There were no keylogger in the first version of TSRW, this myth was started by Pescado for a change, with the same "Pescado logic" that's been applied in the hacking accusations.
That is, to make the impression that you have come to a conclusion using a logical equation which can not be wrong.
Most of you seem to buy in to it because it fits with your view of the world, you simply don't understand or that you buy it just because you don't WANT to understand.

You can't rely on a logical equation where not all factors are known or made up assumptions about the result of other logical equations with the same flaws.
Neither can you remove parts from just one side of an equation.
Here's some good reading on the subject: http://www.brianrude.com/sci-mt.htm

Now back to topic:
The first version of TSRW were using a method of reading input from the keyboard that were taken directly from our previous workshop (which we were working on for sims 2 but never released).
That version was made completely without the use of the normal windows toolkit for handling user interface and interaction. That meant we had to use a keyboard hook to be able to read input from the keyboard.
This is normal way to do things in such applications.

The keyboard hook in itself is harmless but the technique can be used in harmful applications such as keyloggers.
The security software triggered on the keyboard hook, they did not say it was a keylogger.

External parties have examined this and haven't found any grounds for this. That is the prism people and a programmer who use to hang out in the MTS IRC, someone who i think all parties would agree to say is a very good one.
He went through the code in the first version of TSRW specifically to find out if there was any truth in the accusations about a keylogger.
If you don't take my word for it then maybe you can try to ask him. He might not want to get involved but he was asked to do it by someone else (which i don't remember who it was) but if that someone is here maybe you could confirm this?

I will not tell you what to think but i have given you facts that can be verified while you depend on flawed logic.

I don't have time to address everything else right now.

And this it the last one i'm going to have time for tonight.
 
Yes i can definitely understand that.
The list looked genuine to me and i don't think she knew the "sherriesim" IP's when i got the list (i'm not 100% sure of that though).
This list was acquired by the service provider "Bredbandbolaget" and was submitted to the police for use in their investigation.
To fake something that could very easily be found out by the police should they investigate it makes me think it's likely genuine.

If you isolate things to just what happened to buggybooz then yeah that logic holds but there were other things connected to this which i listed before that complicates things and to me rules out the possibility that this was what happened.

Edit: fixed quoting error

I know that and i have considered the possibility and i have ruled it out based on what in know about the people.
We don't run background checks on all artists simply because there's no need for it. Before someone becomes a FA i'm sure we have a pretty good picture of who they are. We also require additional personal information in that step.

Artist nomination is not part of what i do on TSR so i don't really know. What i can say is that we have tried to make it clear that she can't be an artist on TSR anymore.
Out of normal human decency i don't want to go into a lot of detail regarding this, the whole thing is rather sad and i don't want to be part of it by adding more fuel to the fire.  

Edit: i forgot the second part:
Also not really my area so i don't have the facts (i got involved when we needed to investigate the hackings) but i would agree that stealing content from any creator, free or not, is wrong.

I believe it was actually removed. She has reappeared using new accounts though.
We have taken steps to prevent that but it obviously didn't work.

Yes i acknowledge that was an error in judgement. I'm currently reading up on the Swedish law regarding how personal data can be stored and handled to make sure that we are fully compliant with it.
We have also decided to get rid of unnecessary information in our member database such as home address.  

Oops, i think i managed to submit my reply when it wasn't finished.
Here is the full reply, please disregard my previous post.

No worries, i'm still here Like Pescado guessed i've been busy with other things.

To begin with i would like to clarify that the only ones with access to the database are the founders and one paid staff member, six individuals including me, three of them i meet daily. I've known all them for at least ten years, some my whole life. I would say that i know them well enough to rule out the possibility that one of them would have performed the hacking or that they would have provided information that made it possible for someone else to do it.
Every one of them are intelligent enough to realize how utterly stupid it would be to do such things.
Since you don't know them i can understand why you think this is a possibility but from where i stand it's simply not.

Now i'm not really sure what hacking incident we're talking about here so i'm going to assume it's either buggybooz, the petition or both.
If it is only theese two then i don't see a consistent pattern.
If we start with the petition, what i know about that is what i've read here, an obvious flaw in your logic behind it must be a TSR db admin is that bluesoup did not use the same password for the petition as on TSR.
Ignore that for a second and imagine that we got our hands on the petition, why on earth would we hand it over to Atwa (as was claimed by coconut)? I can't think of a motive for us wanting it in the first place but if we somehow got it i can't think of any better way of revealing ourselves than to start distributing it, it just doesn't make any sense.

As for buggybooz, and this is taken from memory and from going through my correspondance with delphy, it was indeed established that she had used the same password on MTS and TSR (a very peculiar one, at least for use on MTS).
So in this case it can theoretically have come from our database. I don't know if the same password was used on other sites as well.
Whoever was behind this must have known what username buggybooz had on TSR and that was not well known in the community. Her account on TSR was logged in to by someone with exactly the same user agent string (which were not a very common one, i compared it to other logins in our login history and it was fairly unique) and an IP that was the same or was in the same range as was used on s2c (Hide my IP), slightly after the hacking took place on MTS.
That same signature also:
* logged in as "hamilton" on MTS (that's Thomas account on there)
* logged in as "sherriesim" on MTS, both with Hide my IP and unproxied IP's
* logged in as "leftywillnot" on TSR
* logged in to a bunch of FA accounts and removed a lot of files
 
Around this time Atwa informed us that her webmail account had been logged in to for quite some time by someone else. In the list of IP's she got from the service provider we were able to match them to someone's unproxied IP, someone who was linked with the hacking. Unfortunately we didn't get the user agent from that list but i have a very strong suspicion that it would have matched the hackers signature.

What the hacker did using buggyz account on MTS is also very strange, some pro-paysite propaganda was posted. I find it more likely that it was intentionally done to point fingers at TSR than any other explanation for it, there has to be some bounderies for what level of stupidity you can think is probable.

My conclusion from all of this is that it was likely someone in the anti-TSR camp behind the buggy incident.
I don't have all the answers but there's enough things pointing in the same direction to convince ME.

I have to cut here because i really need to go to bed now...

No worries, i'm still here Like Pescado guessed i've been busy with other things.


To begin with i would like to clarify that the only ones with access to the database are the founders and one paid staff member, six individuals including me, three of them i meet daily. I've known all them for at least ten years, some my whole life. I would say that i know them well enough to rule out the possibility that one of them would have performed the hacking or that they would have provided information that made it possible for someone else to do it.
Every one of them are intelligent enough to realize how utterly stupid it would be to do such things.
Since you don't know them i can understand why you think this is a possibility but from where i stand it's simply not a possibility.

Now i'm not really sure what hacking incident we're talking about here so i'm going to assume it's either buggybooz, the petition or both.
If we start with the petition, what i know about that is what i've read here, there are some flaws in your reasoning:
* Obvious one, bluesoup did not use the same password for the petition as on TSR

A computer security leak on your system would require that someone have the technical skills needed to independently find and exploit it. To independently find and exploit such a vulnerability would involve skills on par with some of the best in the community. For this individual to be sufficiently motivated to want to smear TSR, so unknown as to not be one of us already, and so stupid and short-sighted as to squander such an advantage on false-flag defacement would be extremely implausible. If it is a figure OUTSIDE the community, then they would simply not CARE about attempting a false flag defacement using your database's information, and would simply have vandalized your site, and run home to brag about it to his friends. Given this understanding of how hackers operate, it is clear and obvious that whoever is doing this is one of your staff, one of your staff with database access. If it is not you and you do not know who it is, then TSR has some real problems internally.

I have every reason to believe that it is likely the case that the person with the database access did not personally carry out the hackings. However, it is manifestly clear that this person clearly released this information to people who he knew WOULD. This seperation between knowledge and use also fits the pattern of destruction, as the information used was not employed skillfully, and effectively squandered any advantage that your side could have gained through its use. Basically, one of you felt that TSR could avoid responsibility for it by releasing the information to a rogue operator. From a legalist standpoint, this is almost certainly true, as enough plausible deniability can be created by such a scenario to rule out any real possibility of legal conviction, but that is not sufficient to convince ME. I know how the game works, and I see what you did there.

Motive? Well, from a logical, calculating perspective, this was an utterly stupid, bone-headed move. If you were going to misuse private information to hack sites, such an act effectively squandered any possible advantage you could have gained through its long-term use. So you are right, the motive for this does not make any logical sense and TSR has absolutely nothing whatsoever to gain from such an act. This is why you disbelieve it.

However, you disregard the element of simple stupidity. The fact of the matter is, most people are NOT calculating and saavy hackers and veteran netwarriors, and this likely holds true for most of your staff. Someone on your staff acted out of a desire for simple, petty vengeance against something that pissed them off. They ignored what would have been logical in favor of acting irrationally. Is this hard to believe? TSR staffers are not chosen because they are robot-like beings stripped of most emotional impulses. Such people do not make good artists and do not relate well to the type of community you keep.

Well, a security leak, or someone is violating your stated policy. There is every reason to believe your security fault lies in the wetware rather than the software.

I'm familiar this: But there's one key thing that differentiates such attackers, which are very common and have hit sites, but the ATTACK PROFILE is different. 12 year old l33t h4xx0r d00dz don't steal account information from databases and then strike back at people who have expressed anti-TSR sentiments. 12s will just vandalize your site, wipe your database, and run off to brag to their friends about it. Happens all the time, even in this community. Sometimes people blame TSR for that, but I always have rejected such claims, as the attack profile does not match that of a targeted move.

That seems to be the "official explanation", but I don't really buy that. While the database may NOW be using hashed passwords, this is a bit like closing the barn door after the horses have left.

Again, I know all this. However, remember, the attack profile. People who scan and nuke do so with automated scripts aiming for quantity, not quality. This is common netwar material and I basically disregard this as having any association with any community-relevant motive. Happens all the time, like you said. Every admin knows that. But this? This is different. This is a leveraged attack. Someone harvested SPECIFIC information, and then spent a lot of time looking for a SPECIFIC place to employ it to commit an act that shows every sign of being politically motivated. While not quite in the realm of wizardry, a targeted, politically motivated attack, using information gleaned from an undisclosed security flaw, is still highly skilled. For someone to do such an act, he would have to be on the skill level of someone like myself or Delphy. Such figures are not exactly COMMON in this community. So to claim that THIS is what happened is effectively to accuse either a known member of the community, or to postulate the existence of some unknown, yet powerful, dark horse coder with strong political motivations for one side (either to hack in the name of TSR, or to defame TSR by conducting a false flag attack). And that? That is on the verge of tinfoil hat territory.

I don't simplify things too much at all. I consider all the angles, and I discard that which simply doesn't fit. The result seems like a simple Reader's Digest, but honestly, to explain it to people in this community, it sort of has to be. In short, the only explanation that FITS is that an agent is operating with the assistance of a database administrator. It is, in all likelyhood, NOT the database administrator himself, because such a smoking gun would render you open to criminal charges and would certainly destroy TSR's reputation utterly, as there would be no doubters if you could meet the level of proof needed to convince Delphy, who is a good programmer with a solid understanding of web programming, but not a netwarrior.

So, obviously, we're dealing with agent-by-proxy here. Someone released the information to an agent, perhaps on request, or simply knowing what they would do with it. You're certain NO ONE would EVER do that? That is a very strong assertion to make. Not even one I would make of my own staff, which is why I do not hand out database access. If you, personally, would never consider such an act, as, frankly, even if you were of malicious intent, from a technical standpoint, it is a really STUPID thing to do, and you seem like you have a decent understanding of technical things, are all of your database administrators techs? I doubt that.
[/quote]

Thank you for taking the time to explain your reasoning, i can understand your point of view.

I agree that it's most likely some individual(s) from within the community that is behind it but i wouldn't so easily jump to the conclusion that it necessarily has to be TSR though.
It could for example be someone from your side of the fence that likes to stir up shit and see what happens or just for giving TSR an even worse reputation.
If this is the case it has been working pretty well so far.

We can't completely rule out that information somehow was leaked from our database, either intentionally by someone on staff or by some security leak in our system.
Since i personally know everyone with access to the database (and we are very few) that option is not a compelling explanation to me, i truly do not believe it is the case.
I also don't see the motive for doing so.
What could we possibly have to gain from having some other site in the community hacked?
Before some pirate throws in a standard reply about how evil and immoral TSR is please think just a little bit further.
All continued hackings after the first one we got the blame for would only add to our "guilt" and for what? Just for the fun of messing with someone?

The other option, that we had a security leak, is to me no more attractive than the first option however it would be more likely.
Although i agree that an old school Wizard wouldn't do stupid shit like this the situation nowadays are a bit different.
You have probably just like me seen what happens to a server once you connect it to the Internet, it doesn't take very long before signs of port scans and other probes start showing up in your logs.
For the most part probably not real hackers in the proper meaning of the word but rather 12's hanging on various l33t sites are running scanners (that they didn't write themselves) to find known exploits in various systems.
Not only vulnerabilities at the web application level (SQL injections for example, which can work on all kind of web applications if you're not careful with checking POST/GET variables used in queries) but also on the operating system and services levels. Once you find one, inject a suitable pre-made rootkit and there you go. Or if you find a way to inject SQL get a list of logins or add yourself as an admin. You're in without necessarily having to know very much, you just need some time, persistence and access the right tools.
I've seen it happen

There were some weird things going on around the time of the buggybooz incident that we didn't manage to find adequate explanations for and because of that we took measures to improve security on our servers and applications.
We also changed the database to use encrypted passwords some time after that.

Perhaps it's even more likely that something like this is what happened to the other community sites, with the right tools you don't have to be a wizard in order to get access to a system.
I would imagine cheap shared servers are not always up to date and properly protected from such attacks. Even if they are at the operating system the forum software might be open for attacks, for example.

So although i can see the logic behind your arguments i think you over simplify things just a little too much, intentional or not.

You're right, i'm not the entirety of TSR and realistically i can not give any guarantees for anyones actions other than my own.
What i can guarantee is that we (as in the group of founders and paid staff) do not encourage nor endorse any kind of hacking activity.
If you or anyone else here have evidence that someone from TSR is behind such things we would appreciate it if you would let us know because that person is not someone we want to be associated with.

I would be delighted to hear more about the hackings you haven't already ruled out and why you think it's possible or even likely it was someone from TSR.

It almost sounds like you believe we hand out member information to our FA's on a regular basis? We do not. The event everyone keep referring to took place years ago. It was not without reason, those were names of members who we had found to be sharing our files through the watermark.
What i personally think about it may not reflect our official standing that it was justified. I did think it was at the time.

Since we don't have and never have had access to the petition or whatever it is we couldn't have released it to anyone either way.
 

Regarding atwa/carpe diem
It's not strange at all that she managed to hide using a different name. We have no reason to run background checks on all artists.

@WedgewoodBlue
We were told by the ones we talked to at EA that they were going to change the EULA for the next expansion pack. As it turned out that never happened but we were not deliberately lying.

@Moune
Have you seen any kind of evidence for our "history of hacking" that i assume is what makes it likely that we hacked the petition? More than just Pescados stories that is.
If not, what makes it likely he would be telling the truth? Isn't it in his interest to make us look guilty considering what PMBD stands for?

@Sarafina
I don't want to be rude but that's not something i want to discuss with you or anyone else here.

I'm really not comfortable in adding more fuel to coconut's fire. There is a real person behind all of this and there is no decency in the witch hunt going on.
We have tried to make it clear to her that she can't be an artist on TSR. We don't do extensive background checks on every new artists that join us, no artist have access to the member database or other sensitive information though.

1. I'm not NOW denying, i've said it from the start that we don't have anything to do with the list. Yes we read it on Coconut's blog. What Atwa said or didn't say is beyond our control.
I'm not here to defend Atwa, what she does or doesn't do is completely on her own. With that said, do you know for sure what she have claimed, if it ever happened?

2. I have explained why i came here.

3. That's not what i'm saying. She recently managed to sneak in as CarpeDiem and without us knowing it was her she managed to become a select artist. At the time she became the artist manager she was indeed promoted from within, as Atwa.

4. I don't agree with "questionable business ethics" and "Thomas makes a colossal blunder".

5. As far as i remember i did try to help you in support but we never managed to sort it out (and netiher did Delphy, this was the buggybooz incident that we also get the blame for). We did our best to help him in the investigation therefore we sent him the list of logins or login attempts that were following the same pattern as the compromised accounts on his site.
We should have informed you that your account was compromised, that was probably my own fault for not doing so. I was caught up investigations and didn't think of it.
If i didn't tell you i'm sorry before then here it comes: I'm sorry for neglecting to inform you that someone other than you logged in to your account.

I have no interest in finding you on TSR, as far as i know you haven't done anything that you should get banned for.
The rest is your personal opinion, i have another.

So all of a sudden if the list was hacked TSR is guilty, even without any sort of evidence?
All Pescado's been doing is telling stories about how he knows hacking and that we're too stupid for doing proper hacking but have some kind of leverage.
He have been asked to present such evidence on several occasions (both now by you and i've asked him in the past) but he have failed to do so.