[NOTICE] Staff Information Data Leak

Yes but you can't compare what he did to knowing my rupee balance. I mean you have to draw the line somewhere.

This is probably the hardest post I made on the forums so far (basically the decision if I should post or not). For the record: I have no love lost for the people behind this, nor do I have much respect for those who (ab)use the obtained data for their own hidden agendas, no matter what their motivation might be. Lines were crossed which in my opinion show a plain out disrespect towards the people behind the Empire. To put this into simple words: you don't harass people in real life over something as trivial as a stupid game. If you do then you have some serious mental issues to sort out in my not so humble opinion.

Stuff happened this weekend and only a few players will know what I'm talking about. Stuff which the staff has already addressed as well, but I believe one part of that could be done a little bit better.

My problem: I don't want to put more attention to this event than necessary, but I still want to address this issue. Therefor: a mini-guide in this thread itself, one which won't be further referenced by me. I assume that only concerned players would follow this thread, and this guide is specifically meant for them.

This isn't a thorough guide which explains every detail, I am only trying to explain the basic concept behind TCP/IP in order to make people fully aware as to:

mini-guide: What happens if someone finds out my IP address?

What is an IP address?

An IP address is something which every computer which accesses the Internet has. It is basically a unique identifier which allows other computers in a network to access yours. For example: if you visit the Empire website then your browser is basically asking the Empire (web)server: "please show me the website". The server checks, and will then send you the starting page of the website. But in order to know where it should send this information to it would need some kind of address. This is the so called IP address.

Networks

A group of computers is called a network. Sounds simple enough. Within a network all computers would have their own IP address which gives them a unique identifier within that network. But how would a computer know how to reach another computer which is not a part of that network?

And: if we all have our unique address, wouldn't we run out of addresses really soon?

First the last question: because of the limited amount of addresses the people behind the TCP/IP network protocols have created so called private network ranges. A private network range is basically a collection of IP addresses which can only be used in private, so for example your own network. You will not find any computers on the Internet which use these addresses in the open.

Well known examples are: 192.168.x.x, 10.x.x.x and (less known): 172.16.x.x. Where x can be any random number between 0 and 255. 192.168.10.5, 10.0.1.80, 10.50.16.73... These are all IP addresses which you wouldn't find on the Internet.

If you're on Windows you could open a command line (start cmd.exe) and use the command: ipconfig. This will show you the IP address which your computer has. On a Mac you can use: ifconfig instead.

So... how would our computer know how to contact others which are not a part of our network?

Routers

For that we have routers. You probably have one at home as well: a small box which connects your computer(s) to the Internet for example. A so called "Internet router". The only thing a router basically does is to receive network data, decides where to send this off to and if needed: remembers what data got send, so that if an answer comes back then it'll know where to send it to.

For example: Say you and your family all have Internet at home. Your parent(s) are browsing to check which groceries to get in the supermarket next week while you're visiting the Empire website, maybe you're reading this post right now. A router would make sure that your parents will see the website of the supermarket while you get to see the Empire website. Both computers send out a request, and the router makes sure that the right answer is send back to the right computer.

But there's more....

Remember what I said about those private IP addresses? (192.168.x.x, 10.x.x.x, etc.)? They cannot be used on the Internet (and they're not). So how does that work?

Well, most routers can actually "translate" a private IP address into a "public" one. A public IP address is an IP address which is used on the Internet. For example: 8.8.8.8 (this is one of Google's DNS servers).

This process is called Network Address Translation ("NAT") and what this means is that even though your computer may have a private IP address, on the Internet you'll get a completely different one: the so called public IP address.

If you'd like to know your public IP address then visit this website: http://whatismyipaddress.com/

Not only will this show you your public IP address, it will also show you where it thinks you might be located (and what Internet provider you use).

1st answer: more routers...

And this brings me to the first part of my answer: If people know your IP address then they will be able to find out what you just saw on that website I told you about. At best, and even then it's a long shot, they might be able to determine what city you're in. But here's the thing: that is no guarantee at all. When I visit that website then it tells me that my IP address is in Barendrecht in the Netherlands. Trust me: I don't live there.

The secret is that they don't get to see your physical location, but that of the router (not the one in your home!) which is used by your Internet provider. And that router can be in a completely different place (and it usually is).

2nd answer: what about hacking?

Yes, if someone has your IP address then they could use that to try and contact your computer. But here's the thing: remember my story above about that "network translation"? So: although your computer has a private IP address your router gets you a public IP address?

That process is a one way process by default. Your router will easily send out data to other computers on the Internet (when asked to) but it will not do so the other way around.

Basically: if someone on the Internet has your IP address and tries to contact you then they won't come into contact with your computer, but with the router which you're (most likely) using. And in normal circumstances that router was set up to be secure and keep those pesky hackers out.

3rd answer: flooding.

Last, and finally: there is a risk of flooding. A so called DoS or DDoS attack. In short: many (hacked) computers on the Internet would be instructed to send a huge barrage of nonsense your way. The result is that the router(s) would get so much data to process that they can no longer keep up and then you'd lose your connection to the Internet.

You'd still be connected, but because the connection is overused there's no more "room" for regular usage (such as visiting websites and getting your e-mail).

This is a serious problem on the Internet, but... Most Internet providers have failsaves these days. If there's such a problem they will most certainly notice and in many cases will be able to "redirect" all the data. Some will even go as far as to try and get law enforcement involved, especially if they're able to identify some of the computers which were abused to take part in the attack.

If something like this would happen to you then the first thing to do is to contact your Internet provider and ask them for help or any other advice.

Concluding

I hope you can agree with me that although it may sound scary the actual risks aren't extremely high. The most likely risk is #3: flooding. But as said, most Internet providers will be prepared for that.

Disclaimer: I know I over-simplified things and that there's more to some items. Please remember the target audience here: I'm trying to make things understandable, not to teach EMC players the very basics of TCP/IP.

Why can't people just come to understand, we are all humans, we only live once and we all just want to be happy!? JUST LEAve EVERYONE ELSE BE

I was gone for 3 DAYS. What happened when I was banging my head and smashing people's faces in at Connecticut?

Well, this. lol

Life goes on as usual, blahblahblah, this happened - eh, life goes on as usual, blahblahblah.

Basically nothing that much of note lol

I mean what could you want to leak from a moderator's EMC account? It's not like there's much there for them to 'leak'. And yeah, sure, people got banned, but I'm sure that's easily reversed and easily explained to most. At the end of the day, the only response the 'hacker' (not really a hacker lol) is going to get is pretty much: "nobody actually cares mate like what are you 12 years old, like it's a Minecraft server like please actually get a life or go do something worthwhile and go outside for once lmao, you are actually the saddest manchild going hahahahha."

The only thing I cared about during this whole thing was finding out the person who did it, which was pretty easy lol

I feel like I live under a rock when it comes to this, I still haven't found out who did all of this...

Edward Snowden is an American hero, this is a little different.

This was the guy that leaked classified documents. The one that 2/3rds of Americans consider a villain.

Ya poor government. They are the true victims here. Amazing how it's usually the whistle blowers that are made out to be the bad guys. From what I've seen the only info leaked was that of the spying practices and not of personal info on Americans.

Edit: After re-reading this is seems like it might be hostile towards you. This was not my intention.

Best to stay on topic of the thread than turn it into argument about Snowden actions were good or bad.

Sorry will do.

I was on my phone when I saw this. It had started me at the end of the thread and I was scrolling back through (finger swiping) to get to where I had last left off. I see this post (not even reading content) and before i get to the name, I instantly knew it was Shel! Thanks for the great info!

Way off topic here, where did you find your sig? i absolutely love it lol

Oh wow. That reminds me of Spaceballs when they get the passcode for the atmosphere lock on Planet Druidia. "12345? That's the kind of code an idiot would have on his luggage!"

I can attest to that. I had an employer require that once upon a time. I'm pretty good with making and remembering strong passwords. As a result of their policy I would sometimes get temporarily locked out of the network after forgetting the new password. This made it difficult to do my job for a day or so around password change months.

So... who got hacked here?

Nobody really got hacked, some goofball got lucky with trying out a password and they managed to log onto a staff account. That's not really hacking, that's being lucky. They had fun trying to ban some players, the staff noticed it and as usual with these kind of stories: they got the last laugh.

That's really all there's to it. As nasty as this may look this also goes to show us that you cannot simply log on and pretend to be someone else while trying to wreck havoc. Because the staff will notice and you will get burned.

So in the end.. nothing really to see here anymore

(edit): Just so we're clear, this is my own personal impression of the whole matter.

How long did it take you to write that?