PL charge City for alleged breaches of financial rules

[Gorton_Tubster]

I've mentioned this loads of times. This case would never have been brought without leaked emails. IT Security was the responsbility of whoever was Head. Their cock up is the costliest and mnost significant cock up in the club's history. I don't care how it happened.

Was it leaked emails? I thought it was hacking? And not only our club but across sport. I am not sure we are to blame, and I wonder why only City have been targetted from those emails?

The whole thing smells so strange, what with other clubs getting free PSR passes, selling hotels, all sorts of deals, whilst we are mired in this minor shit from decades ago, and no other sports enterprises being hit by tyhose hacked emails. Its all very media-political or something. Hot air is what it feels like.

 

[dark 'n stormy]

Because City's IT security (used to at least) be a comedy show. They didn't want any more press attention on it than necessary

There's this thing in security called "ethical disclosure". Basically, if you as a security nerd find a way into the system of a big company then you report it to them and they'll give you a "bounty". Some of these are very generous and in the tens of thousands for ultra severe ones. Others not so much.

About 15ish years ago, I "ethically disclosed" to City that I could watch webcams of some of their internal meetings. Literally there were webcams in a bunch of meeting rooms that you could just sit and watch if you fancied it, without credentials, because they weren't properly locked down. They didn't even reply to my email let alone say cheers let alone say "oh you've saved us a bunch of money there, here's few quid". They fixed it within a day or two though. So if I bothered to go on a fishing expedition and find a bunch of other shit then what's my incentive to disclose if I wasn't a City fan? This is the stuff that leads to the email situation.

Do you know this "hack" that people talk about with Liverpool? Do you know what it was? When some staff left City, City didn't bother to cancel their access to our scouting apps. So they booted up their laptop one day, went to a webpage that hosts these types of things and were automatically logged in as City employees. Then probably pissed themselves laughing as they fed information to their new bosses.

The fact that our email system was hacked is possibly the least surprising thing that has ever happened in the history of the world. Our website is hackable. You can access City+ without subscription if you're technically inclined and know how to do a bit of JavaScript editing. Our ticketing system was hackable for a long time through credential spoofing. Football as an industry is laughably insecure compared to other industries. I absolutely guarantee you right now that there are people out there who are reading the emails of every major CEO in football. It's not a serious industry when it comes to infosec. Especially outside the PL, their security is done by some guy's kid who they think knows "a lot about those computers" because they play Roblox or something.

If a properly motivated hacking group ever decided to target ransomware towards the football industry then everyone would be absolutely fucked or they'd get away with millions.

Some years ago before City provided WiFi access for fans, I was at the stadium and the 4G access was poor so I thought id try and access one of the locked WiFi accounts. I think it was something like Citystaff or Citygroup. Anyway I thought what could the password be, the first one I tried ‘football’ bingo, in I went. So I had WiFi access every time I visited for the rest of the season.

 

[Norbert D]

Sharing passwords is a very dangerous but also a common practice at a lot of companies but it can have disastrous outcomes.

I work in IT and tbh if a hacker gets as far as a login page it’s virtually job done. keeping the bad actors off your network is the main objective.

 

[Brendan110_0]

There's no way they'd release today with the Jota news

Good day for PL to bury it.

 

[marco]

most certain it will come out on a Friday late afternoon then no one available to comment untill after the weekend

 

[crystal_mais]

A great post. City's digital security has been a shit show for years. To make matters worse some of the staff have been incompetent. You could also include the tasteless email blunder which cost Garry Cooke his career at City. It was a schoolboy error as was the LFC data breach. I don't know who oversees the Comms Operation at City these days but I hope it has been improved.

I heard the email hack was someone clicking a Phishing email -

 

[Didsbury Dave]

Was it leaked emails? I thought it was hacking? And not only our club but across sport. I am not sure we are to blame, and I wonder why only City have been targetted from those emails?

The whole thing smells so strange, what with other clubs getting free PSR passes, selling hotels, all sorts of deals, whilst we are mired in this minor shit from decades ago, and no other sports enterprises being hit by tyhose hacked emails. Its all very media-political or something. Hot air is what it feels like.

Sorry, yes, haccked and then leaked. Bad wording by me.

 

[Didsbury Dave]

I heard the email hack was someone clicking a Phishing email -

Doesn't matter how we are hacked, the point still stands.

 

[citizen_maine]

Doesn't matter how we are hacked, the point still stands.

Hopefully, however it happened, we've learned from it and can move on

 

[Prestwich_Blue]

I would like to see a positive result for city on page 9320

"The Premier League have done all they can. Manchester City are still alive here. Rosen....Pannnnnnnnnick!!!! I swear you'll never see anything like this ever again".

 

[JCB001]

There's no way they'd release today with the Jota news

They would if we were found guilty

 

[Didsbury Dave]

Hopefully, however it happened, we've learned from it and can move on

We most certainly have but unfortunately it's shutting the gate after the horse has bolted. The results of this security breach can only be described as catastrophic - however this pans out.

 

[wolviedinho]

It will drop and no one will be ready for it -:)

Atleast we know the tribunal is making sure the correct decision is reached. No one can blame them for rushing it through.

That level of professionalism is reassuring. The amount of evidence we have to show the true nature of our dealings will go along way to prove our innocence.

 

[wolviedinho]

It will drop and no one will be ready for it -:)

Atleast we know the tribunal is making sure the correct decision is reached. No one can blame them for rushing it through.

That level of professionalism is reassuring

 

[mancboy]

It will drop and no one will be ready for it -:)

Atleast we know the tribunal is making sure the correct decision is reached. No one can blame them for rushing it through.

That level of professionalism is reassuring

should you be double dropping at your age mate ;)

 

[Gazza]

Sharing passwords is a very dangerous but also a common practice at a lot of companies but it can have disastrous outcomes.

My company's log ons/passwords consist of our initials + our phone extension, so anyone could log onto anyone else's - mind you, we've got eff all of any value.

 

[Rammy Blue]

should you be double dropping at your age mate ;)

Remind me of a funny one from back in the day, sorry for sidetracking, lol.

In a nutshell. Out with a few mates at club in town, one of the lads double drops and the rush came on too fast for him, so much so that he spewed up all over the dancefloor, anyway we proceed to tell him that the pills will be in his vom, so he gets on all fours in his puke on the floor trying to find them. Very mean, had to be there etc, but always gives me a chuckle.

 

[dickie davies]

My company's log ons/passwords consist of our initials + our phone extension, so anyone could log onto anyone else's - mind you, we've got eff all of any value.

Do you work for trump in the Whitehouse

 

[wolviedinho]

should you be double dropping at your age mate ;)

Seen you were getting abuse again over the last few pages…shocked I am -:)

 

[jimharri]

I wish they'd just get on and announce it, irrespective of what the verdict is. It's dragged on for long enough now. Nearly two and a half years at this stage. We used to be good when this story broke.