SFGHQ, Fan Game Network Hacked

I covered this on SHQ News from Wednesday on, but here it is on TSSZ in case you don’t know.  Wednesday night, someone wiped out all of the Sonic Fan Games HQ and the Fan Game Network.  Thursday evening, the sites were restored, though the SFGHQ currently lacks CGI news.  From Thursday to midday Friday, Andy Wolan of Emulation Zone checked log information, and released a report:

After some internal investigation, we have identified the perpetrator of the “attack” to be no other then Ultra The Vampire. (We will refer to him as UV.) UV is the founder of a section here at the ‘Zone entitled Mario Maniacs Development Group (MMDG). (http://www.emulationzone.org/mmdg)

UV was given Rlan’s password to the site in hopes he could help out with the site. UV did make some contributions to SFGHQ. However, from what I understand, UV has always been jealous of the success of Rlan’s website. UV has also been trying desperately to try to beat Rlan at his own game by creating MMDG. His site never had a real theme to it and it just seemed like he was trying to setup a rip-off website based on already well-established websites, including SSRG and SFGHQ. This would explain why MMDG has never had any true organization or a real identity. (He even tried to pass the layout of the popular Mario site “The Mushroom Kingdom” as his own once.)

On the night of July 27 between 00:39 and 01:00GMT (July 26 8:30pm – 9:00pm EDT), someone using Rlan’s account logged into the FTP server and began deleting his website. Logs indicate that the perpetrator was logged in from :

18.new-york-01-02rs.ny.dial-access.att.net

In order words, someone logged-in from New York City, NY using an AT&T World Net account. Since it’s a dial-up account, the IP address of the perpetrator is dynamic (always changing), but it gives us enough info to narrow in on a particular person. Believe it or not, the email address of UV is . In other words, UV has a AT&T World Net account. This caught my attention.

According to Rlan, he only gives the password of his site to two people: UV and some guy named Mike. Mike lives in the UK so I ruled him out. The above address resolves to 12.78.192.18 Using ICQ, the last known IP address which UV is using is 12.79.12.7 (The last two fields are not too important since AT&T World is huge, so they must have a lot of IP address. The first two are.) Note that the first two fields are very similar.

With the evidence given, I am confident that the perpetrator was no other then Ultra the Vampire. The password was not hacked, rather it was obtained via “networking” with Rlan by working with him on his site. The attack was done on July 26, between the times of 8:30pm – 9:00pm EDT. The motivation behind the attack was jealousy.

I am surprised that jealousy got so far as to cause UV to back stab a friend and to betray me and the entire Emulation Zone staff. God warned everyone with the 10th commandment “You shall not covet your neighbor’s property” If only UV knew about that before hand. I guess he will have plenty of time to think about this commandment and to think over what he has done, for his account and his web site on the ‘Zone is being removed.

In closing, does anyone know this individual’s real name?

AJ Freda posted this on the SFGHQ Message Board, it concerns why Ultra’s hack was so easy to uncover:

Yarharhar and Sorok are entirely correct. The majority of you here really don’t know how the internet works, anyway (I say we go back to Unix dialup terminals!! Who here remembers Gopher and Archie? ^_^). The Internic assigns IP addresses in “blocks” of 256. This would mean if you purchased the “202.142.136.x” block, you would have all IP addresses from 202.142.136.0 up to 202.142.136.255. ISPs purchase their IP addresses in these ‘blocks’ and keep them similar so it is easy to manage and locate various parts of their network.

It was obvious Ultra the Vampire didn’t even know how to do a proper attack… most servers do backup processes, so if I was him, I would slowly delete the site a small bit at a time starting with unnoticeable parts so all of it wouldn’t get caught in subsequent backups. Another flop of his was to log on using an internet account that is the same as his e-mail address. The e-mail I use (tcnet.org) isn’t my ISP, so it would be difficult for anyone to really trace where I might be located/find out it was me. One more thing he did was not check the “Don’t show my IP address” option in ICQ. =)

I don’t know how some other people feel, but I’ve never felt comfortable in the “Sonic Fan Game Community”. Too many strange people/things happening…

Ultra the Vampire did say some things in his defense:

SHUT THE @#%$ UP!!!!!!!
First: He said he had my I.P.???when??
…2. JEALOUSY???? DON’T GET ME STARTED ON THAT.
3. …I could’ve given the pass to someone else and let them deleted it if I wanted to.
4. HOW THE @#%$ WOULD THAT HELP???I DON’T HAVE ANY SONIC STUFF ON MY SITE! DUMBASS
5. @#%$ OFF YOU @#%$ MASTERS.

It’s not very convincing, though obviously Ultra is very mad.  We still haven’t heard formally from Rlan on this matter, so hopefully that will occur in the next couple of days.