Very recently, our community was attacked.
An individual recently blackmailed myself, attempting to get money from me. I don't know why I was targeted, or if I was a random target of opportunity. The initial message is copied below:
It is true that I bought and sold bitcoin years back, but that money is loooong gone. There's only two ways they could have known this information. 1. They've been in the community for a long time, or 2. They had access to my information and computers for a long time, and uncovered that transaction history.
However, the claim that I made a lot of money through rmog.us, is false. I don't make a dime. In fact, I've put in thousands of dollars over the years to pay for everything, but very recently, I simply couldn't afford to do so any more, nor was it something I that was financially smart for me to do. Every donation that comes to revo, goes to it's own paypal account, which is obviously only used for costs for the community.
As you can see, the individual threatens to expose pictures and personal/compromise information. And yes, they did attach pictures of myself, and nudes (we're adults here right?). However, these pictures were very old, and I believe they were on the computer I believe was compromised, because i didn't even know those pictures still existed.
I was at work when I saw the email, and I then immediately notified my staff to assume all my accounts to be compromised, and to act accordingly, which, they already knew what to do. I also then started receiving messages from various people stating the website had been hacked. The individual had defaced the website, with the following text:
Shortly after, I received another email (in reference to telling my staff to assume I was fully compromised):
Shortly after that email, the now defaced forms received some updated code:
Around the time this was posted, the individual had begun deleting everything. The server files, the game database, and I believe the forum database. It is not my belief that they ever had any intention to return the files.
I immediately told my boss what was going on, then I went to the FBI with some preliminary information. I bought a burner phone as well, and used it to communicate with my staff and the FBI until my phone was verified clean. After sitting down with the FBI for a couple hours, I returned home, and shut down internet access to every server. I started locking them down, and regained control of the servers (the individual had changed my passwords to some servers, or just prevented the servers from booting at all. At this point, staff notified everyone in discord of the information that we were sharing with the public, and to immediately change ALL passwords to every account they own as a precaution. Fast forward to the next day, I have my computer secured, and get to work. I let the community know that the FBI was involved, and to avoid antagonizing the individual, and that there should be no discussion of attacking back, as that would only make things worse for everyone, and that's nots not something we encourage here. I later received this email from the individual:
I'm unaware of what videos they are referring to by the last line. I assume other personal videos? But I'm not entirely sure.
Three hours later, I received this email:
At this point, and still to this day, I haven't responded to a single email from this person, however, the last two emails do tell me he was knowledge of who I am talking to, which, is easily doable, since I had been talking about the situation on public mediums. Nor have I sent any money.
Fast forward to today.
I've recovered numerous logs from our various servers, linking some IP's the suspect had used. This, and other information about the individual, has been shared with the FBI. I also obtained logs showing that tables in our databases were being dropped, around the time I suspected. So how did all this happen?
Sadly, I can't get into too much detail about that, and i won't be able to for a long time due to the investigation. What I can say, is that I believe that had obtained access to my computer, and my passwords for all the servers. This is why they were able to log into any server they wanted, under my name, and do what they wish. I do believe I know how they got access, but that can't be shared at this time either.
For now, all existing servers that were attacked, and other servers that we were using for other purposes have been quarantined. Logs and files relevant to the investigation have been prepared and handed over to the FBI, as well as snapshots of the server that they will be able to comb through as well in case I missed something. I've deleted those servers now, and started new ones, while also (eventually) reducing our costs. I've changed my passwords everywhere they've been used. I've also enabled 2FA where possible, as well as some other security measures I won't be going into. I'm currently in the process of setting up a backup server on site, an off-site backup server, and a off-site cold storage backup server, for all of our databases, as well as necessary files and information. Again, there are some other security measures that have, or will be put in place to help prevent this attack in the future, but I won't be revealing them here.
So where are we now?
Unfortunately, wiped. We do have some information from the forums and other backups, but it would take far too long to comb through and vet all the data to make sure it was safe to be used. So, everything has been wiped: forums, game db, and forums. We MIGHT restore the forum database, but it will remain like it does now if we do.
I'm very sorry. It was my responsibility to safeguard the data and access to all of our servers, and somewhere along the way, I failed. That's on me, and I'm sorry that my lack of self discipline resulted in our community suffering this attack, and being unable to play. I understand that it is a game, but it is a community I started years ago, something I've tried to make better and better for a while now, so an attack that brings us down this far, is personal for me, because to me, I failed everyone here. And so again, for that, I am sorry.
(please keep this topic free of any remarks about the individual, it doesn't do any good, and it will be hidden. Additionally, I will not be answer any further security questions, as I've already stated everything I will about it here.)