Reset Password
Existing players used to logging in with their character name and moo password must signup for a website account.
- FunkyMango 2m
- LegerdemainMouse 38m always sleepy zzzzz
- Fogchild1 2m
- Majere_Draven 37s
j Fengshui 11s
- zxq 18m
- SacredWest 2h
a Mench 3m Doing a bit of everything.
And 17 more hiding and/or disguised

Former GM removed from community
Results of investigation and staff vote

Hello All -

As you know, there are different levels of GMs, and at the different levels you get access to different amounts of information. We restrict as much as we can at the lower levels but the truth is that the GMs need information to be able to execute on plots.

Tonight it came to our attention, via a player, that a GM had logged into the game, checked the stats on some players, and then given that information to a former player during the course of a conversation about Sindome. They didn't share exact numbers (they didn't have access to those) and they didn't share (as far as we know) an exact print out of the @stats for these players, but they shared general info.

We tracked down specifically who it was--Navi--a Support GM and former Fulltime GM who had not logged in (as a player or a GM) for many months and then suddenly logged in and decided to return to the game.

We have a policy that when a former GM wants to return after being away for a month or more it requires a vote, and in the meantime we make that GM an $alumni to restrict their access. If the vote doesn't pass they can maintain their alumni status as a nod to the hard work they put in in the past and to perhaps help guide new admin on past plots or answer any questions they might have, while not giving the alumni day to day access to the GM side stuff.

When Navi first logged in after all those months, they checked if Johnny or Cerb was around, and finding they weren't, they checked the stats of several players they had no reason or justification for checking on. The log of the chat that we were provided shows they engaged in a conversation where they revealed some of this information (in broad strokes like JoeBaka is masterful at long_blade and Jeff would crush John in a fight), and bragged that they had checked this info on their admin bit. The next morning when we saw that Navi had logged in, we changed her to an $alumni until a vote could be taken, but it appears the damage was done the night before.

The person they revealed the info to is a former Sindome player, and not an admin. The information was spread around and made its way back to at least one of the players who's stat information was revealed. They brought it to our attention and within an hour we had more than enough proof of the info leak.

After our investigation, a conversation with Navi, and a vote of the staff, we have removed her from the community entirely and permanently for a gross violation of our rules, our trust, and for damaging the integrity of the game.

We know exactly who's stats she checked out and we are notifying those players and offering them partial respecs where applicable to try to offset any damage that might have been caused by their stats being shared.

We take these situations extremely seriously and we are... well, disheartened. I don't know a better word for it. We're all people on the internet and we don't all know each other in real life, even on the admin side. There is an amount of trust that we place in the people we bring onto our staff and we believe that even when we aren't always getting along, we always have the best interest of the game at heart. That someone who was a GM for as long as Navi was would so casually violate the most sacred of our rules... I don't even know what to say. I want to apologize to everyone, but it seems hollow. I don't know that we can stop people from being jerks, we can only hope they won't be and sometimes we're going to be disappointed. I'm sorry that this happened, and I want to thank the player(s) that helped us figure out what had happened, and for initially bringing it to our attention.

This is another example of why even casual OOC conversations with other players, even former players, even GMs, or former GMs, should be avoided if at all possible and if not possible, the conversation should be about anything but Sindome. I don't know that Navi intentionally shared this info to be malicious, but her intention doesn't really matter. Our rules are our rules, and they apply to everyone, especially admin.

-- S

I'm very disappointed in Navi, and I'm glad they were caught for this disgusting abuse of staffs trust. I'm also glad staff are offering partial respecs to help reverse some of the damage done. Was said player they did this for banned aswell for good? We surely don't need them amongst our community.

Thanks for letting us know! Sadly you can not control or predict when people are going to do things like this, but you can sure lock it down when you see it happening. You guys are doing gosh darn great job!
Also, I am unsure of how the coding works for being able to put GM's into $alumni status (like if they HAVE to be logged in for it to work)... but perhaps a system of 'If a GM is absent for longer than 2 months without any type of prior notification or excuse, will automatically be moved to $alumni status' might be a decent fix.

It would hopefully mitigate people that have that type of GM power to come in after a lengthy absence and checking all the juicy STATZ and then running away to sell it to the the russians.

While Slither presents this as a failure, I see it as a success. The breach was detected, investigation and remediated.

I am not trying to gloss over any damage that was done here. But this is a text book example of, "It could have been worse." Navi could still have access. Stats could still be being accessed /right now/.

It is comforting and reassuring to know that there are mechanisms in place to detect this kind of abuse.

From a risk and compliance point of view, the only real 'gap' I see here is that the investigation was only launched when it was brought to staff's attention by one of the affected players.

I am not sure what the back end systems for the MOO and the server that it runs on are like. Out in the real world, we would create a weekly or monthly report of "high risk" actions. For example, you might log every instance of GMs running an @stats on a player. That log would then be grouped by GM name.

In a situation like the one that happened here where a GM who had been inactive for months suddenly popped back up, the exception would be obvious.

The challenge with reports is that someone has to review them. And the person who is reviewing them has to have a wide enough view of what is going on to be able to make sense of them. If someone handed me a report of GMs @stating players, I would not have the slightest clue whether or not it was appropriate, related to plots, or whatever.

Just some food for thought.

I agree with Hek. Navi was a classic example of a defecto agent undetected gone rogue, and so this isn't a normal or common occurence. They left SD while on Staff as Navi and returned as someone the Staff didn't know when working with her or taking her on the team. Obviously stuff occured while she was gone. It would be reassuring though if someone started reviewing these things, and it was documented by Staff in question doing the @stats check to streamline the process and save the reviewing Staff extra time if they don't see anything is amiss after reading the documentation. It's the little things that go a long way, and It's 'damage control'. However I highly doubt this will happen again anytime soon, in my 8 years here this is the first.
It's the second, actually. Let's not read too much into this.
Good suggestions, and ones we will be discussing in the admin side!
As a follow up to this, we have reviewed all past admin accounts, changed numerous admin over to $alumni, and set up a check for admin who haven't logged in for over 1 month (the length of time that, unless pre-approved, someone must be voted back onto the staff if absent for), which will tell us who we need to change over to $alumni.

We also have commands to automatically transfer ownership of anything they own to another admin.

This should go a long way toward keeping those with access a very tight loop.

Thanks for the feedback and suggestions on this everyone!

-- S

Great job Slither. The adage, "An ounce of prevention is worth a pound of cure." is so true in this case.