Return to Unfiction unforum
 a.r.g.b.b 
FAQ FAQ   Search Search 
 
Welcome!
New users, PLEASE read these forum guidelines. New posters, SEARCH before posting and read these rules before posting your killer new campaign. New players may also wish to peruse the ARG Player Tutorial.

All users must abide by the Terms of Service.
Website Restoration Project
This archiving project is a collaboration between Unfiction and Sean Stacey (SpaceBass), Brian Enigma (BrianEnigma), and Laura E. Hall (lehall) with
the Center for Immersive Arts.
Announcements
This is a static snapshot of the
Unfiction forums, as of
July 23, 2017.
This site is intended as an archive to chronicle the history of Alternate Reality Games.
  

The time now is Tue Nov 12, 2024 12:29 am
All times are UTC - 4 (DST in action)		 View posts in this forum since last visit
View unanswered posts in this forum
Calendar
 Forum index » Archive » Archive: General » ARG: Looking for AV
[NEW] altusveritas site
View previous topicView next topic
Page 4 of 7 [97 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7 Next
Author Message
randomtrickpony
Boot

Joined: 25 Sep 2006
Posts: 59
Location: Iceworld of Hoth

 		Ok...here's the chat. This one occured shortly before Mycroft's, just to clear the timing up. So while the puzzle was being solved, the Doc was pissed at me...go figure. What did I ever do?

Quote:
random: Hi doctor!
random: I've been so worried about you
Jochen Peiper: I am sorry I do not think I can talk to you after what banana did. Maybe all of you after after me too?
random: No!
random: I haven't done anything to you...I still really want to help!
Jochen Peiper: I trusted banana more than any person and look what she did. Maybe she is AV. Maybe all fo you are AV
random: But...if you trust no one, then how will you find AV?
Jochen Peiper: Sarah told me not to contact any of you
Jochen Peiper: I have moved to another place
random: yes, but how can you trust her?
random: oh, you did?
Jochen Peiper: She set a trap for banana and the others she gave them accounts on the web site and only banana knew about the account on the altusveritas trap sarah set so if both were changed it must be her.
random: Yes, but my computer was down that day...I did nothing, I considered that mean
Jochen Peiper: It was a very smart thing Sarah did
random: yes, I realized it and did not hack the password
Jochen Peiper: How do I know you all do not work together? you are Bananas friends
random: that would be rude of me to do such a thing
random: because even though we are friends...each of us has different morals. I swear, I did no such thing
Jochen Peiper: I am very upset. I told Banana many things.
random: she told me you were quite angry with her, I can see why
Jochen Peiper: Does she think it is a joke or is she AV?
random: I do not think she is AV, because I have known her from before this all started, and she never went to France. I do not think she believes it is a joke...but I am unsure about anything else...she hasn't wanted to talk to me lately, I am worried about her
Jochen Peiper: She did this to me. I am sure of it. Sarah set the trap and it worked very well.
Jochen Peiper: I must go before she returns
random: Yes, but Sarah's trap could have caught anyone
random: you can just put your status on away and talk to me...I really mean you no harm, that is why I didn't participate
Jochen Peiper: Yes but Banana erased our site and put those evil pictures there..that is not the work of anyone
Jochen Peiper: I have to go


PostPosted: Tue Oct 17, 2006 3:50 pm
 View user's profile
 Back to top 
dvw
Boot

Joined: 05 Apr 2006
Posts: 67
Location: UP A CREEK
Forgery wrote:
Nice one dvw

how did ya do it?


I divided the alpabet into 4 groups of 6. 1 group for each corner on the inner square and 6 in each group for the dots on the side. The upper left corner was group 1. upper right 2. lower right 3. lower left 4. The dot marked on the side was the letter that corresponded to the letter in the group. The one with all 4 courners marked was the letter Y.
_________________
Some days it doesn't pay to chew through the restraints.

It's at that point you realize that the people in the game have voluntarily surrendered their free will in order to participate in a story.

PostPosted: Tue Oct 17, 2006 4:04 pm
 View user's profile Yahoo Messenger
 Back to top 
Forgery
Decorated

Joined: 22 Nov 2005
Posts: 158

 		Wow, thats awesome!

PostPosted: Tue Oct 17, 2006 4:07 pm
 View user's profile
 Back to top 
randomtrickpony
Boot

Joined: 25 Sep 2006
Posts: 59
Location: Iceworld of Hoth

 		Ok, here's the hidden picture for all of you to see. Note: it's saved under the exact file name, because I had to do that in case it was stegged (which I now doubt) So it was called "Christ" I didn't do that.
christ.jpg
 Description   
 Filesize   5.76KB
 Viewed   617 Time(s)

christ.jpg

PostPosted: Tue Oct 17, 2006 4:09 pm
Last edited by randomtrickpony on Tue Oct 17, 2006 4:16 pm; edited 1 time in total
 View user's profile
 Back to top 
dvw
Boot

Joined: 05 Apr 2006
Posts: 67
Location: UP A CREEK

 		Has anyone tried to contact doc since the solve? I can't IM from work or I would try.
_________________
Some days it doesn't pay to chew through the restraints.

It's at that point you realize that the people in the game have voluntarily surrendered their free will in order to participate in a story.

PostPosted: Tue Oct 17, 2006 4:12 pm
 View user's profile Yahoo Messenger
 Back to top 
ardiente
Veteran

Joined: 16 Sep 2006
Posts: 104
Location: London
mycroftxxx wrote:
Could someone start working that out to verify wether or not AngBa is a plant?


Jeez Louise, I go away for a few days and all hell breaks loose (excuse the pun... !). I sincerely doubt that Ang is a plant... The forums are OOG and for that scenario to be true would be a gross breach of etiqette. That Texan cutie is just trying to mess with our collective heads.

Never did trust her...

BTW I'll add my congrats to dvw. Bravo, but it seems we're left waiting for something to happen again.

Jochen, you maybe Satan himself, but you really are, as we say in my neck of the woods, cruising for a bruising Smile

PostPosted: Tue Oct 17, 2006 4:22 pm
 View user's profile
 Back to top 
stilettoblade
Veteran


Joined: 29 Sep 2006
Posts: 127
Location: Colorado
dvw wrote:

I divided the alpabet into 4 groups of 6. 1 group for each corner on the inner square and 6 in each group for the dots on the side. The upper left corner was group 1. upper right 2. lower right 3. lower left 4. The dot marked on the side was the letter that corresponded to the letter in the group. The one with all 4 courners marked was the letter Y.


Grr.... I did exactly that yesterday! but I counted UP the stack of 6 dots instead of DOWN the stack, so i got scrambled nonsense.

good job.
_________________
Played: AV
Playing: PXC, tCotSA

the Human Project Lives!

PostPosted: Tue Oct 17, 2006 4:26 pm
 View user's profile
 Back to top 
AngBa
Unfettered


Joined: 10 Apr 2006
Posts: 532
Location: the pit of misery, KS

 		Well heck... I leave for a few hours and suddenly I am Twisted Evil !

A trap for Banana, eh? If Doc never trusted me, how am I the only one that received a package and was told so many things by the Dr...

I don't have time now, but all I can say is me thinks me won't be having a cyberdate w/ Doc. anytime soon...

I doubt he'd listen to me if I tried to talk to him, but I will give it a go here in a few hours...

(I needed this today... that's some funny stuff! Thanks for posting it guys and gals!)
_________________
Played: WiBS; AV; Enoch of Gatewood
Watching/Interacting: Gabriel Lawson???

I'm only angry because I hate bananas...

PostPosted: Tue Oct 17, 2006 4:56 pm
 View user's profile AIM Address Yahoo Messenger
 Back to top 
dvw
Boot

Joined: 05 Apr 2006
Posts: 67
Location: UP A CREEK

 		Angba do you think this means that the doc is not going to ask you to the prom?????
_________________
Some days it doesn't pay to chew through the restraints.

It's at that point you realize that the people in the game have voluntarily surrendered their free will in order to participate in a story.

PostPosted: Tue Oct 17, 2006 5:01 pm
 View user's profile Yahoo Messenger
 Back to top 
AngBa
Unfettered


Joined: 10 Apr 2006
Posts: 532
Location: the pit of misery, KS

 		Laughing Prolly not - and I already have my dress bought!
_________________
Played: WiBS; AV; Enoch of Gatewood
Watching/Interacting: Gabriel Lawson???

I'm only angry because I hate bananas...

PostPosted: Tue Oct 17, 2006 5:06 pm
 View user's profile AIM Address Yahoo Messenger
 Back to top 
mycroftxxx
Veteran

Joined: 29 Jul 2004
Posts: 103
Location: Houston, Texas
ardiente wrote:
mycroftxxx wrote:
Could someone start working that out to verify wether or not AngBa is a plant?


Jeez Louise, I go away for a few days and all hell breaks loose (excuse the pun... !). I sincerely doubt that Ang is a plant... The forums are OOG and for that scenario to be true would be a gross breach of etiqette. That Texan cutie is just trying to mess with our collective heads.


Oh, I know that - I was just wondering if someone could lay out a web of accountability. I.E., if we can't actually tie her to a known and trusted person, we can verify that she is known to exist by someone for whom being an AV plant is all-but-impossible.

EDIT: SOLVED! (heh) AngBa and Tipsila have been chatting since WiBS, know each other rather well. Tipsila was thought to be a shill in that game, which turned out not to be true. http://argspeak.blogspot.com/2006/02/litmus-test.html discusses the topic both in specific and in general. It also verfies that Tipsila was active and doing not-AV things before the Doc started his public search for them. I don't think the original .wmv relelases of the Warning videos are considered ingame for this iteration, so there is no reason to suspect that AV was watching for mentions of their name previous to the Doc's hunt. It is reasonable to suppose that older active accounts like Tip's and Ang's are real. (atleast, this is roughly how I will present things to the Doc.)

EDIT 2: UNSOLVED! Bannana and Tipsila ARE both plants! You should know what a Banana is, and Tipsila is a lakota word for prairie turnip. Laughing
_________________
Playing: GameIsACoverUp, Superstruct
Played: AV

PostPosted: Tue Oct 17, 2006 5:30 pm
 View user's profile Visit poster's website
 Back to top 
AngBa
Unfettered


Joined: 10 Apr 2006
Posts: 532
Location: the pit of misery, KS
mycroftxxx wrote:
EDIT: SOLVED! (heh) AngBa and Tipsila have been chatting since WiBS, know each other rather well. Tipsila was thought to be a shill in that game, which turned out not to be true. http://argspeak.blogspot.com/2006/02/litmus-test.html discusses the topic both in specific and in general. It also verfies that Tipsila was active and doing not-AV things before the Doc started his public search for them. I don't think the original .wmv relelases of the Warning videos are considered ingame for this iteration, so there is no reason to suspect that AV was watching for mentions of their name previous to the Doc's hunt. It is reasonable to suppose that older active accounts like Tip's and Ang's are real. (atleast, this is roughly how I will present things to the Doc.)

EDIT 2: UNSOLVED! Bannana and Tipsila ARE both plants! You should know what a Banana is, and Tipsila is a lakota word for prairie turnip. Laughing


Also, althought the WiBS forums are now closed - just for the record, I was known as "mrazfan" back in those days (I... I am going to say this ONCE and once only - anyone can think what they want, I am not a shill - a plant or whatever you want to call it. I believe that the PM's knew that this would happen, and I can take the heat and continue playing. A good read on their part. I know what Tips went through trying to prove her innocence when she was thought to be IG, and it just turned out that she was a dedicated and expert researcher!


(oh, and here's all I can find left to prove my innocence - the first link is a response to one of my posts at WiBS. Thanks for havin' my back Tips!)
_________________
Played: WiBS; AV; Enoch of Gatewood
Watching/Interacting: Gabriel Lawson???

I'm only angry because I hate bananas...

PostPosted: Tue Oct 17, 2006 5:50 pm
 View user's profile AIM Address Yahoo Messenger
 Back to top 
maradydd
Boot

Joined: 01 Oct 2003
Posts: 53

 		One really long email thread
Ok guys,

After reading Mycroft's and Pony's chat logs, I decided to "out" myself as the one who sprung the trap. (Wabonan, I know it was really you, but I can talk convincingly about these things, so I decided to go ahead with it. Also the doctor already knows me as a computer security person. I hope you don't mind.) My goal here is to show that the person who sprang their trap is not the same as the person who defaced the websites.

Conveniently, last night I had emailed Sarah offering her forensic help on figuring out who defaced the site. That email is included at the bottom below; above it is a nasty, unhinged reply from Sarah. I forwarded this reply, and my reply to it, directly to Jochen, because at this point I think Sarah's either nuts or she's an AV plant and she's either going to hurt the Doctor or she's trying to.

Quote:
Dr. Peiper,

I just received the message below from Sarah, and I think there's been a terrible mistake here. I'll understand if you end up ignoring this or even deleting this message unread, but please hear me out.

As I told you in the very beginning, I've done some work in computer security. You can verify this independently if you like; google on "Meredith L. Patterson" "black hat" and you'll find information about a talk I gave at the Black Hat Briefings, a prominent information security conference held every year. You can also read the email, attached below, which I sent to Sarah last night with suggestions on how she could track down who defaced your websites.

So, let me explain.

A couple of days ago, I learned that the website www.altusveritas.com had been discovered. I went to take a look at it, and noticed that there was a login/password form in the sidebar. There didn't seem to be a way to register a new username, but I figured that if this site were related to AV, if I could somehow find a way into the site then I might be able to dig up some information to help you.

I then noticed that someone named "Fulkes de Villaret" had posted something to the main page, and guessed that this could be a valid username. I tried that name in their "email me a new password" form, and it told me that a new password had been sent, so I knew that it was a real username. From that point, it was just a matter of guesswork to figure out the password, and as soon as the correct username/password combination was submitted, the site immediately reported a "hacking attempt".

From what Sarah writes below, I'm guessing that this was the trap she laid -- she wanted to know whether Banana was trustworthy, so she created a fake altusveritas.com, then gave Banana the username and password to see if she would give it up. I don't think she was expecting that a computer security person would get curious and figure it out on her own. Sarah isn't a computer person; she has every reason to believe that Banana betrayed her trust. But if you read on, I think you'll see that this is all a really terrible mistake.

But, now there's the question of the vandalism to both whoisav.com and altusveritas.com. Quite some time elapsed between the point when the trap was sprung and when the defacement happened. I know this because I went to sleep shortly after the trap went off, and when I woke up, I went back to www.altusveritas.com and discovered that the entire website had been replaced with two images. I then visited whoisav.com, and discovered to my surprise that it had the same images. (If you still have copies of the server logs from whoisav.com, you'll see that I never even got around to creating an account there -- I've been so busy with work that I haven't had much time to commit to this.)

Those server logs are really important, Doctor. If you take a look at them, you can find out who triggered the trap -- based on my notes I can tell you that it happened around 6pm Central time on Monday the 16th -- and who logged in with administrator privileges to deface both websites. That happened no more than an hour and a half after the trap was sprung, so there's not a lot of information to dig through.

What I'm about to describe to you is kind of difficult, so I'm going to give you a fairly high-level overview. I'd advise you to consult an independent expert, like a computer security professor or professional, to help you hunt through the logs. Sarah seems like a reasonably smart person, but she's not a forensic computer analyst, and that's what you really need here. What I want to do is show you how to identify who triggered the trap and who deleted your websites, and I'm positive that these will turn out to be two completely different people.

::complicated stuff starts here -- scroll down to "end complicated stuff" if you get bored::

The information you want to look for is something called an IP address. You can think of an IP address as similar to a street address, only on the Internet. (Remember a few weeks ago when I was telling you about IM security, and explained how messages are sent? IP addresses are the addresses those "postcards" go to.) When you look at the server logs -- if you need help figuring out which directory the logs are in, I can help you with that -- you'll see addresses in the form of aaa.bbb.ccc.ddd, but with numbers instead of letters. Each of those four numbers can range from 0 to 255, so it could be anywhere from 0.0.0.0 to 255.255.255.255.

The first thing you'll be looking for is an HTTP POST request for the file /user in the logs for altusveritas.com. It will look something like

64.34.171.53 - - [16/Oct/2006:18:25:04 -0700] "POST /user"

Now, to be honest, I don't immediately remember what happened when the trap triggered. But you can also look at the filesystem logs and look for a change, around that time, in the file /user (wherever that resides on disk), or in any files that the /user file includes (these would likely be .css files or server-side includes).

Once you've found the IP address of the person who triggered the trap, next you need to find the address of the person who defaced both websites. You'll need to look in the filesystem logs for both altusveritas.com and whoisav.com to find out when the website files were deleted. This should also tell you which user of the system deleted the files; the name may be "root", or it may be the name of some other user who has administrative privileges on that computer. Then you want to figure out which IP address that user was logged in from. This is the part where you're going to really need help from a pro, because the file which records this information, which is called /var/log/lastlog on UNIX-based systems, is not an ordinary textfile; you have to read it with a special program. Source code for one such program is at http://www.tech-faq.com/unix-system-log-files.shtml; if you compile that code and view the log file, you can find the IP address of the culprit.

Also, once you have that IP address, you can use an IP geolocation service to determine where the real hacker is physically located.

::end complicated stuff::

Phew. Okay.

I'm really sorry this has gotten so complicated, Doctor. I feel so guilty for triggering Sarah's trap and making her think that Banana violated her trust. If I'd had any idea what was going to happen, I would have at least let you know well in advance what I was going to try, so that you and Sarah didn't end up so frightened and worried.

On that note, I'm a little worried about Sarah. She sounds awfully stressed out and angry, and some of that's totally understandable given that you've had to go into hiding. But the part about "now he has nothing - except me" makes me worry about her stability. I sincerely hope you're safe and able to return to your research soon.

Sincerely,
Meredith

On 10/17/06, Sarah Portenson <qtpie74> wrote:
> Meredith,
>
> I know exaclty what happened. I suspected all along that "Banana" was up to
> no good. Flirting with Doc and she's never met the guy? He let me evesdrop
> on some of the chats and she was really drawing him in. It was obvious.
>
> So I set a trap. I gave her and a couple of others admin accounts on whoisav
> and then I created altusveritas.com as a "trap" for AV. Only Sarah has
> access to both sites. When both were defaced in the same manner it wasn't
> hard to do the math.
>
> I don't know if that evil witch is AV or just mad at Doc but we have assumed
> the worse. We've gone underground now.
>
> I hope she enjoyed her little game. Doc's life is ruined. He trusted her
> completely and now he has nothing - except me.
>
> For all we know you're all part of this plot. If so I hope you rot in hell.
>
> Sarah P
>
>
>
>
> On 10/17/06, Meredith L. Patterson <clonearmy> wrote:
> > Hi Sarah,
> >
> > I'm an online acquaintance of Dr. Peiper's, and he and I have talked a
> > little bit in the past about this AV stuff that's going on. Some of
> > the other folks that have also been working on this told me about the
> > vandalism that occurred on whoisav.com. I'm a bioinformaticist, so I
> > work with computers all the time, and I've done some security work in
> > the past; I might be able to help you guys figure out what happened to
> > the website and, more importantly, who did it. I could also do a
> > security audit once you have it back up, help you lock it down so that
> > it can't be vandalized again.
> >
> > If you'd like me to take a stab at it, feel free to catch me on AIM or
> > Yahoo chat, username "maradydd", or just email me here.
> >
> > Some things that would be useful for me to know include:
> >
> > - What kind of content management system was the site using? (A lot of
> > freely available CMS's have known bugs that can be exploited, so
> > knowing this would help me pinpoint how the attack occurred.)
> >
> > - Where was the site hosted? Was it a virtual hosting setup, or a
> > dedicated box? In either case, was it hosted in a colocation facility
> > or in some other location?
> >
> > - Who has physical access to the machine running the site?
> >
> > - Do you have any access to the server logs from last night? Were they
> > being backed up to another location, by any chance? (If the site was
> > hosted at a colo or by a hosting service, whoever admins the box
> > should have the ability to retrieve the logs for you and email them to
> > you; you could email or call their tech support.)
> >
> > Cheers,
> > --mlp
> >
>
>



I see a couple of possible outcomes:

1) Jochen believes me, finds a competent security professional to check the logs, the logs are okay, and we prove that we didn't hack the site. We also find out, by IP geolocation, where the actual hacker is.

2) Jochen believes me but gets Sarah to check the logs. She either won't listen or deliberately doctors the logs and convinces him that the same person who sprang the trap also hacked the website.

This paints me as a dirty liar, so you guys then have to get rid of me in order to try and get the Doc to trust you again -- more on that later.

3) Sarah is reading Doc's email, doctors or deletes the logs, and "proves" to Doc that I'm a dirty liar; see above.

4) The hackers were smart and covered their tracks, in which case I'm not sure what we can do; we'll just have to see if he replies...

PostPosted: Tue Oct 17, 2006 6:05 pm
 View user's profile Visit poster's website AIM Address Yahoo Messenger
 ICQ Number 
 Back to top 
James Stone
Decorated


Joined: 30 Sep 2006
Posts: 174
Location: England

 		Ok, so what do we do in the meantime?

Great solve dvw, and the quote is from the Bible:

"Ye are of your father the devil, and the lusts of your father ye will do. He was a murderer from the beginning, and abode not in the truth, because there is no truth in him. When he speaketh a lie, he speaketh of his own: for he is a liar, and the father of it." John 8:44
_________________
"All fixed set patterns are incapable of adaptability or pliability. The truth is outside of all fixed patterns."

PostPosted: Tue Oct 17, 2006 6:15 pm
 View user's profile Yahoo Messenger
 Back to top 
Wabonan
Entrenched


Joined: 24 Sep 2006
Posts: 1185

 		By the way I think I triggered everything even the change in the sight. Sarah and I were the only one on the whoisav sight at the time. I was writing a note on the contact us page as the what happened to the stuff she was sending me...I changed my mind and went back to the home page and the sight locked up. I think that contact us was real time and what I was asking triggered the event..I was also on the altusveritas sight when it occured I went back there and refreshed then the puzzle came up. Another weird thing...I was thinking before the solve that it would lead to another sight,,,I did a whois which led me to Go Daddy. I figured if he bought all the web addys at the same time the Ips might be consecutive... I discovered Whoisav sight was registared on 10/10/06... The Altusveritas sight was registared on 9/13/06... the same day as the first video on youtube.... If these sights were made by the same person at the same time why was one registared almost a month before??//

This is an edit....I just sent sarah this e-mail.... we will see what she sends back
I know you are working for AV....I was the guest that was online with you. when the defacement occured. You were the only user logged in at the time. Also why did you register the Trap sight a month before you registered the whoisav sight. The Doc was not even in the country then he was still in France. You are in league with AV...Plus you never sent me the promised clues...Give me a reason not to tell the Doc...I don't know how much you know about computers....They have cached pages that are stored on your computer..I can bring up the web page and show who was online at the time of the defacement...Just you and me baby...lol

lol I don't have the cached page by the way..lol

PostPosted: Tue Oct 17, 2006 7:01 pm
 View user's profile AIM Address Yahoo Messenger MSN Messenger
 ICQ Number 
 Back to top 
Display posts from previous:   Sort by:   
Page 4 of 7 [97 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7 Next
View previous topicView next topic
 Forum index » Archive » Archive: General » ARG: Looking for AV
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
You cannot post calendar events in this forum



Powered by phpBB © 2001, 2005 phpBB Group