The wanna be hacker who didn't cover his tracks

General Stuff about Armagetron, That doesn't belong anywhere else...
Locked
User avatar
compguygene
Adjust Outside Corner Grinder
Posts: 2342
Joined: Thu Aug 21, 2008 12:09 pm
Location: Cleveland, Ohio
Contact:

The wanna be hacker who didn't cover his tracks

Post by compguygene »

As most of you are aware, the ID forums were recently hacked. They have since been replaced with the following http://idclansite.co.cc/forum/ To get the new ID forums up was a combined effort from Durka, Manta, and Destiny helping Arilou and a few other ID members a completely new forum site going in less than 48 hours so the clan did NOT just evaporate! Unfortunately, since there were no backups, over 60,000 posts from 3 years were lost. Another side effect seems to be the following. This is a cross post from the Wild West forums http://www.lagtest.net/forum/viewtopic.php?f=3&t=3283
Destiny at the Wild West Forums said
ok i have proof that codehunter did it. but i'm only presenting the facts, you can decide for yourself.

events of the evening:
this evening while i was playing in fort, i was sent 245 emails from "[email protected]"

i was able to get ahold of the message source and it showed this info:

from email source wrote:Return-Path: <[email protected]>
Received: from Brandon (161-130.207-68.elmore.res.rr.com [68.207.130.161])
by mx.google.com with ESMTPS id c28sm719717anc.9.2009.07.14.21.55.24
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Tue, 14 Jul 2009 21:55:24 -0700 (PDT)
Message-ID: <[email protected]>
mime-version: 1.0
from: [email protected]



so some of the emails were to just me, some to me and taz, some to me and codehunter, some to a lot of others... but the source code return path... all from brandon aka codehunter at the IP listed above and also on my IP checklist

they said things like

from email entitled i will hack ww next wrote:"Hi! I love Immortal Dynasty... I want to just be friends but they all hate me :( Can we be friends? I want to be friends... can we? Can WE!?!?!?!?!?! I WILL COME OVER YOUR HOUSE AND EAT YOUR CHICKEN IF WE CAN BE FRIENDS!! ! I LOVE CHICKENZZZZZSSZZ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I AM GOING TO HACK WW FORUMS NEXT!!! WATCH OUT :cen2:



then seconds or a minute after i got the first notification, which notifies me when i get an email. taz sends me a PM saying

from my msn from taz wrote:Mµ§¡ç says:
im getting spammed by cloaket....
Mµ§¡ç says:
><
Mµ§¡ç says:
i looked on who it was sent to, and it said you and me
Mµ§¡ç says: is there a way to block emails



he spammed me, he spammed taz, he also spammed, ari, sin and creator in some of them. so they will all have the proof as well, so he can't say i faked it. i just found him out, when he chose to attack me.

so there are the facts, you can draw your own conclusions from them.

i mean seriously who spams 245 messages like this, to multiple people? this is ridiculous and childish and quite frankly the entire thing has gone too far. I will say tho, if he tries anything against me, I'm contacting the authorities and i'm going to file charges.
I just wanted to present this in this forum, because I found the whole thing disturbing!
Armagetron: It's a video game that people should just play and enjoy :)
https://bit.ly/2KBGYjvCheck out the simple site about TheServerPharm
destiny
Average Program
Posts: 55
Joined: Sun Feb 08, 2009 7:12 pm

Re: The wanna be hacker who didn't cover his tracks

Post by destiny »

btw after i posted that on ww forums and after comp posted here, i found an email codehunter sent me yesterday dripping with threats. I never saw it b/c the email he sent it to is one i never check cuz i let my facebook spam go there. anyway, i checked its message source and low and behold guess what. it had the same return path :evil: just to make sure i approached it scientifically i used a control of another email sent by a different person, and the return path was not back to codehunter, and i went a step further and checked the return path on a message the real cloaklet (yes spelled like this, code misspelled it in his spam email) and it also did not have a return path to code. so there u have it more hard core undisputable proof he did it.
User avatar
Z-Man
God & Project Admin
Posts: 11585
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne
Contact:

Re: The wanna be hacker who didn't cover his tracks

Post by Z-Man »

While I see how it's compelling to link the spam attack (and threats, for which we only have destiny's word) to the forum hack, it's far from a proof. Still, spam is bad enough and warrants shunning. Can the other spam victims come forward and back the story up, please? Not that I distrust you guys, of course. It's just proper procedure.

Hmm. I shall check whether that IP appears in any of the logs I have.
User avatar
compguygene
Adjust Outside Corner Grinder
Posts: 2342
Joined: Thu Aug 21, 2008 12:09 pm
Location: Cleveland, Ohio
Contact:

Re: The wanna be hacker who didn't cover his tracks

Post by compguygene »

I completely agree, Z-Man, that the spam attack may not necessarily be directly linked. But I did feel, as you pointed out, that the nature of this needed to be brought out into the open. It is unfortunate that ID's forum's were not on a server who's logs can be checked, etc. Arilou is attempting to contact the free provider of his old forum. Perhaps the lesson is that it is always best to have websites, forums, etc. on a server on which you can exercise a measure of control. That loss of control is the true price of a "free" forum!
Armagetron: It's a video game that people should just play and enjoy :)
https://bit.ly/2KBGYjvCheck out the simple site about TheServerPharm
destiny
Average Program
Posts: 55
Joined: Sun Feb 08, 2009 7:12 pm

Re: The wanna be hacker who didn't cover his tracks

Post by destiny »

zman, i can forward a few of the messages to you and you can see the source for yourself. the ones he spammed were taz, sin, ari and creator. i am not sure if any of the id'rs have seen their emails or this topic yet.
User avatar
Z-Man
God & Project Admin
Posts: 11585
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne
Contact:

Re: The wanna be hacker who didn't cover his tracks

Post by Z-Man »

Forwarding would be not much use to further the proof :) Giving me a list of the email addresses of the victims would help, I could contact them and ask for the mail headers. And of course, we need to hear both sides of the story, HOPEFULLY avoiding any mudslinging.
User avatar
Mkay1
Shutout Match Winner
Posts: 1146
Joined: Mon Jun 01, 2009 4:35 pm
Contact:

Re: The wanna be hacker who didn't cover his tracks

Post by Mkay1 »

Why are criminals so stupid?
destiny
Average Program
Posts: 55
Joined: Sun Feb 08, 2009 7:12 pm

Re: The wanna be hacker who didn't cover his tracks

Post by destiny »

zman, i sent message headers to you through PM here. i sent one that was addressed to just me, one to me and taz, and also the one he sent me the day before on a different name. this way you can compare them to the ones the others send to you.
User avatar
arilou
Average Program
Posts: 80
Joined: Wed Nov 29, 2006 10:28 pm
Location: Austin Texas
Contact:

Re: The wanna be hacker who didn't cover his tracks

Post by arilou »

Now the Immortal Dynasty site was pretty big, it was a hub for activity with over 700 registered users and roughly 65,000 posts spanning over 3 years. Solely devoted
to the Armagetron Advanced game. It was popular because it welcomed all into the game of any skill level, age, or maturity. It's record day of people online was 50.
And for a game is niche as Arma that is a huge asset that will be missed. It ranked #1 on the search engines and now it is a rickroll site.


Now the new one is locked down. It's a closed up like a walled city not as open like the one before it. Now Code Hunter is threatening to do the same with Destiny's Wild
West forums. Where does this end? The bad elements need to be dealt with. For the games sake all of us that care should prevent further subterfuge.
"Day after day, alone on a hill, the man with a foolish grin is keeping perfectly still" --- Billy Shears
User avatar
Z-Man
God & Project Admin
Posts: 11585
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne
Contact:

Re: The wanna be hacker who didn't cover his tracks

Post by Z-Man »

Running a big site without backups and using the same password there as admin as on some other (rivaling) site? I don't want to add insult to injury, but I hope someone learned his lessons.

arilou: please present evidence. Verifyable, ideally. Remember our form of community governance is anarchy. The strongest action we can take in this case (suing would be up to you guys, you're the ones with the damage) would be to ban IPs from the master servers (and even there, the master server admins need to agree to the ban and implement it) and recommend server admins to ban people. We'd do so linking to all the info we got. The more conclusive the evidence, the better for you.
User avatar
-=VcL.Rajinn
Round Winner
Posts: 242
Joined: Fri Aug 29, 2008 9:35 pm

Re: The wanna be hacker who didn't cover his tracks

Post by -=VcL.Rajinn »

sorry guys... i finally got my computer back to where i control it. apparently who ever is doing this sent me a remote admin tool that i downloaded foolishly from someone that said they were giving me armabell, nothing came up in my anti virus, but i did get a lot of messages about a remote session.

http://en.wikipedia.org/wiki/Remote_Administration_Tool

but i promise it wasn't me that did any of this. I think i got this bug out of my system, no error messages so far.

Kim: why would i send spam to my own account? oO

i haven't been on tron much lately anyway, ive been working and taking care of the kid, not much time for spam, but w/e.

also about id forums, i have not had nothing to do with them. especially since i was banned from your forums a long time before they got hacked, like zman said, you should have had a backup, and im sure forumer keeps backups of your forums, so you should get in contact with them about the situation and not point fingers. and ari, you don't have evidence that i did it, its impossible because i haven't visited ID forums in forever lol you're just still mad because of our clan clashes that we've had loooong before your forums were hacked. i dont have time for any of this, matter of fact, gotta get to work now. good luck figuring it out.

EDIT: nevermind, instead of going to work today, im going to get the money this hacker stole from my paypal account
Image
Word
Reverse Adjust Outside Corner Grinder
Posts: 4258
Joined: Wed Jan 07, 2009 6:13 pm

Re: The wanna be hacker who didn't cover his tracks

Post by Word »

compguygene wrote:
Destiny at the Wild West Forums said
from email entitled i will hack ww next wrote:"Hi! I love Immortal Dynasty... I want to just be friends but they all hate me :( Can we be friends? I want to be friends... can we? Can WE!?!?!?!?!?! I WILL COME OVER YOUR HOUSE AND EAT YOUR CHICKEN IF WE CAN BE FRIENDS!! ! I LOVE CHICKENZZZZZSSZZ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I AM GOING TO HACK WW FORUMS NEXT!!! WATCH OUT :cen2:
sounds like someone who knows about the relationship between ID and vcl. doesn't sound like some random hacker who is just interested in Armagetron.
-=VcL.Rajinn wrote:apparently who ever is doing this sent me a remote admin tool that i downloaded foolishly from someone that said they were giving me armabell, nothing came up in my anti virus, but i did get a lot of messages about a remote session.

http://en.wikipedia.org/wiki/Remote_Administration_Tool
someone = ?
do you have evidence?

it doesn't appear very logical to me that you downloaded a program from a source you can't trust (if you look back what "happened") and that this person had enough time to try to hack the id and ww forums while personally attacking their admins/clanleaders per e-mail.
this doesn't sound as if anyone can do this by remote control...this person would have needed information it can only get when it is admin on a forum where the other forum's admins are registered. that's why it is strange that the "remote hacker" just picked out the forum admins he needed to get access to the other forums (i can't follow your argumentation in that part).
and it also seems invented that you post this so late after the ids have already a new forum. it looks as if you thought long about a way to get rid of all accusations.

isn't rats just a kind of universal excuse to say you lose the full control on your computer? you can say always "i used RAT and someone did shit with it" but the shit isn't just some random crap because it is directed to Destiny, Taz and Arilou.


edit: the technical stuff is completely unimportant to me and i won't do any research. you'll always be able to say "I use rat so i'm not responsible". but if that's true, who else would send messages like that, had access to your computer and some kind of anger towards the other clans?

if it wasn't you who hacked the forums you are in a bad situation now (ok, that's nothing really new for you i think :P ). you can still tell everyone what your proofs look like but saying that you don't know what all are talking about doesn't end this whole drama.

i am also unable to see why anyone believes you this without evidence after you've already sent hateful mails and things like that (rumours?)
Last edited by Word on Wed Jul 15, 2009 6:15 pm, edited 8 times in total.
User avatar
arilou
Average Program
Posts: 80
Joined: Wed Nov 29, 2006 10:28 pm
Location: Austin Texas
Contact:

Re: The wanna be hacker who didn't cover his tracks

Post by arilou »

Brandon/Rajinn/Codehunter/Nightmare/Excalibur/Virus/
You sent this email to my address 60 times last night and to some others , the part that incriminates you is your ip, and of course the name Brandon
Received: by 10.100.41.6 with SMTP id o6mr9547049ano.92.1247632901205;
Tue, 14 Jul 2009 21:41:41 -0700 (PDT)
Received: from Brandon (161-130.207-68.elmore.res.rr.com [68.207.130.161])
by mx.google.com with ESMTPS id c28sm695890anc.9.2009.07.14.21.41.40
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Tue, 14 Jul 2009 21:41:41 -0700 (PDT)
Message-ID: <[email protected]>
X-AOL-UID: 3167.1467717628

X-AOL-DATE: Wed, 15 Jul 2009 12:41:58 AM Eastern Daylight Time

Return-Path: <[email protected]>

Received: from rly-de04.mx.aol.com (rly-de04.mail.aol.com [172.19.170.140]) by air-de06.mail.aol.com (v124.15) with ESMTP id MAILINDE064-4cf4a5d5e0550; Wed, 15 Jul 2009 00:41:58 -0400

Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.210.172]) by rly-de04.mx.aol.com (v124.15) with ESMTP id MAILRELAYINDE046-4cf4a5d5e0550; Wed, 15 Jul 2009 00:41:41 -0400

Received: by mail-yx0-f172.google.com with SMTP id 2so406534yxe.14

for <[email protected]>; Tue, 14 Jul 2009 21:41:41 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=gamma;

h=domainkey-signature:received:received:message-id:mime-version:from

:to:x-priority:priority:importance:date:subject:content-type

:content-transfer-encoding;

bh=EdhJcjaSUSJywrBcuYieKvSwOPgCPeH6A7DNGAadtyg=;

b=huffCpqnPrAPlvXwxJgc60WyEBsQVocvTcba0pXv/3YctIGB5FeSYeWRt+GK2jby49

nrxRuW6GLuSnZ4Q0p1EcwytwR+qO+mze2TvxnUdCmzAOeQhHFs5TRz+9APLDkNbM4Wzv

FRV8S7lBkKY4Ezxs7mJb9au0mEA14yUcv+B8A=

DomainKey-Signature: a=rsa-sha1; c=nofws;

d=gmail.com; s=gamma;

h=message-id:mime-version:from:to:x-priority:priority:importance:date

:subject:content-type:content-transfer-encoding;

b=ZzirIo2CwPf6nz6fjmbbOK1+d1mF5EJ9EzDL72FUcn38yWrnCgFC5ROVFMyrZjUaTa

c110cDohZYeq3BkHFUAWUOK661GYZpvD/NyTo6XDPqo8POk0DgcjpqDXMuhZgstFFLP7

w0mZOG43oqB3Z2j8B+GfxZyoSEYvG/ZvAeCf0=

Received: by 10.100.41.6 with SMTP id o6mr9547049ano.92.1247632901205;

Tue, 14 Jul 2009 21:41:41 -0700 (PDT)

Received: from Brandon (161-130.207-68.elmore.res.rr.com [68.207.130.161])

by mx.google.com with ESMTPS id c28sm695890anc.9.2009.07.14.21.41.40

(version=TLSv1/SSLv3 cipher=RC4-MD5);

Tue, 14 Jul 2009 21:41:41 -0700 (PDT)

Message-ID: <[email protected]>

mime-version: 1.0

from: [email protected]

to: [email protected], [email protected],

[email protected], [email protected], [email protected]

x-priority: 1

priority: urgent

importance: high

date: Tue, 14 Jul 2009 21:41:41 -0700 (PDT)

subject: You got hacked!

content-type: text/plain; charset=us-ascii

content-transfer-encoding: quoted-printable

X-AOL-IP: 209.85.210.172

X-AOL-SCOLL-AUTHENTICATION: mail_rly_antispam_dkim-m268.2 ; domain : gmail.com DKIM : pass

X-Mailer: Unknown (No Version)



IMMORTAL DYNASTY WILL DIE! DIE DIE DIE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!=

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!=

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!=

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!=

!!!!!!!!!!!!!!
"Day after day, alone on a hill, the man with a foolish grin is keeping perfectly still" --- Billy Shears
destiny
Average Program
Posts: 55
Joined: Sun Feb 08, 2009 7:12 pm

Re: The wanna be hacker who didn't cover his tracks

Post by destiny »

i'm keeping to the facts and only the facts. the truth will come out, i['m not doing ANY speculating
Facts:
1. cloaklets name was misspelled in the email name.
2. cloaklet hasn't been on ww servers in months
3. cloaklet has spammed me before and he doesn't use or know my msn.
4. you were online enough the day before to send me a hateful, threatening email to my msn that originates back to the same ip as the spam ones.
5. you have lied before when you posted the ip info from ww forums.
User avatar
-=VcL.Rajinn
Round Winner
Posts: 242
Joined: Fri Aug 29, 2008 9:35 pm

Re: The wanna be hacker who didn't cover his tracks

Post by -=VcL.Rajinn »

Yeah, obviously i sent it to myself too. lol this whole thing is funny. You guys can continue to discuss this amongst yourselves. Word, lol go do some research or something on RATS and leave me alone. I didn't do anything.

the person that sent me the emails is blocked from my service, they sent me a lot of emails too

i'm keeping to the facts and only the facts. the truth will come out, i['m not doing ANY speculating
Facts:
1. cloaklets name was misspelled in the email name.
2. cloaklet hasn't been on ww servers in months
3. cloaklet has spammed me before and he doesn't use or know my msn.
4. you were online enough the day before to send me a hateful, threatening email to my msn that originates back to the same ip as the spam ones.
5. you have lied before when you posted the ip info from ww forums.
1. lol, its cloaket, not "cloaklet" anyone can attest to that.
2. i dont know about that. he's played under the name -=VcL.Jwillz impersonating taz.
3. appears he's spammed all the leaders, me taz, kim and ari. why would i spam myself and taz? oO
4. It was not threatening, and yes, i did send that to you. All I was saying is that you were brought into all the drama when you started helping arilou and believing his stupid lies.
5. idk what u are talking about lol
Image
Locked