Hacked

[forestfan]

At the time it did seem obvious that they were just publicising the Hub thing. Not sure how banning me and others helped with that though.

I suspect it was those of us who got in their way by deleting their altered posts or reporting them etc. who they banned, probably along with other moderator accounts.

Think it’s the first time I’ve actually been banned from here anyway, though definitely come close on occasions when dealing with a few idiots

[baganboy]

I do. I am of an age to be almost internet-native.

I have a 1password account given to me from office. Some personal usage is allowed. Google/gmail have 2-factor authentication anyway, as will most banks. I don't use any Fintech products - though they were once part of my sales portfolio

If you are planning to start blah, you can try Bitwarden. It is free, and I hear it is good enough.

[ajcairns]

I understand. I was reading through this for the last couple hours.

How is it okay that one of the FISO mods was hacked by this (minor) terrorist organization? How is it okay that others' posts were tampered with? How is it okay that other posters (old timers such as yourself blah) were thrown out? How is it okay that for a few hours, they could eff order us to do what they wanted?
How is any of this okay?

Who have we bothered? what is anyone's botheration with us? why use and abuse us (because we are small and insignificant in the overall $c#m cesspit that is eff FPL community) in their whatever idealist war? Why eff us?

How is this okay?

Still think it's a FISO account holder involved somehow - they just didn't come here on the off chance looking to hijack a mods account to get a message out. They were already here. A quick cross check of the members list on FISO (at the bottom of the page) you can soon see the common names with the leaked lists and BFMs probably stuck out being in green as a Mod.

Considering what has happened across the community there is not much discussion about it. Why? Probably because everyone is shittin themselves that will be targeted.

[Beerfuelledman]

Btw: do you have those Pwds saved on the likes of Dashlane, or do you type it in everytime for both?

I think I always tried to protect myself from my password being guessed. I never really assumed a site would get hacked and my password would be there to read in plain text and used to access other sites so I never thought about a password generator protector thing. I guess I need to find out what they are and which is best - and in my case, user friendly.

[blahblah]

I do. I am of an age to be almost internet-native.

I have a 1password account given to me from office. Some personal usage is allowed. Google/gmail have 2-factor authentication anyway, as will most banks. I don't use any Fintech products - though they were once part of my sales portfolio

If you are planning to start blah, you can try Bitwarden. It is free, and I hear it is good enough.

Ta, I'll have a look tomorrow along with Dashlane.

[forestfan]

Apple devices have a good password manager/automatic strong password generator.

[baganboy]

Here's a link. Wired(dot)com is kindasorta reliable, they do a lot of good tech journalism.

https://www.wired.com/story/best-password-managers/

[morganb]

I use something called "Post-Its" - they can't hack colourful little squares of paper!

[forestfan]

I use something called "Post-Its" - they can't hack colourful little squares of paper!

The burglars/dodgy workmen etc. can though

[baganboy]

BTW, no judgment calls here about any of you. Cyberterrorism is bloody eff scary, and most of you were not talking from behind a password manager. It's easy to be brave standing behind an army.

[blahblah]

I think a fair few of us will be using a Pwd Manager very soon ..

[admin]

At the time it did seem obvious that they were just publicising the Hub thing. Not sure how banning me and others helped with that though.

The hacker (masquerading as BFM) started by banning all (but one - must have missed spinynorman) of the mods who, if around, could have banned BFM and removed the posts about the FFHub hack. There are 10 mods plus me (I can't be banned by a mod obviously). Then I assume the remaining 9 users banned (most done an hour later) were users online at the time for which he was editing their posts (which they could have edited back).

I've attached the record of the bans undertaken by BFM whilst asleep to show who was banned. I doubt the IP addresses will reveal where the hacker was really based.

(P.S. Can I thank those users that emailed me just after 10:30pm last night to warn me what was happening. I didn't see the emails until 11.30pm though and eventually got to bed about 1am after sorting everything out).

Beerfuelledman-mod-actions4Oct2021-crop.jpg

[forestfan]

I presume it’s impossible for a hacker to ban the “admin” account? As we might really have been struggling then…

[Redsnout]

I understand. I was reading through this for the last couple hours.

How is it okay that one of the FISO mods was hacked by this (minor) terrorist organization? How is it okay that others' posts were tampered with? How is it okay that other posters (old timers such as yourself blah) were thrown out? How is it okay that for a few hours, they could eff order us to do what they wanted?
How is any of this okay?

Who have we bothered? what is anyone's botheration with us? why use and abuse us (because we are small and insignificant in the overall $c#m cesspit that is eff FPL community) in their whatever idealist war? Why eff us?

How is this okay?

Hey BB This is not okay. And it feels shitty to get your personal info to get exposed, or like someone invading into your house. I know the feeling, my daily job is in cyber security It is easy to direct your anger towards the hackers now, but in this day and age, you need to have better security practices if you are hosting users' data. It is the website's responsibility. I think the best thing we can do is to have a proper security hygiene. Secure your internet presence, with password manager (can't recommend Bitwarden enough) and 2FA authenticators. As for FISO, though none is selling the user data here, but we gotta have better security practices. I would have thought at least admins would have 2FA enabled. Maybe we need a self reflection at FISO?

[Stena Bib]

How is this okay?
001001.JPG

How the hell is this okay?
Why were we negotiating with terrorists? Why us? Why FISO? Who have we bothered?

We haven't bothered anyone. How can someone walk into our home, disturb our peace, and ask us to squeal so that someone else hears it?

OK BB i have not seen all of this.

But unfortunately its become the way of the world . its become "EVIL" that's the only word i can use to describe it.

[Beerfuelledman]

Secure your internet presence, with password manager (can't recommend Bitwarden enough) and 2FA authenticators.

Hi mate could you outline (briefly) how these work? Iv'e downloaded Bitwarden but step one is creating a password. I assume, since this will protect my other passwords that it should be very secure)(Ill need to write that down somewhere safe). How then does it move to protecting other passwords?

Sorry - noob.

[baganboy]

Hey BB This is not okay. And it feels shitty to get your personal info to get exposed, or like someone invading into your house. I know the feeling, my daily job is in cyber security It is easy to direct your anger towards the hackers now, but in this day and age, you need to have better security practices if you are hosting users' data. It is the website's responsibility. I think the best thing we can do is to have a proper security hygiene. Secure your internet presence, with password manager (can't recommend Bitwarden enough) and 2FA authenticators. As for FISO, though none is selling the user data here, but we gotta have better security practices. I would have thought at least admins would have 2FA enabled. Maybe we need a self reflection at FISO?

Agree with everything you say, Redsnout.
I just hate the impunity with which these EVIL (you are right, Stena Bib, no other word fits) folks decided to walk in and do what they wanted. FISO is my home at FPL, and post facto, I feel like my personal space has been stepped into.
In the day and age, better security practices have to be the norm. You might not 100% win against the hackers, but you stand a better chance standing behind an army, than do a Jon Snow at the Battle of the bustards.
I was saying this to a friend at FISO - Hub is a bunch of fools. Seriously, how can one think of starting an online business while not understanding the basics cybersecurity (or simply getting someone in to advise who does). I don't doubt the Hub folks' integrity - or that they are nice folks, (Saw Will's short video, he was distraught) but they are absolutely too naive to be in business. That's like starting a bank on an open field, and keeping the money under a brick or something.

[eastcentral1]

I understand. I was reading through this for the last couple hours.

How is it okay that one of the FISO mods was hacked by this (minor) terrorist organization? How is it okay that others' posts were tampered with? How is it okay that other posters (old timers such as yourself blah) were thrown out? How is it okay that for a few hours, they could eff order us to do what they wanted?
How is any of this okay?

Who have we bothered? what is anyone's botheration with us? why use and abuse us (because we are small and insignificant in the overall $c#m cesspit that is eff FPL community) in their whatever idealist war? Why eff us?

How is this okay?

Still think it's a FISO account holder involved somehow - they just didn't come here on the off chance looking to hijack a mods account to get a message out. They were already here. A quick cross check of the members list on FISO (at the bottom of the page) you can soon see the common names with the leaked lists and BFMs probably stuck out being in green as a Mod.

Considering what has happened across the community there is not much discussion about it. Why? Probably because everyone is shittin themselves that will be targeted.

Like I said above, you can easily find fiso by googling the username beerfuelledman. We can't assume the hacker has any connection to fiso.

[blahblah]

Not to mention Private Leagues.....

[forestfan]

You might not 100% win against the hackers, but you stand a better chance standing behind an army, than do a Jon Snow at the Battle of the bustards.

(Spoiler alert) Worked out OK for him, didn’t it? Helps when you have some reinforcements riding to the rescue in Fergie time though

[baganboy]

Haha true... I was just thinking that when writing this. But well, the hero can't die in the season before last, not even in GOT.

[forestfan]

Haha true... I was just thinking that when writing this. But well, the hero can't die in the season before last, not even in GOT.

Not after the writers had already played one particular card a series or so before, at least

Anyway, helps not to know nothing…

[Beerfuelledman]

Secure your internet presence, with password manager (can't recommend Bitwarden enough) and 2FA authenticators.

Hi mate could you outline (briefly) how these work? Iv'e downloaded Bitwarden but step one is creating a password. I assume, since this will protect my other passwords that it should be very secure)(Ill need to write that down somewhere safe). How then does it move to protecting other passwords?

Sorry - noob.

Also - how does it work say if I need to sign into my Playstation account on my playstation - do I need Bitwarden on my playstation to sign in? Do I need Bitwarden on everydevice I want to use? Say Im on Holiday in Greece and want to sign in to something in an internet cafe - Can I do this if I dont know my password because its BitWarden generated?

[Vid]

I've attached the record of the bans undertaken by BFM whilst asleep to show who was banned. The IP address is for a proxy server based in Venezuela.

Looking at the logs a number of different IPs were used during the assault, one of the earliest being from a much reported (over 4k instances) IP in the US, likely the original hacker's IP, surprised the US authorities have done nothing given the number of reports

[Redsnout]

Secure your internet presence, with password manager (can't recommend Bitwarden enough) and 2FA authenticators.

Hi mate could you outline (briefly) how these work? Iv'e downloaded Bitwarden but step one is creating a password. I assume, since this will protect my other passwords that it should be very secure)(Ill need to write that down somewhere safe). How then does it move to protecting other passwords?

Sorry - noob.

No worries mate. I was once.

One of the reasons i recommended Bitwarden over other password manager is, they are open source. I like they have the code transparency and anyone can audit. If I'm going to trust anyone with all my passwords, I wanna make sure there is no backdoor installed. Not that other password managers aren't reliable, i just trust open source more.

As for the Bitwarden password. Yes, you have to remember one password. I would recommend a passphrase. for eg: "MyFirstCarWas2005HondaAccord". Or some random 4 words you can remember. or if that is too long to type, start with something like: "I Would Like To Go See Manchester United Game 2021", use your password as "IwltgsMUg2021". and maybe add a symbol somewhere. Longer passphrases seem to be harder to crack than complex password though, so i would use a passphrase. If you have it your phone, touch id or face id to login afterwards.

So a passphrase is a first step. Second is, enable 2FA for Bitwarden login (https://bitwarden.com/help/article/setu ... tep-login/). You can generate an authenticator code using a generator like 'Authy' or Google Authenticator. If you install this in your phone, you can use your touch id or phase ID to login later, instead of typing passwords each time. At least this way, you are not trusting all your passwords with one company. Hackers would have to hack both your Authy and Bitwarden to access your passwords. All we can do is put guardrails.

[Redsnout]

Secure your internet presence, with password manager (can't recommend Bitwarden enough) and 2FA authenticators.

Hi mate could you outline (briefly) how these work? Iv'e downloaded Bitwarden but step one is creating a password. I assume, since this will protect my other passwords that it should be very secure)(Ill need to write that down somewhere safe). How then does it move to protecting other passwords?

Sorry - noob.

Also - how does it work say if I need to sign into my Playstation account on my playstation - do I need Bitwarden on my playstation to sign in? Do I need Bitwarden on everydevice I want to use? Say Im on Holiday in Greece and want to sign in to something in an internet cafe - Can I do this if I dont know my password because its BitWarden generated?

Most of the Password Mangers have their browser extension and Mobile app versions available, Bitwarden too. I recommend installing both in browser and your phone. It helps to autofill when you visit a website. If you are in a cafe in Greece, you can log into your browser and you would have your all extensions available. or type the password manually checking your phone. If it is a smart device like your playstation or a tv, I'm afraid you would have to type it manually by checking your phone app. Unless the smart devices have Bitwarden app in their appstore.
But yeah, it is inconvenient. Some times you would have to type things manually by checking your phone or PC. I guess that is the price you have to pay for better security.

[Stevieste]

The more I think about it, the more livid I get.
Real-life: A terrorist organization decide that they have a beef with a major country. This feels like them occupying a tiny country who has not bothered anyone, punishing and torturing the residents - and asking them to cry loudly, so the big country can hear it. Bloody eff disgusting.

Hate is a word i use with discretion, but that's the only feeling I have at the moment, honestly.

Chill out BB its not like Blah has been taken hostage or anything !!

I was Permanently Banned though

No you was not and that’s my biggest gripe from last night fiasco

[blahblah]

The more I think about it, the more livid I get.
Real-life: A terrorist organization decide that they have a beef with a major country. This feels like them occupying a tiny country who has not bothered anyone, punishing and torturing the residents - and asking them to cry loudly, so the big country can hear it. Bloody eff disgusting.

Hate is a word i use with discretion, but that's the only feeling I have at the moment, honestly.

Chill out BB its not like Blah has been taken hostage or anything !!

I was Permanently Banned though

No you was not and that’s my biggest gripe from last night fiasco

[Redsnout]

The more I think about it, the more livid I get.
Real-life: A terrorist organization decide that they have a beef with a major country. This feels like them occupying a tiny country who has not bothered anyone, punishing and torturing the residents - and asking them to cry loudly, so the big country can hear it. Bloody eff disgusting.

Hate is a word i use with discretion, but that's the only feeling I have at the moment, honestly.

Chill out BB its not like Blah has been taken hostage or anything !!

I was Permanently Banned though

No you was not and that’s my biggest gripe from last night fiasco

The fact that Blah was banned gives more weight to the theory that hacker is a FISO member

[Malrom]

I'm back .. at least right now.... I'm not even a mod....

Thank you, Sam and Spencer4 and whoever helped to clear that mess!