OP-EZY's long awaited leaks from the Offline Era

Well, it's been a long time coming, but I (Robert Ian "Gill Bates" Hawdon) believe it's only right to release the majority of the surviving discoveries of the OP-EZY/Alpha-Nova hacking days between 2003 and 2004.

Sorry, there aren't any pictures in this part of the Time Machine, and some documents have been doctored to protect the innocent.

One of James's attempts at getting OP-EZY online included setting up an MSN group, sadly, not only is the group long gone, but the service is gone too. All that I have is a weekly digest email and an announcement message.

So, in no particular order, here are a few things OP-EZY uncovered on the high school network:

Ninaa user names & passwords for every student and staff - Part 1

One of biggest discoveries was the csv (comma separated values) file with every user on the Ninna Internet proxy system. This information could have been lethal for some people if they used the password they were given for other accounts. A fine example is a user listed as "wrightch" whos password was identical for his personal log in to the main Active Directory login system (used to log users into the computers). This user turned out to belong to the head IT Technician!

In this copy of the document, all last names have been removed (leaving their initial) and the passwords have been removed in case they are still being used by said students to this day. One password that has remained in this document is the one for the user "paulwalsh" which turned out to be the sole administrator account for the Ninaa system. Looking at the file, (on page 49) you can see the major security flaw regarding his password! From this account, any user could be promoted to administrator status, essentially giving them the same form of access through the comfort of their own account (or even a brand new one). The most worrying thing though, is how easy it was to change settings to the web filter, giving people either full access to the Internet (to even Adult web sites).

After the "paulwalsh" account's password was discovered by others, it was quickly being abused. At this point, OP-EZY sent an anonymous email to one of the technicians, who promptly changed the password, and asked for us to identify ourselves. We declined their request.

As a bonus, here's a screen shot of the Administration screen of the Ninaa proxy server which shows the old domain name used at school.

Ninaa user names for the year 9 students starting in 2004 - Part 2

The Ninaa proxy was decommissioned in the summer of 2004, but the document OP-EZY discovered towards the beginning of the year suggests that it was originally planned to be used for at least another year. This time, the passwords had not been generated (at least at the time that document was created), but again, this version has been doctored to hide the last names of the students.

The addition of this information meant OP-EZY still had an up to date database of every student's user ID

IP Structure

This document showed us the lay out of the network used in school, including the IP range of the servers. This was useful during the time we didn't have access to command prompt. It's interesting to note that the document creator mis-spelt "ninaa".

Library PC Structure

This document shows a layout of the Library PCs and the IP addresses associated to each machine.

SpyAnyTime logs - Part 1

Part one is the larger of the two files here.

This was, by far, one of the most worrying things we discovered. To this day I'm unsure if SpyAnyTime was installed by the technicians, or by another hacking group, but we were almost certain that at least the second of the two log files we discovered shows SpyAnyTime to be installed and monitoring a PC in the Open Access area, literally opposite the Technicians' office. The rather cryptic file name tends to support this theory, and the fact the names are cryptic does suggest another hacking group was responsible for this. It's important to note that OP-EZY did not install this software, but we did find these two log files on a hidden networked drive we exploited.

These logs have been doctored to hide what looks like people signing in to email accounts. Each entry states which user was logged into the machine (by their user ID), and the date and time of the entry. You can, like we did, use the Ninaa list above to see who was being spied on at the time.

One of the things I had to censor, in this log, was the assistant technician's personal email address and password, again this suggests the technicians were oblivious to the software running at the time.

SpyAnyTime logs - Part 2

...and here's part two.

It is interesting to note, a couple of entries at the bottom of this log by user 2704, which was my account. SpyAnyTime caught me in the act of snooping around the C: drive of that machine in the command prompt (as access to the C: drive was blocked by conventional methods.