# Just received this on Skype from Nick @ RamNode



## Marc M. (Jun 25, 2013)

[7:20:11 PM] ServerCrate+RamNode: Hi! I'd like to announce that servercrate and ramnode have merged. In a couple of days all of ramnodes VPSes will be transferred to avante hostings premium high speed network.
-Robert Clarke
CEO of ServerCrate and RamNode

(Sorry if you received this message multiple times, had some issues with the broadcast.)

========================================================================================

I assume that it was broadcasted to everyone in Nick's contact list.

Looks like someone is up to no good again. If anyone has any info please post it or contact Nick. This has to be dealt with.


----------



## D. Strout (Jun 25, 2013)

I have it too. Damn that kid!


----------



## tdc-adm (Jun 25, 2013)

I have got this message via ramnode on skype some minutes ago: 



> Hi! I'd like to announce that servercrate and ramnode have merged. In a couple of days all of ramnodes VPSes will be transferred to avante hostings premium high speed network.
> 
> -Robert Clarke
> 
> ...


Is this true or Robert Clarke hacked ramnode nick?



My timezone is +7 GMT


----------



## MannDude (Jun 25, 2013)

tdc-adm said:


> I have got this message via ramnode on skype some minutes ago:
> 
> Is this true or Robert Clarke hacked ramnode nick?
> 
> ...


Merged your topic with this one as it was posted a few moments before yours.


----------



## Marc M. (Jun 25, 2013)

Just fishing here but I don't think it was Clarke. My nick on IRC was occupied as well. Looking at the IP it was a Canada IP address: 184.75.213.194 Amanah Tech Inc. (AS32489)


----------



## kaniini (Jun 25, 2013)

That IP appears to belong to a VPN provider.


----------



## Francisco (Jun 25, 2013)

They're connecting from 168.63.55.14, which is a microsoft owned IP.

Francisco


----------



## tdc-adm (Jun 25, 2013)

Got via @ramnode twitter:



> Please ignore any mass messages on Skype received in the last few minutes. They are fake.


----------



## Marc M. (Jun 25, 2013)

*@**Francisco* could it be one of them fancy Azure VMs?


----------



## Marc M. (Jun 25, 2013)

tdc-adm said:


> Got via @ramnode twitter: Quote Please ignore any mass messages on Skype received in the last few minutes. They are fake.


Duh, we've all gathered that much. The better question is: who did it?!


----------



## tdc-adm (Jun 25, 2013)

Yes, who did it?


----------



## D. Strout (Jun 25, 2013)

Marc M. said:


> Duh, we've all gathered that much. The better question is: who did it?!


I asked Nick on Twitter.


----------



## D. Strout (Jun 25, 2013)

RamNode just came online and sent out "ignore". I asked again on Skype who did it, no answer.


----------



## Nick_A (Jun 25, 2013)

Please ignore the messages--obviously it was an account takeover. The situation is fixed now.


----------



## D. Strout (Jun 25, 2013)

Nick_A said:


> Please ignore the messages--obviously it was an account takeover. The situation is fixed now.


Tell me it didn't happen due to password reuse?

*Edit:*



> Please ignore any recent messages regarding ServerCrate. RamNode has not been sold and is not merging with any other company. There will be no changes in service as implied by that message. My Skype account was merely hacked, *likely with social engineering*, and has been restored.
> 
> 
> 
> ...


----------



## Ruchirablog (Jun 25, 2013)

D. Strout said:


> Tell me it didn't happen due to password reuse?
> 
> *Edit:*


blah


----------



## XFS_Brian (Jun 25, 2013)

Is this Clarke guy the same one that admitted that he hacked RAM NODE SolusVM?


----------



## jarland (Jun 25, 2013)

Children.


----------



## Aldryic C'boas (Jun 25, 2013)

XFS_Brian said:


> Is this Clarke guy the same one that admitted that he hacked RAM NODE SolusVM?


The name is reference to the same kid, yes.  I doubt he was actually stupid enough to do this himself (he's already been "framed" once, some time before he uploaded the backdoor to RamNode).  Nor do I think he's clever enough to actually do this himself in his own name for the purpose of making people think "he got framed again".

My two cents - he pissed off yet another skid that decided to have some more fun at his expense.


----------



## D. Strout (Jun 25, 2013)

Aldryic C said:


> My two cents - he pissed off yet another skid that decided to have some more fun at his expense.


Or maybe he didn't actually piss off anyone, they just felt like framing him for the lulz.


----------



## kaniini (Jun 25, 2013)

Hmm, sounds like it was phished based on the message D. Strout posted earlier?


----------



## drmike (Jun 25, 2013)

Man, what's with the hate of  RamNode by some random, faceless and if found headless skids lately?


----------



## D. Strout (Jun 25, 2013)

buffalooed said:


> If found headless skids


Good one. Maybe they're jealous of Nick's success? IDK, but they really need to get a life.


----------



## Marc M. (Jun 25, 2013)

buffalooed said:


> Man, what's with the RamNode hate of some random, faceless and if found headless skids lately?


*@* someone has put allot of effort into this. I wonder what the skid sent Nick by email... to make him "byte" and phish his Skype password.


----------



## D. Strout (Jun 25, 2013)

Nick said "social engineering", not "phishing". Maybe they called Skype support and convinced them they were Nick somehow, then got access to the account and had their fun.


----------



## Marc M. (Jun 25, 2013)

D. Strout said:


> Nick said "social engineering", not "phishing". Maybe they called Skype support and convinced them they were Nick somehow, then got access to the account and had their fun.


*@**D. Strout* I doubt that. I've contacted Skype support before and they won't cooperate. Then again maybe the skid got lucky.


----------



## drmike (Jun 25, 2013)

Marc M. said:


> someone has put allot of effort into this. I wonder what the skid sent Nick by email... to make him "byte" and phish his Skype password.


 

That's a fair question.  I do wonder.

I have disjointed accounts, so cornering me into a click or something like that isn't going to happen.  It's the luxury of not being public person / provider with clear accounts, known emails, etc.

Reminds me of another reason to stop warehousing info online --- especially in email where a treasure trove could be taken and mined.


----------



## Marc M. (Jun 26, 2013)

buffalooed said:


> That's a fair question. I do wonder. I have disjointed accounts, so cornering me into a click or something like that isn't going to happen. It's the luxury of not being public person / provider with clear accounts, known emails, etc. Reminds me of another reason to stop warehousing info online --- especially in email where a treasure trove could be taken and mined.


*@* I have 20+ email accounts and not a single one of them has any relevant or useful information.


----------



## D. Strout (Jun 26, 2013)

I get the feeling Nick won't be divulging the exact nature of the attack. If it was password reuse and he's too ashamed to admit it, that would be a pity. Either way, I have to say I'm losing some confidence in RamNode. Malicious skids shouldn't be having this much success, first against SVM and now against his Skype.


----------



## drmike (Jun 26, 2013)

Marc M. said:


> I have 20+ email accounts and not a single one of them has any relevant or useful information.


 

Impressive.  How do you accomplish such a feat?  There are all these account emails, emails that tend to leak personal info, etc.

I've gone out of my way to self preserve --- but open to other folks ideas.


----------



## Marc M. (Jun 26, 2013)

buffalooed said:


> Impressive. How do you accomplish such a feat? There are all these account emails, emails that tend to leak personal info, etc. I've gone out of my way to self preserve --- but open to other folks ideas.


*@* They're all used for different things, however I don't type up any relevant conversations. I have a phone (or two) if I need to talk to someone about something important, and if I want to, I can also scramble the conversation. You can never be to careful... Oh, and I don't click, not even open, emails that I have no clue where they are coming from. They go to /dev/null so to speak.


----------



## manacit (Jun 26, 2013)

D. Strout said:


> Or maybe he didn't actually piss off anyone, they just felt like framing him for the lulz.


I'm guessing it's this, I don't think Robert is quite that daft.

Whoever it is really knows how to push everyone's buttons though, it's starting to get pretty damn annoying..


----------



## Marc M. (Jun 26, 2013)

manacit said:


> I'm guessing it's this, I don't think Robert is quite that daft. Whoever it is really knows how to push everyone's buttons though, it's starting to get pretty damn annoying..


Whoever it is, it's not the kind of person that you want to mess with :unsure:


----------



## JDiggity (Jun 27, 2013)

I believe it is probably JohnnyDbag


----------



## scv (Jun 27, 2013)

Francisco said:


> They're connecting from 168.63.55.14, which is a microsoft owned IP.
> 
> 
> Francisco


Microsoft introduced media proxy to Skype as an optional setting, so no more direct P2P calling. This is probably just a skype proxy server.


----------



## Steven F (Jun 27, 2013)

While I cannot comment on Nick's password habits, please remember that it is possible he uses the same password for another service. Meaning the "hacker" used social engineering to acquire (this scenario is 100% made up) his Linked In password, which Nick also uses for Skype.


----------



## Leyton (Jun 27, 2013)

scv said:


> Microsoft introduced media proxy to Skype as an optional setting, so no more direct P2P calling. This is probably just a skype proxy server.


Learn something new every day...


----------



## ErrantWeb-Travis (Jun 28, 2013)

Leyton said:


> Microsoft introduced media proxy to Skype as an optional setting, so no more direct P2P calling. This is probably just a skype proxy server.


Well at least they finally added a feature that's useful after their acquisition.


----------



## Tux (Jun 28, 2013)

D. Strout said:


> I get the feeling Nick won't be divulging the exact nature of the attack. If it was password reuse and he's too ashamed to admit it, that would be a pity. Either way, I have to say I'm losing some confidence in RamNode. Malicious skids shouldn't be having this much success, first against SVM and now against his Skype.


I know.

If this happens again, I guess I'm looking at Linode.


----------



## JDiggity (Jun 28, 2013)

Tux said:


> I know.
> 
> If this happens again, I guess I'm looking at Linode.


You realize that Linode got hacked a few years ago and everyones credit card details, passwords and emails were released?

They got hit in the hyperVM hack.  Please realize this before using Linode as if they are the only secure provider.


----------



## kaniini (Jun 28, 2013)

24khost said:


> You realize that Linode got hacked a few years ago and everyones credit card details, passwords and emails were released?
> 
> They got hit in the hyperVM hack.  Please realize this before using Linode as if they are the only secure provider.


Uhh, Linode has never ever run HyperVM.  But, they _did_ recently get hacked and then lied about the nature and severity of the hack, having to backtrack.

By the way, the same guy owning Nick_A is probably the same guy who owned Linode back in April.  At least, this is what he has alluded to in IRC.


----------



## JDiggity (Jun 28, 2013)

Your right sorry VAserve was the one who got hacked with hypervm.  Again another really large vps provider.  And linode just a few weeks ago.


----------



## Aldryic C'boas (Jun 28, 2013)

kaniini said:


> At least, this is what he has alluded to in IRC.


You are aware that these kids in IRC are either 1) fed plants/informants (1 confirmed), 2) scriptware kiddies, or 3) trolls; with 2 and 3 simply taking advantage of the situation to claim credit for someone else's work?   Even on the REMOTE chance that one of them did the actual damage, it was thanks to Clarke already uploading the rootkit for them.  And I'd sooner believe that I nailed RamNode in my sleep than I'd believe anyone in #vpsb was the guy from localhost.re.


----------



## kaniini (Jun 28, 2013)

Aldryic C said:


> You are aware that these kids in IRC are either 1) fed plants/informants (1 confirmed), 2) scriptware kiddies, or 3) trolls; with 2 and 3 simply taking advantage of the situation to claim credit for someone else's work?   Even on the REMOTE chance that one of them did the actual damage, it was thanks to Clarke already uploading the rootkit for them.  And I'd sooner believe that I nailed RamNode in my sleep than I'd believe anyone in #vpsb was the guy from localhost.re.


Good point.  My point however, was that Clarke probably did get joejobbed partially on that one, and on the Skype hack.


----------

