We Had A Problem Here at Insomniacs Lounge

lanidar

RIP Lanidar
Joined
Sep 5, 2003
Location
Avenel, New Jersey
We had A Problem Here
--------------------------------------------------------------------------------
On October 23, 2004 - A criminal scored another target by deleting this entire forum. Nothing left what so ever. I can think of one reason only, why someone would do that to a posting forum and that is, a post must have been made against him that he didn't want anyone reading, so instead of just deleting the post, he decides to delete the forum.

The HACKER went in and used Lanidar2000, who is an Administrator to do his dirty work. Then before leaving Insom, he changed my password so that I couldn't log in!


It isn't costing Insomniacs Lounge one thing but a little time to put back the banners, links and forums and let the posting start again. I'm just relieved that what happened here isn't anything like what happened to this place:::

In February 2003, Russian organized crime scored another target by taking control of Grafix Softech, the largest Internet gaming enterprise that operates 120 gambling websites. The shutdown was devastating. According to Juan Bonilla, executive vice president of Grafix Softech, located in San Juan, Costa Rica, �The payoff to restore service was insignificant compared to loss of data containing names of customers and other operational records destroyed once the DOS attacks were unleashed.� In a miraculous feat, Bill Margeson, president of CBL Data Recovery Technologies, and staff technicians recovered the valuable data. They discovered the Russian criminals had bypassed firewalls and other security systems and inserted a virus into the five servers that Grafix used for online operations. �It was akin to hacking into the Pentagon,� Margeson told investigators.

Now isn't that a shame, that something like that happened to the owner of Grafix Softech, located in San Jose Costa Rica, just horrible! And I'm sure he's such a great guy that he would never consider doing anything harmful against or to another person.

By the way, I checked the log files, and here is the IP of the person responsible for deleting Insomniacs Lounge 65.182.30.15. And what a coincidence, it traces back to Costa Rica.

Information on trace:

American Registry for Internet Numbers

North America, South America, the Caribbean and sub-Saharan Africa

AMNET US AMNET-BLK4 (NET-65-182-0-0-1)
65.182.0.0 - 65.182.31.255
Radiografica Costarricense SA AMNET-BLK4-CR-RACSA-02 (NET-65-182-11-0-1)
65.182.11.0 - 65.182.30.255

# ARIN WHOIS database, last updated 2004-10-23 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
AMNET US AMNET-BLK4 (NET-65-182-0-0-1)
65.182.0.0 - 65.182.31.255
Radiografica Costarricense SA AMNET-BLK4-CR-RACSA-02 (NET-65-182-11-0-1)
65.182.11.0 - 65.182.30.255

Strange, isn't it?

See Related Threads:
 
Last edited by a moderator:
Blimey, Lanidar, how incredibly f*****d up. I'm sorry to hear that, and that you've evidently lost the entire contents of the forum. What could the motivation of the malicious bastard have been? If it was a rogue casino operator they must be used to bad press so to single you out seems bizarre. How pathetic.

Couldn't you have backed up the forum contents somehow, so as not to lose everything in the event of a disaster like this?
 
so sorry, I had the same thing happen to my site, one of the rogue casino reported me , for reporting them slow pay.
 
That really sucks! Shame on this person!

Btw, i use this tiny program (45kb)
You do not have permission to view link Log in or register now.


And here is result:

IP Addresses Report


Created by using IPNetInfo
Order 1
IP Address 65.182.30.15
Status Succeed
Country USA - Florida
Network Name AMNET-BLK4-CR-RACSA-02
Owner Name Radiografica Costarricense SA
From IP 65.182.11.0
To IP 65.182.30.255
Allocated Yes
Contact Name Radiografica Costarricense SA
Address Avenida 5 Calle 1
San Jose

Email kopper@racsa.co.cr
Abuse Email inetcontact@amnetus.com
Phone +1-954-346-0324
Fax
Whois Source ARIN

_________________________________________

Address: Avenida 5 Calle 1
City: San Jose
StateProv:
PostalCode: SJ 54-1000
Country: CR

NetRange: 65.182.11.0 - 65.182.30.255
CIDR: 65.182.11.0/24, 65.182.12.0/22, 65.182.16.0/21, 65.182.24.0/22, 65.182.28.0/23, 65.182.30.0/24
NetName: AMNET-BLK4-CR-RACSA-02
NetHandle: NET-65-182-11-0-1
Parent: NET-65-182-0-0-1
NetType: Reassigned
NameServer: DNS1.RACSA.CO.CR
NameServer: DNS2.RACSA.CO.CR
Comment:
RegDate: 2004-06-03
Updated: 2004-06-03

TechHandle: KOPPE-ARIN
TechName: Kopper, Luis
TechPhone: 506-287-0446
TechEmail: kopper@racsa.co.cr

OrgTechHandle: KOPPE-ARIN
OrgTechName: Kopper, Luis
OrgTechPhone: 506-287-0446
OrgTechEmail: kopper@racsa.co.cr

# ARIN WHOIS database, last updated 2004-10-23 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
 
My $10,000 says one of them evil RTG's did it.
Not a hacker or anything, just a CSR who happened to locate your account and knew you had a website.
 
snuf419 said:
My $10,000 says one of them evil RTG's did it.
Not a hacker or anything, just a CSR who happened to locate your account and knew you had a website.
The normal procedure is that only an encrypted version of the password is stored, so that nobody can find out your password without devoting some serious computing effort to it. A customer service rep can set your password if you forget it, but he cannot tell you what your password was. I would be shocked if RTG used such an insecure method as storing the passwords in plaintext.
 
That's a real bummer for you and Jinnia, Lanidar and I sympathise with you. Frustrating not knowing what information they had as their primary target, but presumably you have briefed all your Insomniac members and perhaps one of them will come up with something that will give you a lead. It certainly is a mean world we're in!

May we use this in InfoPowa as a reminder to other sites that tight security and protective screening are critically important?
 
Laddinar & Jinnia,
So bloody sorry so hear about this. Who would do it? Anyone really with a sick sense of self-satisfaction. A ego tripper, a child.
I am glad to hear that you guys have not lost financially, but then, I do believe time is money!! (Worth in gold !)
I wish you best of fortune in catching this person, and may he/she/it burn in an infernal hell of capturing data in purgatory.
That, or the flees of a thousand camels invest the pubic area and their hands turn into hooks.
Either way, I hope it is unpleasant!
--- Please let me know if there is anything I can try and assist with. Might be a ditz, but I am a ditz with loads of knowledge! ----
 
jetset said:
May we use this in InfoPowa as a reminder to other sites that tight security and protective screening are critically important?

You cetainly may...and thank you for your advice.

AND...thank you Petunia and everyone else that wishes us well. :notworthy
 
Last edited:
Thank you jetset and Petunia.

Forum is all back, except for the posts. We'll just make better ones this time around :thumbsup:

There's an hour and 13 minute time frame from Insom being deleted to lanidar receiving an email from a CERTAIN person in Costa Rica, with the email being sent before the deletion started.

The IP in the log file traces back to Costa Rica.

Nothing 100% positive, but we know, too many coincidences.
 
QUOTE: There's an hour and 13 minute time frame from Insom being deleted to lanidar receiving an email from a CERTAIN person in Costa Rica, with the email being sent before the deletion started.UNQUOTE

What was the content of that email, Jinnia? Any references to the event?
 
Here's the email.

jetset said:
QUOTE: There's an hour and 13 minute time frame from Insom being deleted to lanidar receiving an email from a CERTAIN person in Costa Rica, with the email being sent before the deletion started.UNQUOTE

What was the content of that email, Jinnia? Any references to the event?

Here is the email that was sent to me. Has NO references to the event.
Now, this was sent to the email address I have at Insom. NOT the email address I use for personal use and for registering at casinos.

Hello John,

Please contact me at 1-888-824-6874 or give me a contact number where I can reach you.

Regards,

General Manager
Virtual Casino

THAT'S IT!!! :confused:
 
chucho said:
Have you had a problem with Warren Cloud / Oliver Curran lately?

No...not at all.
Besides this led us to Costa Rica and the following post was made by Jinnia at Insom...

Now isn't that a shame, that something like that happened to the owner of Grafix Softech, located in San Juan Costa Rica, just horrible! And I'm sure he's such a great guy that he would never consider doing anything harmful against or to another person.

By the way, I checked the log files, and here is the IP of the person responsible for deleting Insomniacs Lounge 65.182.30.15. And what a coincidence, it traces back to Costa Rica.

Information on trace:


American Registry for Internet Numbers

North America, South America, the Caribbean and sub-Saharan Africa

AMNET US AMNET-BLK4 (NET-65-182-0-0-1)
65.182.0.0 - 65.182.31.255
Radiografica Costarricense SA AMNET-BLK4-CR-RACSA-02 (NET-65-182-11-0-1)
65.182.11.0 - 65.182.30.255

# ARIN WHOIS database, last updated 2004-10-23 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
AMNET US AMNET-BLK4 (NET-65-182-0-0-1)
65.182.0.0 - 65.182.31.255
Radiografica Costarricense SA AMNET-BLK4-CR-RACSA-02 (NET-65-182-11-0-1)
65.182.11.0 - 65.182.30.255

Strange, isn't it?
 
Just checked www.prismcasino.com, all information has changed. BUT, I did find something strange when performing an indepth tracert on the new IP that shows. I'm checking and rechecking to make sure before saying anything. I just hope it turns out that I am wrong in my initial find :mad: .
 
Lanidar, did you call this person at Virtual back to see what he wanted you to call him for? If so, what did he have to say?
 
jetset said:
Lanidar, did you call this person at Virtual back to see what he wanted you to call him for? If so, what did he have to say?
Hi jetset, I'll answer this.

Yes, he was called, twice, he wanted the connection between Virtual and Prism to be stopped, and I'm not quite clear on the part about the posting of the court document, but I think he wanted that removed, may have been because it referred to Prism also in the post, can't check the post since everything was deleted, but I think it did, I'm not sure.

The document was reposted at Insom once we got it up and running again, I did get permission to move it, to Archives.

But a link to the original document was posted sometime after moving the document itself.

The legal document is important for people to see, in my opinion.
 
Thanks. Whilst probably not legally conclusive, imo it is suspicious to say the least that his interest in removing the material critical of Virtual and Prism should coincide with this disgraceful assault on your site.
 
In Hotmail, you can set what details you want to see by sender.
Sorry, don't remember english-help (since i use "Finnish" Hormail)

About Insomniacs Lounge history: :D
Outdated URL (Invalid)

Didn't find anything with this
You do not have permission to view link Log in or register now.
 
jinnia said:
Hi jetset, I'll answer this.

Yes, he was called, twice, he wanted the connection between Virtual and Prism to be stopped, and I'm not quite clear on the part about the posting of the court document, but I think he wanted that removed, may have been because it referred to Prism also in the post, can't check the post since everything was deleted, but I think it did, I'm not sure.

The document was reposted at Insom once we got it up and running again, I did get permission to move it, to Archives.

But a link to the original document was posted sometime after moving the document itself.

The legal document is important for people to see, in my opinion.

A very interesting 'coincidence' indeed. :eek: Just a fluke I'm sure. ;)
 
Sodax77 said:
In Hotmail, you can set what details you want to see by sender.
Sorry, don't remember english-help (since i use "Finnish" Hormail)

About Insomniacs Lounge history: :D
Outdated URL (Invalid)

Didn't find anything with this
You do not have permission to view link Log in or register now.

I want to thank you so much for the cache file link :notworthy , it saved me from logging into two more accounts and scripting the banners back in. View Source, copy/paste back into Insom, they were there. Thank You!

I didn't even think of doing that. An age thang .. :)
 

Users who are viewing this thread

Meister Ratings

Back
Top