Jump to content

Account hacking (Leo)


Guest Elijah Mikaelson
 Share

Recommended Posts

Guest Elijah Mikaelson
8 minutes ago, Alex said:

Well, based on my understanding of the situation (I'm catching up here) it's entirely possible someone else triggered the actions through some sort of 3rd party script, but no one else logged into @Leo the Great's nation or did anything rule-breaking, to my knowledge.

 

For some clarification on this:

Automated trading bots/scripts are not allowed. The "bot" we're discussing here (BK's bank management system) is not what I would consider "automated" because, to my knowledge, it's all requires manual inputs. I.E., users are going through Discord to trigger deposits/withdrawals instead of directly through the site. My general (not exact) rule is that tools which make the game more convenient to use are okay (Discord bots with helpful functionality, mass-messaging recruitment scripts) but bots/script that actually automate behavior are not (i.e. a bot that would monitor all alliance wars and automatically transfer alliance bank balances immediately prior to any looting events.)

 

So, there are two separate discussions going on here in my opinion: first, whether or not what happened here was "wrong" or illegal per the game rules. To my understanding, no, no rules were broken. I don't enforce the rules on how BK's bot works, and if they made a system that could be so easily manipulated into letting someone withdraw their whole bank, remove members from their alliance, etc. that's their fault and the person who did it is not to blame, assuming they're not in violation of any other rules. From the access records, I don't see any evidence that anyone new accessed @Leo the Great's nation, which means either he made all the transactions/removals himself, or it was done on his behalf by some script that he had given permission to do those things from his account.

 

The other discussion is about whether bots like BK's banking bot should be allowed. I'm more than happy to have a good-faith debate on the limits on what should and should not be allowed, but I don't know that that's topical here. The BK banking thing was already approved by me, per my understanding of how it works and my general rules (above) on what I do and don't allow in terms of "bots."

IF I wanted to pull funds from BK banking, I would log on to the site (I would not need to be in game) request funds and the site will log in to the bankers account (he will not even know it has happened) and it will send the funds.

So would this not be automated on the fact that the banker would not need to be active, in truth he could be in Jail for 90 days with no internet and they can still use the system to move his cash and keep him active.

Link to comment
Share on other sites

  • Administrators
Just now, Bjorn Ironside said:

IF I wanted to pull funds from BK banking, I would log on to the site (I would not need to be in game) request funds and the site will log in to the bankers account (he will not even know it has happened) and it will send the funds.

So would this not be automated on the fact that the banker would not need to be active, in truth he could be in Jail for 90 days with no internet and they can still use the system to move his cash and keep him active.

Someone is still triggering the action though (through the site.) I don't think that the user account specifically is particularly important for the bot to work, it's just that they need some account to make it possible.

While I would certainly strongly recommend against giving access to your account for things like this (this whole debacle being a prime example of the dangers) I've allowed it as there's no way to interface with the API directly at this time. If I didn't allow such things, a lot of cool off-site management tools would not be possible.

Again, I'm happy to have a good-faith debate on what should and shouldn't be allowed, but that's probably best suited for a separate discussion on the rules.

  • Like 1

Is there a bug? Report It | Not understanding game mechanics? Ask About It | Got a good idea? Suggest It

Forums Rules | Game Link

Link to comment
Share on other sites

Guest Elijah Mikaelson
Just now, Alex said:

Someone is still triggering the action though (through the site.) I don't think that the user account specifically is particularly important for the bot to work, it's just that they need some account to make it possible.

While I would certainly strongly recommend against giving access to your account for things like this (this whole debacle being a prime example of the dangers) I've allowed it as there's no way to interface with the API directly at this time. If I didn't allow such things, a lot of cool off-site management tools would not be possible.

Again, I'm happy to have a good-faith debate on what should and shouldn't be allowed, but that's probably best suited for a separate discussion on the rules.

So with that said, I would guess it would be Ok for someone now to make a bot that only requires one person to press one button then it can log on every account within the alliance and declare wars and do actions as it was started off with one person pressing a button? as it would not be automated as one person pressed a button? 

Link to comment
Share on other sites

Guest Elijah Mikaelson

@Alex

Would it be fair if an alliance has two offshore alliances, with a single nation in each alliance. Then use the BK banking to move the whole bank from one alliance to another to avoid it being looted? without the two nations in both alliances being offline unable to log in?

just trying to get a clear idea what we can do.

Link to comment
Share on other sites

7 minutes ago, Bjorn Ironside said:

So with that said, I would guess it would be Ok for someone now to make a bot that only requires one person to press one button then it can log on every account within the alliance and declare wars and do actions as it was started off with one person pressing a button? as it would not be automated as one person pressed a button? 

It's also often not people accessing their nation with these systems. They're using it to directly interact with an account belonging to someone else, which seems to extend beyond the reasonable grey area surrounding this sort of thing.

image.png?ex=65f5ad0b&is=65e3380b&hm=0a640d0767cb6936d92567608b47cf3887ad83c117a24672a3d863cd0ce3a642&

Link to comment
Share on other sites

Guest Elijah Mikaelson
Just now, Asierith said:

It's also often not people accessing their nation with these systems. They're using it to directly interact with an account belonging to someone else, which seems to extend beyond the reasonable grey area surrounding this sort of thing.

I totally agree

Link to comment
Share on other sites

1 hour ago, Bjorn Ironside said:

When you pull your head out and come up for air, you will read some of my comments and understand where I stand, but as BK are blind I will explain.

1) Nations being removed from BK, I hope whoever did that gets banned, if someone hacked Leo's account they should be banned, IF Leo did it as he has done before he should be banned for faking being hacked.

2) Forcing people to quit is not an ingame event no matter how you look at it, or try to twist it.

3) Two players that BK and allies has lied about, and openly stating they would force us to quit, and we do not have the right to live, should we have love for you? 

4) The BOT should have been banned for a long time, I bet Alex did not fully understand how it worked, if he knew that anyone can log on to BKnet and send cash using someone else's nation with that person not needing to log on, he would ban it.

1. Agreed

2. It actually is. Forfeiting any game is part of the game. It doesnt occur often but both sides used it.

3. You agreed to something then backed out. And garge took moneyz from me too. How should I pull my head out when you are clearly full of it? 

4. If you think alex is such a loser, not knowing a bunch of stuff, being a dipshit moderator (then ignore his arguments), why stick around? 

5. No hacks were detected, doesnt mean leo did it. Learn some logic.

  • Upvote 2
Link to comment
Share on other sites

8 minutes ago, Bjorn Ironside said:

So with that said, I would guess it would be Ok for someone now to make a bot that only requires one person to press one button then it can log on every account within the alliance and declare wars and do actions as it was started off with one person pressing a button? as it would not be automated as one person pressed a button? 

That'd be automated, since they're pressing buttons, not *a button*.  Alex was actually pretty specific on his allowance if you bothered to read it instead of responding to the air.

13 minutes ago, Alex said:

Someone is still triggering the action though (through the site.)

Note the bold is not plural.  You can make an app to send money, as long as it requires the command to be given by a human.  You can make an app to do x, so long as the command (remember your pluralization rules here) is done by a human.

Quote

Former leader of Chocolate Castle 4/1/2021

"It's pretty easy to get abused by Rosey without being a weirdo about it" - Betilius

"Rosey is everything I look for in a fighter" - partisan

"I’m very much not surprised that Lossi has you blocked tbh" - @MCMaster-095

Link to comment
Share on other sites

Guest Elijah Mikaelson
Just now, Duke Arthur said:

1. Agreed

2. It actually is. Forfeiting any game is part of the game. It doesnt occur often but both sides used it.

3. You agreed to something then backed out. And garge took moneyz from me too. How should I pull my head out when you are clearly full of it? 

4. If you think alex is such a loser, not knowing a bunch of stuff, being a dipshit moderator (then ignore his arguments), why stick around? 

5. No hacks were detected, doesnt mean leo did it. Learn some logic.

Alex stated no new IP's logged in to Leo's account, and everyone has already stated that BKnet can not remove people? so please explain how ti was done?

I made an agreement based on Gorge paying for it, I had no part in what was stolen, Gorge repaid his loan to me, oddly enough when i demanded to see the BKnet logs of in and out cash they blamed gorge for nuking it and cant give me that information.

I never said Alex was a loser, I simply said he was lied too

Link to comment
Share on other sites

  • Administrators
14 minutes ago, Bjorn Ironside said:

So with that said, I would guess it would be Ok for someone now to make a bot that only requires one person to press one button then it can log on every account within the alliance and declare wars and do actions as it was started off with one person pressing a button? as it would not be automated as one person pressed a button? 

No, that would certainly not be allowed. You're not understanding the general rules I outlined, which is that bots that make the game a bit more convenient (making a withdrawal via a Discord interface rather than an in-game interface, for example) are generally okay, whereas a bot that actually played the game for you (built your cities, declared your wars, whatever) would not be.

  • Upvote 1

Is there a bug? Report It | Not understanding game mechanics? Ask About It | Got a good idea? Suggest It

Forums Rules | Game Link

Link to comment
Share on other sites

Guest Elijah Mikaelson
3 minutes ago, Rosey Song said:

That'd be automated, since they're pressing buttons, not *a button*.  Alex was actually pretty specific on his allowance if you bothered to read it instead of responding to the air.

Note the bold is not plural.  You can make an app to send money, as long as it requires the command to be given by a human.  You can make an app to do x, so long as the command (remember your pluralization rules here) is done by a human.

really, so logging on, sending funds of different amounts, sending a message saying its been sent, then logging off is one action?

Link to comment
Share on other sites

  • Administrators
3 minutes ago, Bjorn Ironside said:

Alex stated no new IP's logged in to Leo's account, and everyone has already stated that BKnet can not remove people? so please explain how ti was done?

My understanding was that the bot did have built in functionality for kicking inactive nations from the alliance, or at least that was the intention.

I fully presume that there were some bugs with the BK bot that were abused to create the chaos that occurred, but I do not claim to be responsible for their bot or enforce it be used in one specific way.

There's a difference between "so and so brute-forced my password and did these actions on my account" and "so and so found a way to use this bot in a way we didn't intend and didn't think was possible."

Is there a bug? Report It | Not understanding game mechanics? Ask About It | Got a good idea? Suggest It

Forums Rules | Game Link

Link to comment
Share on other sites

Guest Elijah Mikaelson
1 minute ago, Alex said:

No, that would certainly not be allowed. You're not understanding the general rules I outlined, which is that bots that make the game a bit more convenient (making a withdrawal via a Discord interface rather than an in-game interface, for example) are generally okay, whereas a bot that actually played the game for you (built your cities, declared your wars, whatever) would not be.

I can agree with this if the person who is withdrawing from the bank owns the account, but its not, anyone who can log on the bot (BK net) can withdraw the cash

Link to comment
Share on other sites

  • Administrators
1 minute ago, Bjorn Ironside said:

really, so logging on, sending funds of different amounts, sending a message saying its been sent, then logging off is one action?

Again, assuming this is being triggered via some sort of Discord command, it's just making the game more convenient, not actually creating any unfair advantage. Going from your example, if you were in Discord and you had the bot connected to your account and you typed something like

!withdraw 100coal 6 "Here's 100 Coal from so-and-so"

And the bot took that input and made a withdrawal for 100 coal to the target nation with ID 6 and sent the message "Here's 100 Coal from so-and-so" that's not really giving you any unfair advantage. You could have logged in, made the withdrawal yourself, and send the message yourself, but the bot is setup to make that process more convenient for you. Again, bots that make things more convenient are generally allowed.

Is there a bug? Report It | Not understanding game mechanics? Ask About It | Got a good idea? Suggest It

Forums Rules | Game Link

Link to comment
Share on other sites

Guest Elijah Mikaelson
Just now, Alex said:

Again, assuming this is being triggered via some sort of Discord command, it's just making the game more convenient, not actually creating any unfair advantage. Going from your example, if you were in Discord and you had the bot connected to your account and you typed something like

!withdraw 100coal 6 "Here's 100 Coal from so-and-so"

And the bot took that input and made a withdrawal for 100 coal to the target nation with ID 6 and sent the message "Here's 100 Coal from so-and-so" that's not really giving you any unfair advantage. You could have logged in, made the withdrawal yourself, and send the message yourself, but the bot is setup to make that process more convenient for you. Again, bots that make things more convenient are generally allowed.

As i said before, I understand this if the person using the bot owned the account it was connected too, but as proven by this whole issue anyone can use the bot to log on to leos account, so that do give them an unfair advantage when it comes to moving banks, as leo would not need to be on in order for it to be moved.

Link to comment
Share on other sites

3 minutes ago, Alex said:

Again, assuming this is being triggered via some sort of Discord command, it's just making the game more convenient, not actually creating any unfair advantage. Going from your example, if you were in Discord and you had the bot connected to your account and you typed something like

!withdraw 100coal 6 "Here's 100 Coal from so-and-so"

And the bot took that input and made a withdrawal for 100 coal to the target nation with ID 6 and sent the message "Here's 100 Coal from so-and-so" that's not really giving you any unfair advantage. You could have logged in, made the withdrawal yourself, and send the message yourself, but the bot is setup to make that process more convenient for you. Again, bots that make things more convenient are generally allowed.

This bot appeared to have the functionality of allowing you to withdraw things either directly from or using the account of others (ie a gov member). This is quite different from the example you described here, which involves accessing your own account.

image.png?ex=65f5ad0b&is=65e3380b&hm=0a640d0767cb6936d92567608b47cf3887ad83c117a24672a3d863cd0ce3a642&

Link to comment
Share on other sites

3 minutes ago, Alex said:

Again, assuming this is being triggered via some sort of Discord command, it's just making the game more convenient, not actually creating any unfair advantage. Going from your example, if you were in Discord and you had the bot connected to your account and you typed something like

!withdraw 100coal 6 "Here's 100 Coal from so-and-so"

And the bot took that input and made a withdrawal for 100 coal to the target nation with ID 6 and sent the message "Here's 100 Coal from so-and-so" that's not really giving you any unfair advantage. You could have logged in, made the withdrawal yourself, and send the message yourself, but the bot is setup to make that process more convenient for you. Again, bots that make things more convenient are generally allowed.

The reason that many here believe that this bot is illegal is that it does not actually require the bankers nation to be active to make the withdrawal. Therefore, it gives an advantage to BK (and anybody using this bot) that those of us without access to such programing knowledge do not have.

If I wanted to withdraw my resources or money from TI bank, I have to wait for Tyrion to be online. This is not the case for BK: meaning that a nation could theoretically put their money in the bank, get beiged and then remove it without having to wait for the banker to be online. This instancy is a luxury that the rest of us do not have.

Link to comment
Share on other sites

13 minutes ago, Alex said:

No, that would certainly not be allowed. You're not understanding the general rules I outlined, which is that bots that make the game a bit more convenient (making a withdrawal via a Discord interface rather than an in-game interface, for example) are generally okay, whereas a bot that actually played the game for you (built your cities, declared your wars, whatever) would not be.

Alliance members through normal gameplay cannot access the accounts of the bankers, and through it the alliance bank without the required permissions. This is a function that the bot is creating that does not exist elsewhere and goes beyond convenience. Without the bot, an alliance is forced to either make greater demands of existing bankers, to deal with the disruption from bankers not being on immediately, or bring on more bankers and increase the chance of someone stealing from the bank.

  • Upvote 1

Praise Dio. Every !@#$ing day.

Link to comment
Share on other sites

  • Administrators

I hear your points about access even if the main "banker" is offline, and again, I'm open to having a good-faith discussion about what the limits ought to be on the rule. However, I don't think that that has anything to do with this thread about alleged "hacking."

  • Upvote 2

Is there a bug? Report It | Not understanding game mechanics? Ask About It | Got a good idea? Suggest It

Forums Rules | Game Link

Link to comment
Share on other sites

my personal opinion: I don't have any issues with @George not getting banned, since @george didn't physically login to Leo's account, so @Bjorn Ironside is right. sorry bout any misunderstandings earlier. u guys are ok ^^

 (but yeah, don't be trusting offsite tools anymore, they're a bit sketchy. ) 

 

 

 

 

Link to comment
Share on other sites

2 hours ago, Alex said:

I hear your points about access even if the main "banker" is offline, and again, I'm open to having a good-faith discussion about what the limits ought to be on the rule. However, I don't think that that has anything to do with this thread about alleged "hacking."

Ok I will talk about the bot in another thread

Let's talk about the fact that no one logged in with Leo's account other than him, so who removed the players?

From what you said can be only Leo, could be he saw the money gone and did that trying to have George banned? Then you should give him at least some kind of warning if not a ban for faking a report I think

If the players were removed and the money "stolen" at the same then it's not Leo's fault and we have two options, George did more than what we know or BKnet does more than what we know, can you check if the things happened at the same time?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and the Guidelines of the game and community.