next »

[SkS_Ltdanwr8]

I am currently having a problem I hope that you might be able to give me a little insight about:
 
One of our members, -=SkS=-Beachbabe, has been inaccurately linked to a hacker .
 
Her account is listed here: http://www.hazardaaclan.com/history/accounthistory.php?guid=0F182A326D4EF265132B8E3B5976FA81
 
However, if you look at the linked account of [RAT]Beachbabe (http://www.hazardaaclan.com/history/accounthistory.php?guid=E1C4873D16F8D928C3ECF65552E28A48), you will see that it has two bans on it. An AASA and a PSB ban. We know that this is not her. This is the work of the player "ex-legion", which you will see under the previous names.
 
Now you might say, "that due to one ip and one mac and one guid, that this is the same player". We know this not to be true due to evidence we have found.
 
http://www.punksbusted.com/cgi-bin/membership/ban.cgi?par=V00354B60;query=Search;_accCheck=1
 
If you look into the info on these specific infractions, you will see that ex-legion used an ip (222.64.186.174). that is not listed under HazardAA to beachbabe.  By tracing the IP used by the hacker, we find that it goes back to Shanghai, China. This ban was placed on August 11th 2005. Beachbabe is 15, started playing AA in 2007, and lives in California.
 
http://www.aaserveradmins.com/forums/index.php?showtopic=35115&hl=ex-Legion
 
With this evidence link here, you will see that ex-legion was caught using a wall-hack. Notice the date of the infraction. You will find that this same hack was used a day before the previous hack was used. Again, Beachbabe had not started playing before 2007.
 
Also, something else of notice, when looking at the first evidence  link and the IP address of the server on which the hacker ex-legion was caught, you will notice that the server port number of that time was 1816. AA server port numbers must be 1716. Is this due to an update in Americas Army?

Also, when viewing the "view link info" between -=SkS=-Beachbabe and [RAT]Beachbabe, you will see that [RAT]Beachbabe was playing with the 0F182A326D4EF265132B8E3B5976FA81 account (clean) starting in 03/26/07. Only once in the entire logni comparision do you see the hacking GUID of E1C4873D16F8D928C3ECF65552E28A48 show up (05/05/07), in the middle of her time at [RAT]. How is this possible? If this statement is correct, then are you saying that she created a new account, with the same name, to get a new GUID, only to go back to the previous GUID later that day? I don't think that is correct.
 
Is it possible that an accidental recycling of a GUID was used?  Do you have any other possible reasons/fixes for this. Clearly, when looking deeper, you can see that these two people are not the same. Yet they have been linked together.  Is there anyway of accessing the Americas Army User Database in order to help clear this innocent girls name?
 
Thank you for your time and consideration in this. I greatly appreciate any help in clearing up this matter.
 
 
-=SkS=-Ltdanwr8
Bronze Flight Commander
(Security)

[Rifle[Hazard]]

On 2007-05-05 the authentication server went down for approximately four hours (between (15:00 and 19:00 central time.) When the authentication system is taken down players are assigned random GUIDs by the authentication server so game play can continue uninterrupted. Unfortunately this causes inaccurate information to be logged and parsed into my database. I'll further investigate this and see what I can do (there is no way I can proactively prevent this in the future unless the authentication server doesn't assign random GUIDs that are in the range of current accounts.)

Thanks for bringing this to my attention,
Rifle

[SkS_Ltdanwr8]

Thank you Rifle.

[SkS_Ltdanwr8]

With this info that has come to light, will you be able to clear the name of [RAT]Beachbabe on your database and therefore, clear the name of -=SkS=-Beachbabe?

Thank you for your time in this. I would just like to take this space to say -=SkS=- is greatly appreciative to your website. We use it for every background check into our clan and it has saved us from accepting hackers into our clan. You truely have done a great job with the site.

-=SkS=-Ltdanwr8

[Rifle[Hazard]]

If the information is found to be inaccurate (due to the authentication server being down) in all likely hood it will be removed. How ever I will be consulting with a few other people before taking any action.

Thank you for being patient,
Rifle

[SkS_Ltdanwr8]

Thank you again. I definitely can understand wanting to completely verify the situation before taking any actions. I will check back in a few days in order to see  how progress goes and let you get your work done.

That being said, if for any reason, you might need any extra help with anything, you can always contact us at -=SkS=-. We would be glad and eager to assist in any way we can.

If you ever wish to contact us, you can always send an email to:

Me: Ltdanwr8@shadowknightsquadron.com or
Security@shadowknightsquadron.com

or

join us on our Ventrilo server at Voice1.shadowknightsquadron.com port:4799

or
www.shadowknightsquadron.com

Now I will let you work lol.

[SkS_Ltdanwr8]

Is there any updates on the situation, perhaps?

[Rifle[Hazard]]

After talking with a few other people we decided that the best course of action would be to remove your information from the other account (as it is not correct) but the login  will stay in the database so we still have all information on record.

Rifle

[SkS_Ltdanwr8]

So If I understand correctly, the name of [RAT]Beachbabe, her IP, and Mac would be removed from the info of the page with ex-legion's pbguid and hacks. However, the login she had with that pbguid (due to the randomly pbguid assigned to her after the authentication server went down) will still be listed underneath your database?

If this is correct, then I thank you completely for your time in this and your assistance. We are in your debt and if there is anything we can do to assist you in the future, please do not hesitate to give us a holler. We will do all we can to help out.

-=SkS=-Ltdanwr8
Bronze Flight Commander