PL charge City for alleged breaches of financial rules

mancboy said:
So this investigation is at the behest of other clubs then?
Click to expand...
Don't thibknwe will ever know. I personally don't think it is though.

The PL HAD to investigate, or be seen to investigate, once Der Spiegel published such a public claim. As did Uefa. Particularly once Uefa them charged us. Complaints or no complaints the perception was there and had to be addressed.

What happened After the CAS verdict though, the PL could easily have taken another few months, and brought it to their own conclusion that could have aligned with the CAS verdict, and the perception would have been at the very least, consistent.

They didn't. They took another 2 years to come up with the charges.

People seem to think this is in response to pressure from some clubs, or may have been complaints etc.

I think they genuinely did/do think they found something worth pursuing and charging us with. With or without such pressure/complaint.

Hopefully, they turn out to be wrong, either way.
 
Centurions said:
There was no "fine" in respect of the hacking case as City and liverpool resolved it between themselves which is why the PL (or was it the FA?) decided not to proceed, neither side wanted it raked over again.
Click to expand...
Because City's IT security (used to at least) be a comedy show. They didn't want any more press attention on it than necessary

There's this thing in security called "ethical disclosure". Basically, if you as a security nerd find a way into the system of a big company then you report it to them and they'll give you a "bounty". Some of these are very generous and in the tens of thousands for ultra severe ones. Others not so much.

About 15ish years ago, I "ethically disclosed" to City that I could watch webcams of some of their internal meetings. Literally there were webcams in a bunch of meeting rooms that you could just sit and watch if you fancied it, without credentials, because they weren't properly locked down. They didn't even reply to my email let alone say cheers let alone say "oh you've saved us a bunch of money there, here's few quid". They fixed it within a day or two though. So if I bothered to go on a fishing expedition and find a bunch of other shit then what's my incentive to disclose if I wasn't a City fan? This is the stuff that leads to the email situation.

Do you know this "hack" that people talk about with Liverpool? Do you know what it was? When some staff left City, City didn't bother to cancel their access to our scouting apps. So they booted up their laptop one day, went to a webpage that hosts these types of things and were automatically logged in as City employees. Then probably pissed themselves laughing as they fed information to their new bosses.

The fact that our email system was hacked is possibly the least surprising thing that has ever happened in the history of the world. Our website is hackable. You can access City+ without subscription if you're technically inclined and know how to do a bit of JavaScript editing. Our ticketing system was hackable for a long time through credential spoofing. Football as an industry is laughably insecure compared to other industries. I absolutely guarantee you right now that there are people out there who are reading the emails of every major CEO in football. It's not a serious industry when it comes to infosec. Especially outside the PL, their security is done by some guy's kid who they think knows "a lot about those computers" because they play Roblox or something.

If a properly motivated hacking group ever decided to target ransomware towards the football industry then everyone would be absolutely fucked or they'd get away with millions.
 
breaking news!!!

i have just been informed,

if you are going to make a boiled egg,
give it a firm shake before you put it into the water.
this will ensure the yolk is completely central.
 
Damocles said:
Because City's IT security (used to at least) be a comedy show. They didn't want any more press attention on it than necessary

There's this thing in security called "ethical disclosure". Basically, if you as a security nerd find a way into the system of a big company then you report it to them and they'll give you a "bounty". Some of these are very generous and in the tens of thousands for ultra severe ones. Others not so much.

About 15ish years ago, I "ethically disclosed" to City that I could watch webcams of some of their internal meetings. Literally there were webcams in a bunch of meeting rooms that you could just sit and watch if you fancied it, without credentials, because they weren't properly locked down. They didn't even reply to my email let alone say cheers let alone say "oh you've saved us a bunch of money there, here's few quid". They fixed it within a day or two though. So if I bothered to go on a fishing expedition and find a bunch of other shit then what's my incentive to disclose if I wasn't a City fan? This is the stuff that leads to the email situation.

Do you know this "hack" that people talk about with Liverpool? Do you know what it was? When some staff left City, City didn't bother to cancel their access to our scouting apps. So they booted up their laptop one day, went to a webpage that hosts these types of things and were automatically logged in as City employees. Then probably pissed themselves laughing as they fed information to their new bosses.

The fact that our email system was hacked is possibly the least surprising thing that has ever happened in the history of the world. Our website is hackable. You can access City+ without subscription if you're technically inclined and know how to do a bit of JavaScript editing. Our ticketing system was hackable for a long time through credential spoofing. Football as an industry is laughably insecure compared to other industries. I absolutely guarantee you right now that there are people out there who are reading the emails of every major CEO in football. It's not a serious industry when it comes to infosec. Especially outside the PL, their security is done by some guy's kid who they think knows "a lot about those computers" because they play Roblox or something.

If a properly motivated hacking group ever decided to target ransomware towards the football industry then everyone would be absolutely fucked or they'd get away with millions.
Click to expand...
i think hacked is a stretch lol
 
bobbyowenquiff said:
The migrant workers issue is a blatant distortion because the vast majority of companies (especially construction) are owned and managed by Western firms including the UK and the USA. There are more than 1,300 UK and US companies operating in Saudi. I have been told by someone who had a senior construction role in Saudi for ten years that some of the worst working conditions were on American and British run sites. If Herbert was a proper journaist he would have included this vital context.
Click to expand...
Did you use the term 'proper journalist' rolls eyes.
 
slbsn said:
If I had to guess (ie DISCLAIMER: THIS IS A GUESS) even if the PL lose, the judgment will say that despite finding for City, the PL were entitled, if not obligated, to bring the charges. Unless the case is truly hopeless.
Click to expand...
I support your guess as "educated" and therefore credible because of your understanding of legal matters. I can see that even if the panel find in favour of City their judgement will come under forensic scrutiny. They must cover all eventualities and consider consequences to appear to be impartial and even handed. That strikes me as a big job that takes time.

It is not in the interests of Manchester City or CFG to damage the Premier League product. However, they will wish to be totally exonerated and curtail any future attacks on the Club. This will have added to the complexity of an already complex case.

Legal arguments are not necessarily like real life about black and white cases, either winning or losing. CAS was pretty clear when it found for City on the main charges, although much of MSM reporting focussed on grey areas at the margins such as elements being time barred. Usually this is a distraction tactic used to pander to their sponsors and supporters in order to discredit or undermine the main findings. Differing parties have different objectives.

Whilst I have followed this thread with interest and believe City will be cleared of all the serious charges, all is speculation with nothing certain until the Panels conclusions are published. Even then there may be challenges to their findings. Thanks to all with informed or specialist knowledge for sharing in this thread and retaining my interest.
 
Damocles said:
Because City's IT security (used to at least) be a comedy show. They didn't want any more press attention on it than necessary

There's this thing in security called "ethical disclosure". Basically, if you as a security nerd find a way into the system of a big company then you report it to them and they'll give you a "bounty". Some of these are very generous and in the tens of thousands for ultra severe ones. Others not so much.

About 15ish years ago, I "ethically disclosed" to City that I could watch webcams of some of their internal meetings. Literally there were webcams in a bunch of meeting rooms that you could just sit and watch if you fancied it, without credentials, because they weren't properly locked down. They didn't even reply to my email let alone say cheers let alone say "oh you've saved us a bunch of money there, here's few quid". They fixed it within a day or two though. So if I bothered to go on a fishing expedition and find a bunch of other shit then what's my incentive to disclose if I wasn't a City fan? This is the stuff that leads to the email situation.

Do you know this "hack" that people talk about with Liverpool? Do you know what it was? When some staff left City, City didn't bother to cancel their access to our scouting apps. So they booted up their laptop one day, went to a webpage that hosts these types of things and were automatically logged in as City employees. Then probably pissed themselves laughing as they fed information to their new bosses.

The fact that our email system was hacked is possibly the least surprising thing that has ever happened in the history of the world. Our website is hackable. You can access City+ without subscription if you're technically inclined and know how to do a bit of JavaScript editing. Our ticketing system was hackable for a long time through credential spoofing. Football as an industry is laughably insecure compared to other industries. I absolutely guarantee you right now that there are people out there who are reading the emails of every major CEO in football. It's not a serious industry when it comes to infosec. Especially outside the PL, their security is done by some guy's kid who they think knows "a lot about those computers" because they play Roblox or something.

If a properly motivated hacking group ever decided to target ransomware towards the football industry then everyone would be absolutely fucked or they'd get away with millions.
Click to expand...
Don't disagree with anything there except that I believe they used the login credentials of a (presumably) still current employee. Criminally (possibly literally) behaviour by any organisation.
 
Centurions said:
Don't disagree with anything there except that I believe they used the login credentials of a (presumably) still current employee. Criminally (possibly literally) behaviour by any organisation.
Click to expand...
That's my understanding as well (as to the method). It is literally a criminal offence to access a computer system without authorisation. That's the lowest level of offence, with the next tier being using data from that system, and the most serious tier being amending that data.
 
Damocles said:
Do you know this "hack" that people talk about with Liverpool? Do you know what it was? When some staff left City, City didn't bother to cancel their access to our scouting apps. So they booted up their laptop one day, went to a webpage that hosts these types of things and were automatically logged in as City employees. Then probably pissed themselves laughing as they fed information to their new bosses.
Click to expand...
I thought the issue was the two guys that went to Liverpool had the login details of someone who still worked at City.
They then used his details to login and that's how it was discovered, there were logins on the external scouting system City were using from the guy still at City that happened when we knew he was elsewhere. They then traced the IP addresses to Liverpool.
We didn't take it and further as it turned out that there was a culture of password sharing at City and that would obviously be a massive issue and we'd have been in almost as much shit as Liverpool would have been for not controlling the data properly.
That was my understanding anyway, but your version of events is just as braindead and it sounds look this is more your area of expertise than mine.
 
Prestwich_Blue said:
That's my understanding as well (as to the method). It is literally a criminal offence to access a computer system without authorisation. That's the lowest level of offence, with the next tier being using data from that system, and the most serious tier being amending that data.
Click to expand...
Yes, although I was meaning more from City's end. Someone could have got into serious mither for letting it happen in the first place and for the length of time it lasted (I forget how many months).
 
danielwood5 said:
I thought the issue was the two guys that went to Liverpool had the login details of someone who still worked at City.
They then used his details to login and that's how it was discovered, there were logins on the external scouting system City were using from the guy still at City that happened when we knew he was elsewhere. They then traced the IP addresses to Liverpool.
We didn't take it and further as it turned out that there was a culture of password sharing at City and that would obviously be a massive issue and we'd have been in almost as much shit as Liverpool would have been for not controlling the data properly.
That was my understanding anyway, but your version of events is just as braindead and it sounds look this is more your area of expertise than mine.
Click to expand...
I think you've got it right, except I thought is was 3 employees who went there.
 
bobbyowenquiff said:
The migrant workers issue is a blatant distortion because the vast majority of companies (especially construction) are owned and managed by Western firms including the UK and the USA. There are more than 1,300 UK and US companies operating in Saudi. I have been told by someone who had a senior construction role in Saudi for ten years that some of the worst working conditions were on American and British run sites. If Herbert was a proper journaist he would have included this vital context.
Click to expand...

The fact that Herbert writes for the DM demonstrates that he isn't a credible or proper journalist .
 
Prestwich_Blue said:
That's my understanding as well (as to the method). It is literally a criminal offence to access a computer system without authorisation. That's the lowest level of offence, with the next tier being using data from that system, and the most serious tier being amending that data.
Click to expand...

Whilst true, it's an offence more honoured in the breach than the observance. I can assure you that every Government in the world and every major business and most medium ones are at least attempting to access other people's systems without authorisation. There's a whole underworld here.
 
Centurions said:
I think you've got it right, except I thought is was 3 employees who went there.
Click to expand...
It could have been, I just remember that not long after it happened two of the people involved were promoted at Liverpool, I think one became head of scouting and the other something like head of player development.
It was definitely after Liverpool had paid us a million over the issue which means they knowingly promoted two liars, cheats and thieves which is pretty on-brand for them.
 
You must log in or register to reply here.
Unread Posts

Don't have an account? Register now and see fewer ads!

SIGN UP
Back
Top