• ChicoSuave@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      11 months ago

      Something to keep in mind: this is one server that serves as a recognized safe space for Nazis, so it’s more widely known than average. That means getting 64 people together from across dozens of countries is easier than finding 64 Nazis in a city or county. The actual total Nazi numbers are still low vs. the rest of humanity.

    • mistrgamin@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      11 months ago

      Sounds scary but the concern goes away when you notice that the officers are whiny bitches who call the mods on you if you spawn a barrel or outgun their whole squadron

  • vexikron@lemmy.zip
    link
    fedilink
    English
    arrow-up
    21
    ·
    edit-2
    11 months ago

    As someone who has also crashed awful gmod community servers before, using hilariously obvious exploits…

    Good work kid.

    Now its probably time for some R&R. Gotta lay low for a bit, gmod communities like that may eventually figure out how to dox you and then swat you.

    If theyre smart enough to log your steamid, find your profile on the steam community and then do actual cybercrime or social engineering, you never know what can happen.

    If theyre not that smart to do it on their own, they are hateful and persistent enough to pay a hacker to do it on either the dark web or off of some warez type site. Lots of hackers and dangerous script kiddies that are also nazis, unfortunately.

    And yes. Various gmod communities have done that kind of shit to people before.

    • chicken@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      11 months ago

      People say VPN is useless but I think people like this won’t be able to track you down if you’re making throwaway accounts over VPN and otherwise doing good opsec. Which ofc making public posts about exactly what you’re doing isn’t, but oh well

      • vexikron@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        11 months ago

        Well, this image here is a screenshot, presumably of a desktop pc, of this person reporting what theyve done on a discord server.

        Just from the image alone, they’ve blocked out their name and avatar, which is good. Further, they’ve also cropped out every other part of the discord server and it seems to be using default font and styling, so you cannot really get much from that.

        Important to note: You seem to be assuming this posted image is from the same person who actually wrote what we read. There is no actual reason to assume that. Could just be another person in the same server, could be a copy pasta from anywhere, who knows.

        Even if you looked at the exif data of the image, best you could possibly get (assuming this is the original and not a copy) is the OS, and /possibly but most likely not/ the person’s user name on their computer, as well as a very, very general geolocation, probably about as vague as a city or county.

        And these days you can just run an exif scrubber program on images before you upload them, or (more complicated, probably only.possible on linux), set it up so any image you capture or edit or create just automatically has all that scrubbed.

        Now, you are correct that using a VPN would hide the IP of the person connecting to the Nazi server in their server logs.

        However, again getting someone’s IP alone is far from a surefire way of indicating that much about them, other than again a general location, their ISP and their like timezone or whatever.

        (This is a whole thing about using IP logs /alone/ to prove a specific person did something bad online to a court of law: the IP will only be specific to basically your home router, and you can say that other devices connected to your router, like other family members on other devices, or even someone outside your house framing you by cracking your wifi password or using your router via some other exploit, and it is also possible to just spoof an ip to look like a specific other one via various methods, or, pretty unlikely but technically possible, hack into the ISP handing out the logs and manually edit them before theyre handed out.)

        But what I am referencing here is your SteamID.

        Not your IP.

        Time for me to be an internet dinosaur.

        Though these days on the Steam Communitt pages you are able to change your user name and avatar and even have a custom URL for your steam profile page… thats all stuff built on top of an earlier more rudimentary system.

        Every Steam user has a SteamID. It is the unique identifier in the database underlying steam that /everything/ about your Steam Account is ultimately tied to. All the games you own, every comment you’ve made in Steam, all your achievements, literally everything.

        When your account is banned from Steam, or banned from a particular game server that utilizes some version of the Source engine for multiplayer connectivity, this /directly/ references your SteamID, not your IP. Many games with their own multiplayer protocols indirectly ban you by banning an account id that is ultimately derives from your SteamID as well.

        You /could/ try to IP ban someone from a Gmod server, but even a decade ago people figured out lots of ways to get around that.

        You cannot spoof your SteamID without functionally finding a system wide exploit in Steam itself, or, more likely in this case, basically doing an exploit in the lua end of Garry’s Mod /so hard/ that it breaks some part of Garry’s Mod and/or the networking protocol it uses within Steam.

        While it is, or at least was possible to do this (I know of at least 2, possibly 3 people who pulled this off /and personally proved it to me/ in earlier Gmod days)… it requires a significant level of programming skill and knowledge of Steam and Gmod code. It is functionally hacking, and is arguably illegal.

        One person from that list (who went on to make many other exploits for many other games) eventually had their entire Steam account banned when they were caught doing some exploit or another, lost all their games on their account, everything.

        The two others basically stopped fucking around before they found out.

        This is all a very long way to say that spoofing your IP to avoid being pinpointed from connecting to a Gmod server is possible and might fool an idiot server admin, but any one with any competency at all would be looking for SteamIDs. And if you can spoof a SteamID, you are basically hacking all of Steam, which will get your account banned if you get caught, and if you use that exploit to fuck with other peoples accounts in terms of making purchases with another accounts saved credit card info and then gifting it to your actual account, at that point you could actually be looking at Federal Prison if the monetary value is high enough.

        So… you technichally /can/ spoof your SteamID if you are a hacker, but /you really shouldn’t/.

        • chicken@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          11 months ago

          Why would you need to spoof your SteamID? Just make a new Steam account?

          As for the issues with the screenshot:

          • someone in the discord server could rat them out
          • it confirms that those specific crashes were attacks and not accidents
          • it confirms that specific attacks were done by the same person. This could further narrow down who it could be (who was there on all of those occasions).

          Probably more I’m not thinking of

          • vexikron@lemmy.zip
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            11 months ago

            Yes, that is easy to do but its also relatively easy to combat from a server admin end: You can just go to a SteamID allow list approach and only let people join the server after some kind of application or interview process, or they could make a module that runs SteamIDs through one of multiple available online APIs that will output probably enough info to determine the account is basically a smurf account.

            That being said, as I type this out I realize that probably these server admins are a bunch of 15 year old Nazi morons and they are not capable of doing the API thing I just mentioned as it involves coding, and they probably wouldnt want to go AllowList mode on their server because they presumably want idiot randos to be able to join so they can indoctrinate and or bully them.

            Gmod is bad. Its just bad.

            • chicken@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              2
              ·
              11 months ago

              Yeah I’ve seen online communities go full paranoiac with the vetting, it just kills it. If you can persuade an adversary to go that route that’s probably a win in itself.

              • vexikron@lemmy.zip
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                11 months ago

                You are correct that if you can make them go paranoid the community will likely eventually die, and your edits to your above post are correct as well.

                I was thinking more about all the technical details and overlooked the obvious: the info you can ascertain from the actual stated message in its context.