Forums Outage This Morning

Post #1 » by **Howard Mass** » Tue Aug 17, 2021 10:18 pm

RealGM Users and Viewers,

Overnight, an individual seemingly located in Russia was able to guess a password of an admin. They were spotted and stopped by RealGM's host administrator in minutes. Then we did a survey of everything and performed maintenance with the boards offline (the boards are entirely separate in database and hosting from any other area of RealGM). Nobody's accounts were accessed but this one, and the person did not get any backend access to RealGM's systems so it was not a hack in that way. The person basically logged in like a user (the admin user) would from their computer and played around. They sent a mass email that many received, announcing their feat, and then changed some names of the forums (not usernames), etc., powers that are given to admins but that don't involve deeper access -- essentially the person did some criminal mischief. We restored everything to the most recent backup so some topics and posts are missing. We've made changes on the one user account they accessed so that it has a new password. Pardon the inconvenience and thank you for reading.

Post #2 » by **Schad** » Tue Aug 17, 2021 10:43 pm

Let this be a lesson: B4NTH3M4LL might be a satisfying password for an admin, but it's a mite too obvious.

bulls_troy · Post #3 » by **bulls_troy** » Tue Aug 17, 2021 10:53 pm

Wondered what happened

Sofia · Post #4 » by **Sofia** » Tue Aug 17, 2021 11:21 pm

How could Neato do this to us?

Post #5 » by **NuggetsWY** » Wed Aug 18, 2021 12:22 am

People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.

There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.

Buzzard · Post #6 » by **Buzzard** » Wed Aug 18, 2021 4:28 am

NuggetsWY wrote:People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.

There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.

I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.

Post #7 » by **bwgood77** » Wed Aug 18, 2021 4:30 pm

Buzzard wrote:
NuggetsWY wrote:People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.

There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.

I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.

It is kind of ironic that it was an admin, one of those likely responsible for site security, had their password "guessed".

Prokorov · Post #8 » by **Prokorov** » Wed Aug 18, 2021 4:32 pm

Howard Mass wrote:RealGM Users and Viewers,

Overnight, an individual seemingly located in Russia was able to guess a password of an admin. They were spotted and stopped by RealGM's host administrator in minutes. Then we did a survey of everything and performed maintenance with the boards offline (the boards are entirely separate in database and hosting from any other area of RealGM). Nobody's accounts were accessed but this one, and the person did not get any backend access to RealGM's systems so it was not a hack in that way. The person basically logged in like a user (the admin user) would from their computer and played around. They sent a mass email that many received, announcing their feat, and then changed some names of the forums (not usernames), etc., powers that are given to admins but that don't involve deeper access -- essentially the person did some criminal mischief. We restored everything to the most recent backup so some topics and posts are missing. We've made changes on the one user account they accessed so that it has a new password. Pardon the inconvenience and thank you for reading.

Dont admins not use multi-factor authentication for their accounts?

Prokorov · Post #9 » by **Prokorov** » Wed Aug 18, 2021 4:36 pm

bwgood77 wrote:
Buzzard wrote:
NuggetsWY wrote:People often treat social media passwords as "not significant" - dangerous.
People often use the same password for everything in the world --- understandable, but dangerous.

There are means of being more cautious (password managers) -- not always intuitively obvious but can be learned and become easy to use over time.

I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.

It is kind of ironic that it was an admin, one of those likely responsible for site security, had their password "guessed".

it likely wasnt guessed. that admins username/email + password combination was probably part of one of the larger breaches and broadcoast on the internet (Collection 1, Collection 2, linkedin breach, equifax breach, etc...)

The admin probably used the same password for realgM as they did for another site that was compromised. (referred to as "password resuse"). this is the most common cause of compromised credentials. In todays landscape, it is not a matter of "if" but "when" your credentials will be compromised on one, or many websites. and if you use a common password for multiple sites, attackers use automation to try that leaked passsword on millions of websites in a matter of minutes/hours and get reported on "hits" and then log in to see what damage they can do or what money they can extract

Anything at an admin level, or that houses critical info/access should at a MINIMUM employ:

1) multi-factor authentication (a code sent to a mobile device or token based code required post login for access)
2) a password management system that prohibits password resuse (LastPass is popular)
3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)

Post #10 » by **bwgood77** » Wed Aug 18, 2021 5:18 pm

Prokorov wrote:
bwgood77 wrote:
Buzzard wrote:I use to have access to highly sensitive/secure systems. I used a password generator and a password safe. The password was never easy but after about a week of using it daily, I was able to remember it. The ones I used only once a week, I could never remember which is why I used a password safe also.

It is kind of ironic that it was an admin, one of those likely responsible for site security, had their password "guessed".

it likely wasnt guessed. that admins username/email + password combination was probably part of one of the larger breaches and broadcoast on the internet (Collection 1, Collection 2, linkedin breach, equifax breach, etc...)

The admin probably used the same password for realgM as they did for another site that was compromised. (referred to as "password resuse"). this is the most common cause of compromised credentials. In todays landscape, it is not a matter of "if" but "when" your credentials will be compromised on one, or many websites. and if you use a common password for multiple sites, attackers use automation to try that leaked passsword on millions of websites in a matter of minutes/hours and get reported on "hits" and then log in to see what damage they can do or what money they can extract

Anything at an admin level, or that houses critical info/access should at a MINIMUM employ:

1) multi-factor authentication (a code sent to a mobile device or token based code required post login for access)
2) a password management system that prohibits password resuse (LastPass is popular)
3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)

Right, and not using the same password on multiple sites. But my "guessed" in quotes basically meant that it was hacked (I just used that in quotes since that is what Howard said). I didn't truly think someone was sitting around racking their brain trying to guess an admin's password.

Post #11 » by **gnif** » Wed Aug 18, 2021 11:37 pm

Prokorov wrote:3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)

Geo-fencing was effective back when VPNs were not so easy to have/use.

These days attacks like this usually come through a VPN provider like NordVPN. Some hosts block VPN providers specifically due to this issue, but there are many legitimate uses of VPNs like those that are being state-monitored. As such just like geo-fencing, blocking VPN providers is a band-aid fix at best and won't stop a determined attacker.

Usually, these attacks originate in Russia/China but are proxied through other compromised hosts in "trusted" countries, as such any form of Geo-Fencing is nothing more than a bit of an annoyance to the attacker, and a lot of annoyance to legitimate users that are blocked that should not be.

Full disclosure: Please note while I am an Administrator here I am not a RealGM employee, as such my views/opinions are my own and do not reflect the views and/or opinions of RealGM.

Prokorov · Post #12 » by **Prokorov** » Thu Aug 19, 2021 2:01 pm

gnif wrote:
Prokorov wrote:3) Geo-fencing (Restricts location based logons. prevent logons from russia even if they ahve the correct password)

Geo-fencing was effective back when VPNs were not so easy to have/use.

These days attacks like this usually come through a VPN provider like NordVPN. Some hosts block VPN providers specifically due to this issue, but there are many legitimate uses of VPNs like those that are being state-monitored. As such just like geo-fencing, blocking VPN providers is a band-aid fix at best and won't stop a determined attacker.

Usually, these attacks originate in Russia/China but are proxied through other compromised hosts in "trusted" countries, as such any form of Geo-Fencing is nothing more than a bit of an annoyance to the attacker, and a lot of annoyance to legitimate users that are blocked that should not be.

Full disclosure: Please note while I am an Administrator here I am not a RealGM employee, as such my views/opinions are my own and do not reflect the views and/or opinions of RealGM.

Security is about layers. Conditional Access is an important part of that. Geo fencing can be worked around as can most other measures. There is a strong use case for it, as it will block out a ton of volume of attacks that are non-VPN based. The goal isnt to stop 1 attacker, but as many as possible.

We list this as a minimum requirement, because it blocks out such a large volume with such a low cost for implementation. its like an umbrella, you will still get wet, but its blocking a ton of rain drops.

Again, these are just the minimums so you are not guaranteeing a hack (although the assumed breach mentality is ideal anyway). there are tons of better ways to minimize your risk closer to 0 and improve your methods of recovery and mitigation.

but not everyone has 10K a month to dump into a SOC/SIEM

truth18 · Post #13 » by **truth18** » Fri Aug 20, 2021 5:43 pm

This is unacceptable imo.

buffbrian · Post #14 » by **buffbrian** » Fri Aug 20, 2021 10:41 pm

Did anybody else get a weird message that said "Hacked by Arthur Sergeevich Trusov"?

azcatz11 · Post #15 » by **azcatz11** » Sat Aug 21, 2021 12:12 am

Is our personal information secure?

BKlutch · Post #16 » by **BKlutch** » Sat Aug 21, 2021 3:53 am

azcatz11 wrote:Is our personal information secure?

No, it never is, but not because of RealGm.

Post #17 » by **bwgood77** » Sat Aug 21, 2021 7:22 pm

buffbrian wrote:Did anybody else get a weird message that said "Hacked by Arthur Sergeevich Trusov"?

Yes, a lot of people. I did.

power_bottom · Post #18 » by **power_bottom** » Sun Aug 22, 2021 8:54 am

buffbrian wrote:Did anybody else get a weird message that said "Hacked by Arthur Sergeevich Trusov"?

I did!

NightbreeD · Post #19 » by **NightbreeD** » Mon Aug 23, 2021 5:25 pm

I received an identity monitoring alert this morning from my credit monitoring software that my information was on the dark web. It included my realGM login name, password, and email address. Has anyone else gotten this kind of alert?

Post #20 » by **bwgood77** » Mon Aug 23, 2021 7:55 pm

NightbreeD wrote:I received an identity monitoring alert this morning from my credit monitoring software that my information was on the dark web. It included my realGM login name, password, and email address. Has anyone else gotten this kind of alert?

I get an alert sometimes from a credit company telling me my realgm password is compromised but it has never been hacked. I have also changed it.