Thanks! Case inverted makes sense. They can invert the case before hashing and submitting. If any of the four hashes match the stored hash, they get in.
How can they get away with not storing at least a second hash? I don't see how an all-caps password can be matched to an any cased password, unless you only store the hash to the all-caps password.