Well I'm just glad that my baby from 2015 is getting attention and I can make my first shitpost in years.
What better way to spend a Friday night than looking at logs. To be clear, I don't really give a shit about this game and you all know I have no love or super hatred towards BK so hopefully this post is fairly conclusive.
I still run BK's forums and BKNet was 90% created by myself. The entire banking aspect as created by myself but I have not maintained the application since early 2017. Tiber and George have maintained and added to the application since.
I can say with fairly certain confidence that George did in fact abuse BKNet to remove members from BK and had the help of an accomplice.
Of course the database password for BKNet is stored in an environment file and George had access to that password. The password was not changed after George left BK. There are only three people that I am aware of that have had access to and that is myself, Tiber, and George. This is how George obtained the database password. BKNet does have the ability to remove members from the alliance. Through an Internal Affairs module that managed the upgrade training of the applicants, George and his accomplice removed members from the alliance. George used phpMyAdmin (which, why the hell did I not remove that program?) to delete the logs that track these kinds of things. It is clear that while George's accomplice removed the members from the alliance, George cleaned up the logs in the database. Fortunately, Apache keeps logs of every request and yes, I really did look through them. You can clearly see the GET and POST requests to the specific endpoints in the Internal Affairs module of BKNet by his accomplice to remove the members and the specific endpoints of phpMyAdmin utilized by George to modify the database.
Why do I know this is George? Well, this is why I said "fairly certain confidence." The IP address involved in this attack matches the same location of all the IP address that George used to login to the BK forums. Additionally, the only way for someone to have access to the BKNet database is to have had access to the environment file, which out of myself, Tiber, and George, the only one with a motive here is George. As for his accomplice, all I know is he is from France and uses the OnePlus A6013.
So while I can't say for certain that George conducted this "attack," I would say it is fairly clear that he was involved.
Additionally, everything that BKNet does requires some sort of user input to initiate the action. If this was a script that went "rogue," then the script would've been initiated with an internal IP and it is clear that it was not. BKNet was not compromised; it did exactly what it was told. This was a failure of basic security and BK has learned the lesson the hard way.