Nora 00005 nora-00005@intergov.org http://scamwatch.com ----------------------- Professional Web Site Submission to over 1000+ with report $19.00 http://nortech-cs.com/ibiz/ibiz.shtml ----------------------- Sailirc Server http://sailirc.com Dns 4.4.153.237 Ports 6660-6669 Rooms #Nortech & #sail-usa & #Chat ----- Original Message ----- From: Director International Web Police To: All Fellow Officers (fellow-officers@intergov.org) Cc: All Web Police Staff Sent: Wednesday, May 05, 2004 10:48 PM Subject: [Fellow-officers] Important Message! _____ Dear Fellow Staff, Below you will find the answer to many of your questions about recent events. Also, those of you who actually work in investigating crimes will learn the appropriate format and required information that should be in every case you investigate. The below is the results of only 45 minutes of work, it could have been more detailed and contained more information had I chose to do so. I do hope this will answer some of your questions and also provide investigating officers with guidelines for reporting crimes to the authorities, they need complete information. Respectfully, Peter Hampton Director@Web-Police.org http://www.Web-Police.org _____ Report of illegal activities Formal Complaint Subject: Andre Riis Item 1. Hacking of server located at 204.200.195.78 (hosted by NTT Verio) Subject illegally accessed server files and disabled and/or shut down various functions which endangered the lives and safety of Internet users. Item 2. Denial of service (DOS) attack on POP/SMTP server at above address. Subject created a spam BOT that transmitted 5,000 e-mails an hour to 117 members of our staff which prevented them from providing public safety services to the community. Item 3. Disabling of Private Chat Room facilities at the above address Subject disabled the IRC chat server that allows us to provide emergency services to the public. Item 4. Subject transmitted threatening messages through email, IM's, PM's and other medium's to our staff and other members of the community --------------------------------------------------------------------------- A thorough investigation performed by NTT Verio, Web Police Investigators and local authorities has determined the following: Primary attack launched from: 207.44.164.11 Additional IP / Proxy addresses Involved in the attack: 207.44.164.11 213.142.81.188 213.142.64.157 213.142.64.158 213.142.64.159 213.142.76.92 80.202.130.24 62.79.79.115 212.54.64.159 206.156.87.27 ----- Information on 207.44.164.11: Administrator: Name: Terji Andre Riis Address: Krokoddveien 18 and 16 City: Royken Province: BU Country: Norway Postcode: 3440 Telephone: 47 98 05 30 16 (Translation) Krokoddveien 16, 3440 Royken Telefon: 31 28 51 66 Telefaks: 31 28 74 61 Telefon montor bll: 98 05 30 16 Org.nr.: 975 966 384 MVA E-mail Addresses: salg@warter-markiser.com andre-riis@web-politi.no terje_riis@hotmail.com andre-riis@igseconline.com andre-00964@intergov.org andre@warter-markiser.com Also uses the following address aliases: (dating from November 25, 1999 to date) Vammabakken 52 Musseronstien 7d Vipavadee Rungsit rd Skegsmogt 53 (Cities) Askim Royken Kristiansand Bangkok Ostfold (Phones) 53016 882772 92069871 4798053016 2967926 262700 Known Web Site Urls: http://www.igseconline.com/ http://www.warter-markiser.com/ http://www.web-politi.no/ (removed) ---------------------------------------------------------------------------- ----------- Domain Name: IGSECONLINE.COM Registrar: ONLINENIC, INC. Whois Server: whois.OnlineNIC.com Referral URL: http://www.OnlineNIC.com Name Server: NS3.MAXIPOINTSERVERS.COM Name Server: NS4.MAXIPOINTSERVERS.COM Status: ACTIVE Updated Date: 01-jul-2003 Creation Date: 01-jul-2003 Expiration Date: 01-jul-2004 Registrant: igseconline.com andre@warter-markiser.com +4798053016 NA Krokoddveien 18 Royken,BU,Norway 3440 Domain Name:igseconline.com Record last updated at 2003-07-02 03:51:29 Record created on 2003/7/2 Record expired on 2004/7/2 Domain servers in listed order: ns3.maxipointservers.com ns4.maxipointservers.com Administrator: Name: Andre Riis Mail: andre@warter-markiser.com tel: +4798053016 Org: NA address: Krokoddveien 18 city: Royken ,province: BU ,country: Norway postcode: 3440 Technical Contactor: name: Andre Riis mail: andre@warter-markiser.com tel: +4798053016 org: NA address: Krokoddveien 18 city: Royken ,province: BU ,country: Norway postcode: 3440 Billing Contactor: name: Andre Riis mail: andre@warter-markiser.com tel: +4798053016 org: NA address: Krokoddveien 18 city: Royken ,province: BU ,country: Norway postcode: 3440 Registration Service Provider: name: Domain Registration Philippines tel: +6.32421-3851 fax: +6.32421-3872 web:http://www.domainphil.com DNS Records for igseconline.com: query from dns.consumer.net to get an authoritative nameserver NameServer used for query: ns4.maxipointservers.com Answer records igseconline.com 1 NS ns3.maxipointservers.com 28716s igseconline.com 1 NS ns4.maxipointservers.com 28716s Authority records Additional records ns3.maxipointservers.com 1 A 207.44.164.171 172716s ns4.maxipointservers.com 1 A 207.44.164.172 172716s DNS Records for igseconline.com query from dns.consumer.net to get an authoritative nameserver NameServer used for query: ns4.maxipointservers.com Answer records igseconline.com 1 NS ns3.maxipointservers.com 28716s igseconline.com 1 NS ns4.maxipointservers.com 28716s Authority records Additional records ns3.maxipointservers.com 1 A 207.44.164.171 172716s ns4.maxipointservers.com 1 A 207.44.164.172 172716s Additional Details: * On May 3, 2004, Mr. Andre Riis was terminated from our organization for misconduct. * Within hours of his termination, he began threatening our staff officers. * He openly stated that he was about to close our chat room facilities and began a "countdown". * When his countdown was completed, our chat servers were disabled. * Shortly thereafter, our staff began experiencing a mass email flood of 5,000 messages per hour. * Our email accounts were flooded to capacity causing our disk space quota to be exceeded. * We contacted our Web Host tech support at NTT Verio. They observed incoming messages arriving at 50 per second. * Verio Techs were able to pinpoint the location of the attacks and banned the IP address. * Soon after, a new wave of attacks were launched from new IP addresses and proxies. * We have taken every possible precaution but the attacks still continue today (3 days after they began.) * We will take any steps necessary to end these vicious attacks and are in the process of filing criminal charges against Mr. Riis and all others involved in his illegal activities. We ask your assistance in terminating this subjects activities. ---------------------------------------------------------------------------- ----------------- Personal Information on Mr Riis: 2000-2001 Mahidol University Bangkok,Thailand Programming School System for administrative routines Hotel system for use in education Internal Network Security 1997-2000 Norsk Hydro Oslo, Norway Consultans Novell 4.11 Intranett Installation on Compaq servers World Wide Lotus Notes server installation. Win 95,NT Server and workstations IBM AS 400 Network Administrator Norsk Hydro Sites and Assessment(budgetting) Colombia,Canada,Usa Installation of novell,Lotus product in Colombia,Canada,Usa,Denmark Bridge software installation and development Security for Hydro sites and computer security Installation of Novell 4.11 up to 2.500 users Hydro Network management team in Norsk Hydro for 27.500 users on Novell 4.11 Installation of Cisco routers on Hydro Sites World Wide 1997-1997 Merkantil Data,Manpower AS Oslo,NorwaySenior Computer Technicians Error correction and improvement on computers and equipment Novell 3.11/4.11 Installation and Support Service and support on Compaq computers SOS Network cabling Network Manager and Computer Teacher Service and consultans on Lantastic network Teaching computer languages in High School Voice Mail Management and Development (800 Systems) Different communications software Security companys Norway,Denmark PABX Management and Installation CNE Certified Novell Engineer Participating in Swedish Open 1989, Stocholm, Sweden. (World Competition contest) ---------------------------------------------------------------------------- ------------------ abuse@maxipointservers.com info@tiscali.com info@imagebuilding.it 1christiansen@dk.tiscali.com ir@tiscali.com abuse@tiscali.com tsoerensen@dk.tiscali.com netguard@nacamar.net abuse@ev1.net _____ _______________________________________________ Fellow-officers mailing list Fellow-officers@igwpnet.securesites.net http://igwpnet.securesites.net/mailman/listinfo/fellow-officers