Topic: Bohemia servers hacked, DayZ Standalone source code stolen

Offline Lias

  • Forum Admin
  • Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!
  • Posts: 3,963
An extremely unfortunate event for DayZ Standalone‘s developer Bohemia Interactive seems to have recently occurred. Based on a now-removed forum thread (mirrored here) on game hacking forum Unknown Cheats, it appears that the DayZ source code may have been stolen from the Czech video game developer’s servers via SQL injection.
The alleged attacker going by the alias “DevDomo” posted evidence that he or she gained access to Bohemia’s servers by posting several images of alleged source code files and his or her method of access. I reached out to Bohemia Interactive and asked about the validity of DevDomo’s claims, and they confirmed that they have “detected an attack ” on some of their servers. They went on to say “the precise nature and scope of this attack is currently being extensively investigated.”
Since this situation came to my attention, it appears that a PDB tool for debugging the DayZ executable has been released by both DevDomo and fellow Unknown Cheats user “drwhat”. The tool may open up the possibility of new hacks and exploits for DayZ Standalone.
Bohemia Interactive confirmed with us that no user data was accessible from the attacked servers and that current developer goals and schedules for their games have not been affected. More information about the attack is said to be released as Bohemia’s investigation continues. We’ll keep you up to date on the situation.
- See more at: http://www.relyonhorror.com/latest-news/bohemia-interactives-servers-hacked-dayz-source-code-possibly-stolen/#sthash.4j2oUF4H.dpuf

Posted: May 15, 2014, 12:27:54 pm

Offline Apostrophe Spacemonkey

  • Fuck this title in particular.

  • Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!Apostrophe Spacemonkey is awe-inspiring!
  • Posts: 19,050
lol at SQL injection, you're security would have to "; DELETE FROM dbo.Users WHERE userid = 'Lias'

Reply #1 Posted: May 15, 2014, 02:30:52 pm

Offline Lias

  • Forum Admin
  • Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!Lias is awe-inspiring!
  • Posts: 3,963
lol at SQL injection, you're security would have to "; DELETE FROM dbo.Users WHERE userid = 'Lias'

lol

Reply #2 Posted: May 15, 2014, 02:48:10 pm

Offline DarkVirus

  • Administrator
  • DarkVirus is awe-inspiring!DarkVirus is awe-inspiring!DarkVirus is awe-inspiring!DarkVirus is awe-inspiring!DarkVirus is awe-inspiring!DarkVirus is awe-inspiring!DarkVirus is awe-inspiring!DarkVirus is awe-inspiring!DarkVirus is awe-inspiring!DarkVirus is awe-inspiring!DarkVirus is awe-inspiring!DarkVirus is awe-inspiring!
  • Posts: 10,463
From building some pages recently with craigor its quite interesting how easy some of this stuff is, even posting your own content to a form submit page and then looking at the $_REQUEST value that it returns can yield some scary information.

IMO if your making something public, even in alpha, it should be locked down.

Reply #3 Posted: May 15, 2014, 08:44:09 pm
Praise be to RNGesus
Add me to Steam

Offline Xsannz

  • Addicted
  • Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!Xsannz is awe-inspiring!
  • Posts: 5,412
lol at SQL injection, you're security would have to "; DELETE FROM dbo.Users WHERE userid = 'Lias'

Not really, you could inject it into a html request like an unsecured or forced 500 error that then parses through., or a in cases of some flash players or Java on a site injecting it as it runs using fiddler mid request.

sql injection attacks are some of the easiest to perform and sometime not in the easiest of places to have secured for functionality reasons.

Reply #4 Posted: September 08, 2014, 12:24:00 pm