[SECURITY NOTICE]: TeamSpeak 3 Server #23765

[Christopher 1,393]

Incident Report for TeamSpeak 3 Server #23765 Security Breach

 

Incident #: SEC-0814201401

Incident Date: August 14, 2014

Status: Fixed

(August 15, 2014)

Affected Service(s): TeamSpeak 3 Server #23765

 

[hr:28jofyy9][/hr:28jofyy9]

 

Initial Message & Information[hr:28jofyy9][/hr:28jofyy9]

It has come to our attention that there has been a major security on the New Team of Weapons and Tactics' TeamSpeak 3 Server #23765. The incident in question is considered a breach of global organization security and as a result, temporary action(s) have been taken until these issues can be fully addressed; see the following section for details.

 

We do apologize for any inconvenience, however this is considered a major security breach and must be addressed. The actions that were taken were decided upon, in order to allow the server to continue running and be accessible, while this issue is investigated and patched.

 

Any questions that arise can be asked in the form of a reply within this thread and we will try to answer them to the best of our ability.

 

Preliminary Action(s) Taken[hr:28jofyy9][/hr:28jofyy9]

 

<ol style="list-style-type: decimal">[*]All custom server-based groups have been cleared. This means some personnel and members may lack required permissions while this issue is fixed.[/*:m:28jofyy9]

[*]All elevated administrator and staff server-based groups have been cleared. This means administrators and staff members may lack some required permissions while this issue is fixed.[/*:m:28jofyy9]</ol>

 

Details & Security Patch Information[hr:28jofyy9][/hr:28jofyy9]

The security hole involved in this breach allowed certain privileged staff members to further elevate their privilege and thus perform unauthorized tasks on the server. The breach incident involved a user who used this hole to elevate their privileges and - to our knowledge - ban a client on the server. No client or user information was compromised as a result of this incident.

 

The breach was first suspected to be a flaw in the security settings of our server groups but after further investigation, was found to be caused by newly-formed server groups for the United Special Forces clan. The groups were created by duplicating permissions from template system groups rather than the standardized "Server Administrator I" administrator group. This security hole was fixed by removing all custom server groups. An opportunity will be given to create the necessary groups once again, however, this time - they must be created with the proper permissions with appropriate structure and format policies. Please note that this will require the assistance of either a Chief Technology Officer or System Administrator and availability of such personnel may vary. Hopefully all necessary groups can be re-created and configured during the week of Monday, August 18, 2014.

[maplesyrup 0]

Re: [sECURITY NOTICE]: TeamSpeak 3 Server #23765

 

hopefully we get this issue resolved as soon as possible, do you know by any chance if the information of the security breach will ever be released to the public eye, i for one as one of the victims of this security breach would like to know about this situation in further detail.

 

on another note, thank you guys for responding so quickly to this security risk, i truly appreciate it.

[Christopher 1,393]

Re: [sECURITY NOTICE]: TeamSpeak 3 Server #23765

 

Hello maple_syrup,

 

Details have been updated regarding the entire incident (see first post) and luckily, everything has been solved and taken care of. In summary, the security breach involved a privileged user granting themselves unauthorized access to the server to perform advanced system tasks that were not (and are not) permitted to their role. As a note, no client or user personal information was compromised due to this breach.

 

I do apologize for the inconvenience that this incident has caused you and appreciate your cooperation. Chief Technology Officers will have an at-length discussion with all administrators and staff to ensure this does not happen again.