PDA

View Full Version : STEAM_0:0:717094 <-- Fishing for Steam Accounts



Scuzzy
1st December 2006, 06:51
This evening one of our members was contacted through steam's chat program with the age old "You're account has been hacked you must give us your password or it will be banned" scam.

We setup a web page and the clan member told the guy "We have a website that lists all our clan's steam accounts and password so we can share them, could you verify all those haven't been stolen?" And, the idiot bought it. He visited the webpage, and all it did was write his IP address to a database. We then tracked his IP down to the following steam account: STEAM_0:0:717094 IP: 72.177.49.166

He only visited our server once, long enough to find a target and ask them to give up their account information. I don't want other servers to have players fall prey to this scam, so feel free to take any attention you feel is appropriate. Below is part of the chat.

Thanks,
Scuzzy

-----

Never tell your password to anyone.
VAC|Mike says:
Hello, again.
LadyBadass says:
Hi
VAC|Mike says:
Sorry, Steam crashed. Having update problems..
VAC|Mike says:
Ok. About your account.
VAC|Mike says:
It's going to be banned in about 30 minutes or so.
VAC|Mike says:
If I don't get the information I need
LadyBadass says:
My user mane and pass it on the page i gve u....
LadyBadass says:
That's all i know
VAC|Mike says:
Well, I'm not allowed to go onto the internet
VAC|Mike says:
While working.
LadyBadass says:
then do that after work....sorry
VAC|Mike says:
Ok. I'll check that website out.
VAC|Mike says:
One moment.
LadyBadass says:
when r u off work?
VAC|Mike says:
I just checked that site
VAC|Mike says:
It doesn't show anything
VAC|Mike says:
Couldn't show datebase.
VAC|Mike says:
Please provide me with your Accont Info and Password..
LadyBadass says:
I've done what I could but that page has all the stuff....hmmm
VAC|Mike says:
Well, your account will be banned soon.
VAC|Mike says:
If you can't provide the Account Name and Password.

VAC|Mike says:
its not working
VAC|Mike says:
You there?

Cheesey
1st December 2006, 07:50
Wow, that's great! Cool work, fast switching! :D

EmeralDragon
1st December 2006, 16:12
AWESOME work Scuzzy!

I'll add him to the list ASAP.

Scuzzy
1st December 2006, 18:53
LadyBadass deserves a ton of credit. She kept him on hold with BS that I and Going Postal kept giving her while I whipped the webpage together... She's a great improviser and we wouldn't have caught him without her.

Later in the conversation I had her give him HIS OWN steam id and name and he finally got a clue that he was in trouble... :) If you log into our servers, I know where you live. :)

Scuzzy

Gusdor
1st December 2006, 19:09
Thats classic :D

Paegus
1st December 2006, 20:02
lol.. classic. nice job.

Isolation
1st December 2006, 20:43
A report to Valve might be in order.

Scuzzy
2nd December 2006, 00:51
Already did that last night. :)

Scuzzy

Cheesey
2nd December 2006, 23:04
Scuzzy']LadyBadass deserves a ton of credit. She kept him on hold with BS that I and Going Postal kept giving her while I whipped the webpage together... She's a great improviser and we wouldn't have caught him without her.

Later in the conversation I had her give him HIS OWN steam id and name and he finally got a clue that he was in trouble... :) If you log into our servers, I know where you live. :)

Scuzzy

LOL, so great! Reminds me to a guy who thought he was a great hacker. He was in a chatroom and asked for the IP of smb else... he gave him this one.... : 127.0.0.1

So, he hacked his own PC... and finally deleted his hard drive.... just awesome to read, like yours! Great work!

waRp^
2nd December 2006, 23:46
LOL, so great! Reminds me to a guy who thought he was a great hacker. He was in a chatroom and asked for the IP of smb else... he gave him this one.... : 127.0.0.1

So, he hacked his own PC... and finally deleted his hard drive.... just awesome to read, like yours! Great work!

hehe i know that one, here is the qoute of it since the web page doest work annymore.

quote:


* bitchchecker (~java@euirc-a97f9137.dip.t-dialin.net) Quit (Ping timeout#)
* bitchchecker (~java@euirc-61a2169c.dip.t-dialin.net) has joined #stopHipHop
<bitchchecker> why do you kick me
<bitchchecker> can't you discus normally
<bitchchecker> answer!
<Elch> we didn't kick you
<Elch> you had a ping timeout: * bitchchecker (~java@euirc-a97f9137.dip.t-dialin.net) Quit (Ping timeout#)
<bitchchecker> what ping man
<bitchchecker> the timing of my pc is right
<bitchchecker> i even have dst
<bitchchecker> you banned me
<bitchchecker> amit it you son of a bitch
<HopperHunter|afk> LOL
<HopperHunter|afk> shit you're stupid, DST^^
<bitchchecker> shut your mouth WE HAVE DST!
<bitchchecker> for two weaks already
<bitchchecker> when you start your pc there is a message from windows that DST is applied.
<Elch> You're a real computer expert
<bitchchecker> shut up i hack you
<Elch> ok, i'm quiet, hope you don't show us how good a hacker you are ^^
<bitchchecker> tell me your network number man then you're dead
<Elch> Eh, it's 129.0.0.1
<Elch> or maybe 127.0.0.1
<Elch> yes exactly that's it: 127.0.0.1 I'm waiting for you great attack
<bitchchecker> in five minutes your hard drive is deleted
<Elch> Now I'm frightened
<bitchchecker> shut up you'll be gone
<bitchchecker> i have a program where i enter your ip and you're dead
<bitchchecker> say goodbye
<Elch> to whom?
<bitchchecker> to you man
<bitchchecker> buy buy
<Elch> I'm shivering thinking about such great Hack0rs like you
* bitchchecker (~java@euirc-61a2169c.dip.t-dialin.net) Quit (Ping timeout#)



What happened is clear: That guy entered his own IP-Adress in his mighty Hack-Tool and crashed his own PC. This way, the attack on my PC was a failure. I was already starting to think that I did not have to worry, but a good hacker never calls it a day. Two minutes later he returned.

quote:


* bitchchecker (~java@euirc-b5cd558e.dip.t-dialin.net) has joined #stopHipHop
<bitchchecker> dude be happy my pc crashed otherwise you'd be gone
<Metanot> lol
<Elch> bitchchecker: Then try hacking me again... I still have the same IP: 127.0.0.1
<bitchchecker> you're so stupid man
<bitchchecker> say buy buy
<Metanot> ah, [Please control your cussing] off
<bitchchecker> buy buy elch
* bitchchecker (~java@euirc-b5cd558e.dip.t-dialin.net) Quit (Ping timeout#)



There was a tension in the room... Would he manage, after these two failures, to crash my PC? I waited. Nothing happened. I felt relieve... Six minutes passed by until he prepared the next wave of attack. Being a Hacker, who usually cracks whole data centers, he knew what his problem was now.

quote:


* bitchchecker (~java@euirc-9ff3c180.dip.t-dialin.net) has joined #stopHipHop
<bitchchecker> elch you son of a bitch
<Metanot> bitchchecker how old are you?
<Elch> What's up bitchchecker?
<bitchchecker> you have a frie wal
<bitchchecker> fire wall
<Elch> maybe, i don't know
<bitchchecker> i'm 26
<Metanot> such behaviour with 26?
<Elch> how did you find out that I have a firewall?
<Metanot> tststs this is not very nice missy
<bitchchecker> because your gay fire wall directed my turn off signal back to me
<bitchchecker> be a man turn that shit off
<Elch> cool, didn't know this was possible.
<bitchchecker> thn my virus destroys your pc man
<Metanot> are you hacking yourselves?
<Elch> yes bitchchecker is trying to hack me
<Metanot> he bitchchecker if you're a hacker you have to get around a firewall even i can do that
<bitchchecker> yes man i hack the elch but the sucker has a fire wall the
<Metanot> what firewall do you have?
<bitchchecker> like a girl
<Metanot> firewall is normal a normal hacker has to be able to get past it...you girl^^
<He> Bitch give yourself a jackson and chill you're letting them provoce you and give those little girls new material all the time
<bitchchecker> turn the firewall off then i send you a virus [Please control your cussing]er
<Elch> Noo
<Metanot> he bitchchecker why turn it off, you should turn it off
<bitchchecker> you're afraid
<bitchchecker> i don't wanna hack like this if he hides like a girl behind a fire wall
<bitchchecker> elch turn off your shit wall!
<Metanot> i wanted to say something about this, do you know the definition of hacking??? if he turns of the firewall that's an invitation and that has nothing to do with hacking
<bitchchecker> shut up
<Metanot> lol
<bitchchecker> my grandma surfs with fire wall
<bitchchecker> and you suckers think you're cool and don't dare going into the internet without a fire wall



He calls me girly and says only his grandma would use a firewall. I know that elder people are much more intelligent then younger, but I couldn't let that rest. To see whether he really is a good hacker I lie and let everything as it is. I don't have a firewall at all, only my router.

quote:


<Elch> bitchchecker, a collegue showed me how to turn the firewall off. Now you can try again
<Metanot> bitchhacker can't hack
<Black<TdV>> nice play on words ^^
<bitchchecker> wort man
<Elch> bitchchecker: I'm still waiting for your attack!
<Metanot> how many times again he is no hacker
<bitchchecker> man do you want a virus
<bitchchecker> tell me your ip and it deletes your hard drive
<Metanot> lol ne give it up i'm a hacker myself and i know how hackers behave and i can tell you 100.00% you're no hacker..^^
<Elch> 127.0.0.1
<Elch> it's easy
<bitchchecker> lolololol you so stupid man you'll be gone
<bitchchecker> and are the first files being deleted
<Elch> mom...
<Elch> i'll take a look



In panic I started the Windows Explorer, my heart beating faster. Had I under-estimated him?

quote:


<bitchchecker> don't need to rescue you can't son of a bitch
<Elch> that's bad
<bitchchecker> elch you idiout your hard drive g: is deleted
<Elch> yes, there's nothing i can do about it
<bitchchecker> and in 20 seconds f: is gone



Yes, true, G: and F: were gone. Did I ever have them? Doesn't matter, I did not have time to think, I was scared. bitchchecker was comforting me with a music tip.

quote:


<bitchchecker> tupac rules
<bitchchecker> elch you son of a bitch your f: is gone and e: too



Drive E:? Oh my god... All the games are there! And the vacation pictures! I instantly take a look. Everything still there. But the hacker said it was deleted....

Or isn't it happening on my computer?

quote:


<bitchchecker> and d: is at 45% you idiot lolololol
<He> why doesn't meta say anything
<Elch> he's probably rolling on the floor laughing
<Black<TdV>> ^^
<bitchchecker> your d: is gone
<He> go on BITCH



The guy is good: My CD-drive is allegedly deleted! Bitchchecker turned my ancient disk sucker into a burner! But how did he do this? I'll have to ask him. Some encourage him. He himself is giving advice how to avoid the disaster on my hard drives.

quote:


<bitchchecker> elch man you're so stupid never give your ip on the internet
<bitchchecker> i'm already at c: 30 percent



Should I tell him he's not attacking my computer?

quote:


* bitchchecker (~java@euirc-9ff3c180.dip.t-dialin.net) Quit (Ping timeout#)



Too late... It's 20:22 when we get the last message of our hacker with the alias "bitchchecker". We see that he has a "Ping timeout". We haven't seen him since then... must be the Daylight Saving Time.

_____________________________

The ends do not justify the means, for the true measures of our character are the means we are willing to use and not the ends we proclaim.

Zabiela
3rd December 2006, 02:00
Wow, what a selfpown.

Cheesey
3rd December 2006, 10:42
Cool, didn't know that there is a english version too! Nice work! Still rofling whe I read through it!

Suipwnage...:D

superman1000
3rd December 2006, 11:54
OrgName: Road Runner HoldCo LLC
OrgID: RRSW
Address: 13241 Woodland Park Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US

ReferralServer: rwhois://ipmt.rr.com:4321

NetRange: 72.176.0.0 - 72.191.255.255
CIDR: 72.176.0.0/12
NetName: RRSW
NetHandle: NET-72-176-0-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.RR.COM
NameServer: DNS2.RR.COM
NameServer: DNS3.RR.COM
NameServer: DNS5.RR.COM
NameServer: DNS6.RR.COM
Comment:
RegDate: 2005-11-21
Updated: 2006-10-16

OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-345-3416
OrgAbuseEmail: abuse@rr.com

OrgTechHandle: IPTEC-ARIN
OrgTechName: IP Tech
OrgTechPhone: +1-703-345-3416
OrgTechEmail: abuse@rr.com

# ARIN WHOIS database, last updated 2006-12-02 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


-----------------

IP address: 72.177.49.166
Reverse DNS: cpe-72-177-49-166.austin.res.rr.com.
Reverse DNS authenticity: [Verified]
ASN: 11427
ASN Name: SCRR-11427
IP range connectivity: 1
Registrar (per ASN): ARIN
Country (per IP registrar): US [United States]
Country Currency: USD [United States Dollars]
Country IP Range: 72.176.0.0 to 72.183.255.255
Country fraud profile: Normal
City (per outside source): Austin, Texas
Country (per outside source): US [United States]
Private (internal) IP? No
IP address registrar: whois.arin.net
Known Proxy? No
Link for WHOIS: 72.177.49.166

traceroute - http://www.dnsstuff.com/tools/tracert.ch?ip=72.177.49.166

Has also played on hldm classic - http://65.27.6.31/hlstats/hlstats.php?mode=playerinfo&player=4729

send to valve, and isp abuse email - abuse@rr.com

for mega win.

Gl.