Clickable Culture   Official Research Blog of Phantom Compass
  ‘Second Life’ Hacked [Updated]  
Posted 2005-07-18 by Tony Walsh
Virtual world Second Life, which facilitates user-created property and business-transactions, has become the victim of a client-side exploit, but an emergency patch has already been deployed by developers Linden Lab. The company will perform an internal post-mortem on the hack attack before making an official statement.

Credible rumours suggest that a modified Second Life client was hacked to allow "god mode" privleges, whereby money could be created out of thin air and property stolen. One resident said that "a bunch" of normally-obscured, user-created executable scripts were copied, and it is rumoured that a popular in-world gun was copied. In-world retailer Gigas Group reports that some of their obsolete scripts were copied. Another virtual-goods retailer, SL Exchange, was slightly compromised, but the firm's operator said that no problems were caused. Other firms, products and scripts rumoured to be on the loose include SLboutique (old vendor code), Nexcom, Cubey Terra's flight code, Scan Foo, and the Ginko ATM.

The Gaming Open Market, which is a commodities exchange dealing in Linden Dollars (play-money) and US dollars, was not affected by the client hack due to the GOM's server-side security measures. The GOM is a popular way for Second Life residents to "cash out" of the virtual world, and has traded over two million US dollars since opening.

[Last update: 19/07/2005, 10:16am Eastern]
  ... share via email digg bloglines fark reddit newsvine simpy blogmarks magnolia  
Comment posted by Titus
July 19, 2005 @ 3:50 pm

Apparently this hack spread among the SomethingAwful SL community as well, resulting in the banning of the group's largest landowner, along with a number of other, less pivotal members.

Here's a post by the land baron:
k\o\w (Lu Lulu, Plastic Duck) got a hold of a hacked Second Life client that circumvented no-modify permissions on scripts and made it possible to copy items out of vendors if you were in the same group. He used it last night to steal and give out free copies of Seburos, and possibly other things. I know he gave out the hacked clients to people inside and outside of W-Hat, but I don't know who, how many people, or when.

Earlier today the hacked clients and several stolen scripts were posted in the main Second Life IRC channel and possibly elsewhere. I don't know if k\o\w himself is directly responsible, but even if he's not, he gave the clients to whoever is. The scripts were for many popular products, including the Seburo, ROAM, SL Exchange Terminal, Gigas servers, Ginko ATMs, and several others.

Lucid Dream (Disco Duck, Locke Angelus, Carlos Benton) stole L$180k from someone using this exploit, and may have helped with the Seburo and other thefts. I don't know if anyone else did anything.

The priority update today was to fix this exploit, and that is what all the ejections were about.

Shortly afterwards, k\o\w responds:
I am a total shithead for doing what I did today and I never expected that the people I gave the hacked client to would leak it publically like that in IRC. So much drama happened today that I wish I could undo but I can't. I want to apologize to the people I lied to and betrayed, and anyone else upset by my actions. I know I can't undo what has been done so I'd like to make everyone feel comfortable with the fact that I promise to never return to Second Life.

I seem to have some kind of problem with wanting to cause drama and have done worst things in the past that I am not proud of. I've lost many friends over this and my past actions and it really hurts me a lot. I just wish I had more common sense and thought about my actions before doing things.

I hope no more innocent people get banned or screwed over because of me and I really do wish this never happened.

In a later post, he adds the following:
The thing is, I didn't even make this hacked client. I just showed interest when I heard that someone did and asked for a copy. I then proceeded to give it to a bunch of people over AIM who I knew would like to play with it.

I guess you probably shouldn't give me sharp objects or something.

So that's that. I'm very tempted to log on and inspect the fallout.
Comment posted by Tony Walsh
July 19, 2005 @ 5:31 pm
Wow. That's some crazy stuff. Hacked client on the loose. Mayhem results. I'm glad the damage wasn't more severe, but L$180 is a lot of in-world cash. Yowch!

Thanks for the tip!
[ Detailed Search ]
Clickable Conversation
on 4159 entries

Dinozoiks wrote:
Wow! Thanks for that Tony. Just posted a bunch of other tips here... Hope it helps someone... Dino...
in Dino Burbidge's '10 Things To Remember When Designing For Kids Online'

yes, many of the free little games are crappy. but as an artist who has recently published free content on the itunes app store,…
in Free iPhone Games Are Awful: Strategy?

I vote for popup radial menus. Highlight a bit of text, the push and hold, Sims-style radial menu pops up with Copy, Paste, etc....
in More iPhone Gestures, Please

Hey Tony! A client of mine is looking to hire an internal Flash game dev team to build at a really cool Flash CCG…
in Dipping Into Toronto's Flash Pool

Yeah, there's a lot of weird common sense things I've noticed they've just omitted from the design. No idea why though....
in More iPhone Gestures, Please

It also bears noting there's no mechanism right now for a developer to offer a free trial for the iPhone; the App Store isn't…
in Free iPhone Games Are Awful: Strategy?

@GeorgeR: It's on my shopping list :) I've heard good things about it as well. And Cro Mag Rally. @andrhia: meh, I don't know…
in Free iPhone Games Are Awful: Strategy? get what you pay for, you know? I actually bought Trism based on early buzz, and it's truly a novel mechanic. I've been…
in Free iPhone Games Are Awful: Strategy?

The only one I've heard good things about is Super Monkey Ball. Have you given that a whirl yet?...
in Free iPhone Games Are Awful: Strategy?

Advance warning: this frivolent comment is NOT RELATED or even worth your time ... But whenever i hear "Collada", i think of that SCTV…
in Electric Sheep Builds Its Own Flock

Clickable Culture Feeds:

RSS 2.0 ATOM 1.0 ALL



Clickable Culture
Copyright (c)1999-2007 in whole or in part Tony Walsh.

Trademarks and copyrights on this page are owned by their respective owners. Comments owned by the Poster. Shop as usual, and avoid panic buying.