In this case noone can trace it as you just view your server log for the info you want. A few basic regex will sort you out all useful info anyone typed while being connected to your server. No need to break into P database or anything similar. and not even a need to have same user/pass on P as on the alliance site. E.g. we have an irc bot you can log into on netgamers, ofc you have to do it via a normal /msg, and ofc this data can be logged by any serveradmin.
However, 'whiter than white' is not necessarily a must, but by allowing someone that obviously does some effort to gain other people passwords the position to easily do it way more efficiently is not exactly a good move.
Drug dealers may not become doctors and if they already are, they loose their license permanently. People abusing others sexually are not allowed to teach children, no matter how rehabilitated they are, no mater if they originally abused a child.
And in the same way, someone that already stole passwords from somewhere should not given the opportunity to do it in an easy way anymore.
This is why I expect NG team to remove the server and admin in question, regardless if he actually used the server/admin power to gain this info or not.

Regards,
_are_

Re: Alligations of Admin Abuse
 

You can be convicted and found guilty on compelling circumstantial evidence.....

I truly believe this to be the case

Re: Alligations of Admin Abuse
 

I'm reluctant to disclose full details, but suffice it to say they are secure.

Re: Alligations of Admin Abuse
 

Bullshit.

Re: Alligations of Admin Abuse
 

Care to elaborate?

Re: Alligations of Admin Abuse
 

what's funny is no one cares that a certain other irc oper we all know and love has been working as CT's intel officer for ages (well i don't know if he still is, r24 was definitely one, i've been told at least 2 other rounds too..) what about where he gets his definite intel yo

Re: Alligations of Admin Abuse
 

seriously stop being such whingy faggots, when did you all turn into anal retarded tosspots? you're worse than the mh team and there PG stance, absolute ****ing bullshit, this game deserves to go down the pan.

Re: Alligations of Admin Abuse
 

Expl8t is an awesome guy, love him and trust him :)

( me speaking up for him might not be positive for him though! but who cares! :p )