original writeup created by ast;
"170219.2209 Breach attempt from eta.info_jeqkh3"
This was the incident that started it all.
Magma Asset Managment and n00bish had been sitting on dtr's loc for a while now, waiting for the perfect time to strike.
Alpha (eta|iota ingame, member of M.A.M.) decided that he wanted to see what the w4rn message on dtr was.
Alpha pings dtr's loc. He does not attempt a hack; however, this activates dtr's defenses.
It turns out that dtr's w4rn is blank.
Dtr's defenses moved his GC to various other users (sudo, l, zero_day, zdc, etc.)
Because dtr is now compromised and the GC is no longer stored there, dtr considered retiring his user.
Dtr has also said in the past that if his loc is attacked, he will retiring his user.
There was a period of relative calm here, after everyone had heard the news. It lasted possibly an hour or two.
Sean also appears, and says hi.
Sprocket (polarity ingame, member of M.A.M.) decides to leak dtr's loc to the public.
In his words, he does this for meme's sake.
Soon after locs for zdc, zero_day, l, sudo, n00bish, and dori leak.
By this point dtr has removed many public scripts, breaking many of the scripts in the MUD.
Many sources come forward to claim that alpha and cyberpunk are the same person.
At this point, dtr claimed the user cyberpunk, it having been retired.
Apparently, for the sole purpose of memes.
Dtr transfered significant portions of wealth into cyberpunk totalling more than 17TGC.
To my knowledge, the user dtr is now a script hoster and all scripts work the same as before.
Cyberpunk owned by dtr.
User dtr holds scripts.
Locs for dtr, zdc, zero_day, sudo, l, n00bish, and dori are now public.
On 170219 a user named Alpha, while scraping t3 corporations, found user dtr's loc. Though Magma, Alpha's corporation, had plans to attack dtr, Alpha decided to harmlessly poke the user. Due to frustration with recent changes to the way transfer gc upgrades works Alpha decided the best use for the newly discovered loc was to see the w4rn_message of dtr. In hindsight, Alpha has said he should have just gone to sleep and not poked dtr's loc. There was no w4rn_message. An unfortunate side effect of this poke was that dtr's bot defenses had activated. The poke was now an attack, though Alpha had no plans of a full breach.
Dtr's bot defenses, near immediately, activated, sending his gc to four separate users; zdc, sudo, zero_day, and l. A bit after this Magma, looking to capitalize on the unintended reactions of the bot defense system, publicly released a list of high profile user locs including dtr, zdc, n00bish, dori, l, zero_day. Dtr also publicly released sudo's, his own alt, loc as well. At this point dtr made a few of his own scripts private, namely man, lib, and public_alts, which disrupted numerous other scripts. Dtr has stated that this was a 'tactical' decision and chose to do so to cause "Maximum chaos, minimal lasting damage". Dtr was confident they had at least the time until next lock rotation before any meaningful attack could occur due to having 'looped l0g_wr1t3rs', a practice of having a closed loop among your own alts, or other trusted users, requiring an attacker to breach one of them to be able to breach any of them.
Around 30 minutes after the initial poke, but before the loc leak, dtr reconsolidated his wealth back on the user dtr. An hour after the reconsolidation user xena poked dtr causing the bot defenses to once again go into motion. This time dtr created a new user, cyberpunk, to safely store his assets. The username cyberpunk was chosen as a tongue-in-cheek reference to Alpha, an old username Alpha had retired for various personal reasons. According to Dtr, he had not been caught off guard by the initial poke and had anticipated an attack, though he did not know when or from who. He had purposefully kept his defenses dumbed down and buggy in a show of good sportsmanship. Keeping the defense bots in this state was meant to allow the first attackers a chance at his assets. Dtr had also been working with at least three different groups, in an advisory capacity, to come up with plans on attacking himself.
The defense went well, with no unforeseen hang ups. An interesting detail about the defense bots is that they created a sort of fork bomb using discord. When the bots go into defense mode, they assume all the other bots are compromised and that discord is untrustworthy. They each broadcast alerts to discord, ignoring each others broadcasts and as a form of redundancy also broadcast to a channel in-game. When they see messages in the in game channel, they rebroadcast it to discord. This creates a self-multiplying event. The bots were reigned in before this had any significant effect on performance for dtr though user n00bish is quoted referring to the mass notifications in discord as 'miserable'.
Sometime during all these events in-game, a mysterious player going by the moniker 'Doctor_doomsayer' joined the hackmud discord and leaked screenshots of private messages between Alpha, Imphunter and Ciastex. These screenshots served as confirmation to a popular theory; Alpha was scriptkiddie and cyberpunk in the past. No solid confirmation of who doctor_doomsayer is has been revealed at this time, though there are a few suspects.
Loose time table of the events during and directly after the poke:
170219.2209 eta's poke (alpha)
170219.2210 bot defense transfers to dtr's
holding users (zdc,sudo,zero_day,l)
170219.2226 zdc returns gc to dtr (via
being over 16t, normal bot action)
~170219.2235 dtr decides to reconsolidated
gc on dtr manually
170219.2238 sudo returns gc to dtr
170219.2238 l returns gc to dtr
170219.2239 zero_day returns money to dtr
loc leak happens in this gap
170219.0041 poke by xena
170219.0041 bot defense transfers to dtr's holding users
bot panic continues for around 30 more mins
cyberpunk is created somewhere in this time
170220.0112 upgrade transfers (and gc?) to cyberpunk
logs provided by dtr:
In the aftermath of these events, dtr began using a new strategy for defense. He would make a new user every three days and near immediately transfer his gc and upgrades to that user. This minimizes the potential for the new user to be leaked in a npc corporation. On 170228 user ghamb found user cyberpunk in a t3 corporation and once again poked one of dtr's users with no real plan of attack. Ghamb's reasoning is quoted as "Dtr announced he would be rotating soon and my window was closing so I hastily poked the loc". Once again the bot defenses sprung into action, transferring dtr's gc to holding users. Dtr, who was present at the time, created yet another user and safely stored his gc in it. Ghamb did not provide the loc publicly.
On 170301 Alpha once again leaked a list of high profile locs; pay, jade, vdd, cronie, and cyberpunk. Alpha's reasoning for this leak was because he had bigger things to do than form an attack on these locations and also anyone who could do anything with the locs had already had the locs. As of 170302 there have been no publicly announced attacks on these locations due to the leaks. Alpha, however, publicly leaked his own bank user, mb, shortly after. At 170302.0457 user n00bishposted a report of their attack on user mb. The attack is said to have resulted in 1.1TGC being stolen. n00bish's report follows;
mb (magma bank) hack infos:
8 total calls
- acct_nt solution space size: 419
-- solved --
< hit a lock rotation >
12 total calls
- acct_nt solution space size 615
- 1 mistake duplicate
- 1 call to hack myself for logwriter
-- solved --
no upgrades to take
no bots were used for any part of the hack, it was all done myself using my own scripts.
mb's loc was posted publicly in discord last night, seemingly as a "come at me bro".
so i did.
ast for the intial writeup
alpha and dtr for providing interviews
n00bish for providing a write up his attack