User blog comment:DaNASCAT/Technical Update: April 22, 2015/@comment-26009167-20150423114658/@comment-26009167-20150423182624

@RansomTime

Ok so, If I'm understanding this correctly... So having a certain username (possibly with certain characters that possibly weren't being escaped) caused the system to assign their cacheKey to the right username. However, when a username is banned, the name sent to be banned is encoded differently - in some cases, differently enough to the point where the cacheKey assigned to the right username isn't deleted, but rather a non-existant cacheKey for the right username.

I assume the staff could detect it is this since most webservers and custom-backend chat servers tend to have error logging on - if I am correct with my above paragraph, then it means that the script spat out an error when trying to delete a non-existant cacheKey since it's impossible to remove what doesn't exist.

Does that make sense or am I completely wrong? Cause that's what it seems like might have happened.