Realm of the Mad God Domain Name Stolen

  • Author:xnite
  • Date:2014/02/06
realmofthemadgod_hacked

AfraidIRC chat embedded into web page on realmofthemadgod.com

realmofthemadgod-swat-txt

Text file which appeared at realmofthemadgod.com/swat.txt

Yesterday at around 6:24PM central time, realmofthemadgod.com was hijacked by a group calling themselves swatsec. A mibbit chat was embedded to direct visitors to AfraidIRC (and later on Freenode).

Our staff members at AfraidIRC had to constantly let people visiting know that we are not affiliated with the game or the company behind it, and also let people know that we had nothing to do with the hijacking. Other than being a minor annoyance, since we didn’t actually know what was going on at first, that really wasn’t all that bad.Last time I checked, about an hour after our chat being up on Realm of the Mad God, the chat was now directed to Freenode’s #Ubuntu support channel.

Interestingly enough, another link was posted to us where a text file was left by the thieves, talking about swatting. The group behind the hijacking is swatsec, so that really isn’t very shocking.

After hijacking the domain, the group pointed it to a server hosted by Ecatel. You can contact Ecatel about the abusive use of their services by email at [email protected]. Be sure to let them know that the IP address of the server being abused is: 93.174.95.82.

Aside from pointing the domain to a new server so that they could appear to have hacked Kabam & defaced RotMG, the domain name registration information was also changed to reflect that of Ryan Cleary who was charged in 2011 with crimes related to lulzsec.

realmofthemadgod-ip-address realmofthemadgod-ip-address-whois-information-on-payload-server realmofthemadgod-whois-information-domain-hijacked

swatsec attempting to sell the source code that they allegedly stole

swatsec attempting to sell the source code that they allegedly stole

According to some of the posts I’ve seen on Reddit, before the group started putting up chat pages on the page, they were also attempting to sell source code that they allegedly stole from the servers. I assume their plans of extortion failed when people started to realize that the company’s servers were not actually hacked.

From Reddit:

Robert Whitney
I'm a geek, gamer and breaker of things. I'm a programmer by day and an apache attack helicopter by night. Some would call me their spirit animal.
Opinions expressed here, even 💩 ones, are my own and do not represent those of my employer or associates.
Referral Links

Using my referral links is the best way to help me pay for my projects and development servers and get something out of it for yourself.

Copyright©2011 - 2018, Robert Whitney; All rights reserved.