Extra!!: Philip Calls the FBI. W-Hats Shit Themselves
by Alphaville Herald on 14/12/05 at 9:47 pm
by Dow Jonas
Philip Rosedale, CEO of Linden Lab, announced at a resident virtual winter holiday party in Second Life’s Wengen today that he is turning to real-world authorities to investigate Monday’s deliberate crashing of his virtual world’s grid.
When the party was bombed today by a griefer with pixelated C-4, Rosedale, whose avatar is Philip Linden, was bumped around the sim. The overcrowded Linden-run sims appeared to be a prime target for an attack during the season’s top event.
Bedecked in a red Santa’s cap and blue shirt, the Monetarized Socializing Platform Mogul danced around a roaring bonfire set for the occasion and said, “This seems about a good a time as any to tell you that I am turning over names to the FBI.”
Linden said that he viewed Monday’s grid crash like any denial-of-service attack on an Internet web page.
The CEO’s announcement was greeted with cheers by residents toasting marshmallows around the virtual fire.
Asked by a reporter to clarify what kind of prosecution he might seek, Linden said, “Yes, we will turn over data to the FBI. That is what we are doing. Already in progress.”
Hastening away to a real-life party with investors, Philip Linden declined to comment on queries about whether the 14-day suspension handed out to an unnamed resident for a “global attack” reported on the Police Blotter this week was related to the grid crash, or whether it was the limit of Linden Lab’s actions.
He did not name the attackers nor specify whether they were related to members of W-Hat responsible for 2 other global attacks this year.
jauani
Dec 15th, 2005
NICE!
Bob the Tomato
Dec 15th, 2005
So far I’ve not been online when one of these morons has dropped a bomb…. but it’s good to see that serious action is planned to get these morons out of the way.
Pity that we can’t put a limit on the LSL command that triggers these things without affecting legitimate use. Surely though self replication of an item is not something that’s overly useful for most situations?
Bob
TrannyPet Barmy
Dec 15th, 2005
This should be interesting.
Now we’ll find out for sure what is and isnt against the law.
Sorry to tell you this folks, but, i really hope that the FBI come back to LindenLab and say “unfortunately, since you’re LSL language allows for this, the ‘exploiters’ are breaking no law”, damn wouldnt that put out the message, “come on in and find our scripting exploits”, i would so love to see this backfire in their faces. In my eyes that would be JUSTICE done, in return for all the mis-treatings, and injustices that LL have done many folks over the last few years.
Perhaps the FBI should be pointed towards a few of LindenLab’s corrupt staff to Phil ?
*fingers crossed*
TrannyPet Barmy
The REAL ONE
toy
Dec 15th, 2005
Sorry but the FBI wouldnt say that to LL. It would be like the FBI going to the family of a kidnapped child and saying “Unfortunately since you allowed your child to walk home from school alone the kidnappers are breaking no law.”
urizenus sklar
Dec 15th, 2005
Yeah, agree with Toy. Imagine if the cops said “gee you made your windows out of *glass* — you were just asking for someone to break in and trash your house.”
Fallen Hasp
Dec 15th, 2005
Well I agree with Tranny. But i dont see how changing the code makes a difference. Theyll only find other ways to terrorize you. I dont understand why LL doesnt ban their accounts. Unless they are using someone else’s credit cards to create accounts it shouldnt be a problem. This seem like a waste of tax dollars. Why does LL expect the government to clean up their mess. Enforce your god damn ToS.
Raymond Polonsky
Dec 15th, 2005
I have to agree with Toy on this one. Most programming languages have holes, exploits, etc and that is unfortunantly inevitable. Anyone who thinks otherwise is a fool. That does not mean the maker of the software is responsible for the misuse of their product. It’s sort of like the gun industry. Sure they craft fine weaponry that can kill people, but it takes a human to shoot a human. Is that the gun manufacturer’s fault becuase their product has the ability to do that? If that was the case all the gun lawsuits you see would be won by the consumers and not the gun industry.
Raymond Polonsky
Polonsky & Churchill
Second Life In-Game Lawyers
Bashkit
Dec 15th, 2005
Good comments and I am pulled by both sides. In my limited legal knowledge, I think it will all come down to the licensing aggreement with the users of the program and whether it states that use of scripting language with deliberate malicious intent (which must be proven) will result in the following consequences, etc., etc. I do not know enough about what the attack actually did, but if viewed as a DoS attack by the FBI real consequences could ensue.
Eamonn Soothsayer
Dec 15th, 2005
/me contemplates forming an SL anti-terrorist squad
Required
Dec 15th, 2005
The analogies have started, it’s all going to hell now.
TrannyPet Barmy
Dec 15th, 2005
Ok, i can see where you’re coming from, however, like the other thread containing a similar converation where alot of folks mistake what *should* be law according to morals and what actually *is* the law, this time we are not comparing contextually similar aspects of the law.
You are comparing my comments to different areas of law(the houses made of glass one, would be covered by “break and entry”, physically gaining access to somewhere by force/vandalism). Here we are discussing what you are supposing is “computer misuse”, which, in most countries is covered by a CMA(Computer Misuse Act) section of law. Now, i’m i can’t say i know the US’s CMA, however, i can vouch to know the UK CMA, which is probably not to disimilar to the US’s. A copy of it can be found at the following link :-
http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_2.htm#mdiv3
The section you need to read that comes even close to what you are supposing to be misuse is section #3, “Unauthorised modification of computer material.”, with the application of subsection #2, any of the sub clauses.
After reading that you probably think you’d have a good case, since the supposed offence does impair the use of the program. However, i can think of at least 2 reasons that this case would simply die a death taken to any UK court of law :-
A) Unless the actual machine running the scripts(ie; the server side game engine) is caused to halt or screw up in some way, then the actual program that has had the data modified(via scripting, ie; had many objects added), hasnt been impaired. I have this feeling what actually happens is clients are unable to handle the graphics resource required to render the amount of objects, and therefore, its only the clients that are impaired, not the server it’s self.
B) Even if you disagree with the above point (A), you can’t really argue with this. If you read *any* of the 3 types of offence covered in the UK CMA, the word “unauthorised” is mentioned. The very fact that these scripts were written with out anything more than a totally bulk standard SecondLife client, with nothing more than a bulk standard account, implies that nothing *unauthorised* was done. The client and LSL compiler allowed the script to be written, no body would have had to have made any changes to the client to get the compiler to allow their script to compile, if you like, nobody had to hack anything in order to as they have done. Since they logged in, and used nothing untoward, they have done *nothing* that could be classed as *UNAUTHORISED*(so in actual fact not one of the 3 offences would be applicable, since all stipulate ‘unauthorised’) If any of these exploits had required the God Hack to execute, then, there may have been a case, but, since this can all be acheived via normal scripts, no case.
Following on from point (B), i go back to my original premise, and if you keep it in the context of a CMA, the fact that the LSL language, and client’s interface to writing scripts in, *ALLOW* you to write such scripts, then the fault is on the part of LindenLab, there is no unfallible case against any one with regards to doing anything *unauthorised*, as mentioned in all offences in the CMA mentioned. LindenLab’s compiler *allowed* them to compile those scripts and execute them.
You could even try and claim some form of “criminal damage”, but read the CMA again, even thats covered, unless the machine is actually *physically* damaged in some way, there is no case.
So, i stick to what i say, LindenLab are wasting their time looking to the law over this, and need to modify their game engine if they want to prevent this happening(and as some one else said, stop investing time/money/resource in a useless Abuse Report System that is removing innocents from the game !!), damn i even told them how to do it in previous posts, it’s not hard, if they have the source code.
Conversely, as mentioned before, all of those who are making any ‘loss’ out of this, may want to have a look at Negligence laws
LindenLab may also be best advised to do so also.
Like i said though, *IF* LindenLab have made contact with the FBI, we shall hopefull see the outcome shortly, and we’ll then know who is right or wrong.
Cheers
TrannyPet Barmy
The REAL ONE
Aliasi Stonebender
Dec 15th, 2005
Code != Law, Tranny.
I can write any kind of exploit or hack I like using C++ to run on your computer. The FBI will still frown on me actually breaking the law with it.
LSL allows for some things that can be bad because, used correctly, they can enable useful things. The responsibility to not use them incorrectly is on YOU, not them.
TrannyPet Barmy
Dec 15th, 2005
………. and the Law is there to guide what is construed as illegal, as already pointed out to you.
“Code != Law” in this case i disagree, the CMA for the UK quite explicity states “UNAUTHORISED”, so if you like :-
if ( writingAScriptThroughStandardClientAndAccount == UNAUTHORISED )
{
// an offence has been committed, code consequence here
...
// unfortunately this block of code will never execute, since writing scripts through conventional accounts/clients is not unauthorised.
}
else
{
// do something to signify no offence
System.out.println("No Offence Committed");
}
Again i say you are confusing, morals and what *should* be the law, with, and what *really is* the law.
TrannyPet Barmy
The REAL ONE
TrannyPet Barmy
Dec 15th, 2005
on top of which
“I can write any kind of exploit or hack i like in C++ to run on your computer” – Oh ? How so ? Do you have access to my machine ? No, you don’t, and if you did access it, then you *WOULD* be committing an offence, since it would be unauthorised with out my permission. Conversely, those writing malicious scripts in SL do have legal authorised access, unless of course, they have been perm banned. (ie; Being perm banned, if i was to log in and act as those doing these things have, i would be committing an offence, although that could be arguable based upon LindenLab’s addressing of people with in game, in the outside world, by their character’s name. It could be argued that it’s the persona that has been perm banned and not the person driving the persona. ie; when LindenLab’s perm ban some one they dont write to you and say Mr Real Name, they address the email to your characters name. – another can of worms all togethor)
Like i said, you’re not comparing like with like, you’re now comparing writing a C++ program on your machine, and then some how getting it on my machine to run, through unauthorised access.
The *FACT* of this is, no one has prevented these scripts from running, and no one has created these scripts with out standard accounts/clients/access. *NOTHING* unauthorised has happened, and since all the CMA offences relate to *UNAUTHORISED* acts, nothing is applicable in this case.
*IF* LindenLabs had disabled the portions of code that i suggested from the LSL language, and some one then managed to find a hack that re-enabled them, then the acts would be unauthorised, they wouldnt be acting with in the context of the client software.
*IF* the perpertrators has use the God Access hack in order to create the havoc they have, then this would be unauthorised, and there would be a case.
I really dont understand the problem that some seem to have in grasping this concept :-
a) The law(UK Law any way, but more than likely very similar to the US as regards the CMA) sets 3 offences regarding computer misuse
b) all 3 stipulate unauthorised acts,
c) *NOTHING* unauthorised has occurred with regard to this supposed misuse,
d) therefore there is no case.
It’s really not that tricky.
TrannyPet Barmy
The REAL ONE
Disillusioned Player
Dec 15th, 2005
I can’t believe this.
What jurisdiction does the FBI have in a Virtual World? I mean talk about breaking the metaphor. And if the FBI does start getting involved that just means that all the SL attacks will come from outside the US. This is stupid.
Fix the server, so this doesn’t happen. Better yet, develop countermeasures that don’t involve whining to your Mommy when things don’t go your way.
If the SL developers plan to have their virtual world artificially bound by real-world restrictions, I’ll stick with Meatspace; I’ll go virtual when the real-world opressions are gone.
Prokofy Neva
Dec 15th, 2005
I don’t agree with Aliasi that Code=Law. This is one of the most hideous concepts the tekkie-wiki has ever produced. It’s this narrow concept, insufficient for law even as it forces “law” through incompletely means, that is responsible for a lot of major ills in the virtual world.
Let’s get away from the tekkie-wiki parsing stuff for a minute.
It’s called “Denial of Service Attack,” correct? That means, the thingie that they did with the thingies — whatever they are caused a social phenomenon called DENIAL OF SERVICE.
Thousands of users were denied service, they couldn’t log on, they lost actual U.S. dollar business. As of course LL itself did, denied the ability to provide its service.
That’s all the FBI will look at, they’ve got ample proof of dark servers during those periods, they’ve got the names and accounts and griefing objects of the people suspected (and with LL’s huge information netting capacity, they can prove the links), and walla, we’re done with this case.
Fallen Hasp
Dec 15th, 2005
“. . stop investing time/money/resource in a useless Abuse Report System that is removing innocents from the game !!”
I cant believe you said that. If they were investing into their Abuse report system in the first place instead of using it for their own purposes we wouldnt be having this discussion right now.
Disillusioned Player
Dec 15th, 2005
One more..
tranny said:
Now we’ll find out for sure what is and isnt against the law.
That’s not quite right. I can’t possibly think of anything that should be “against the law” in a virtual world. Its like a book, being written in real time by many authors. Are there things that are illegal to write about?
Right now nothing is *illegal*.
What we’ll find out is how much the law wants to take from us, and more importantly for the community ,how much LindenLabs is willing to give up (and if they really called the FBI over something as absurd as this, they seem pretty willing and eager to give up the reins).
Sleet Rockwell
Dec 15th, 2005
So far it looks like everyone has a pet analogy, but let’s be honest: none of them are all that apropos of *this* problem, right now.
SL is not a book being written by many authors at the same time; just compare its interface to that of a piece of round-robin Harry Potter slash fanfic and you’ll see the differences
Likewise it is not a house being broken into, or a computer system being hacked, or (although this comes closest) a web site being hacked.
SL is a piece of software that provides certain client-server-based services, and includes an interpreted language. To me, this seems more akin to an operating system – specifically, a poorly-protected time-sharing OS. And who is responsible for protection problems on an OS (hint: it’s not the FBI).
Now, are these griefers or W-hats or whoever causing problems for other users? Yes, of course they are. Are they breaking any laws to do so? That’s a trickier question. Let’s say that, by adding a few characters to the end of a cgi invocation on a website, you can access information that you probably shouldn’t have access to; I believe an East Coast university ran into this problem. According to the current laws, if you access a portion of a website that you are not explicitly given access to, you can be charged with bypassing security or ‘attacking’ the website – even if you were just looking at your own information! On the other hand, if in the course of using a website correctly you should, say, launch a cgi script that crashes the server and deletes everyone’s accounts, are you at fault? What about if you _knew_ the effects and purposefully did it over and over? Whose responsibility is it, the website host’s, or that of the person cackling madly as they bring the host server to its knees over and over?
But I digress. More than a website, SL really resembles an OS without proper security: presentation is completely controlled by the system, users *must* log in to access any of the locally-controlled content, and scripts are allowed but access is (somewhat) limited. The W-Hats are, at least currently, being treated as legitimate users, despite the fact that their scripts can bring the whole system down. This isn’t a failing of the law, it’s just bad design combined with ineffective administration.
If Linden Labs had the balls of even a junior Sys-admin, not only would the W-Hats be locked out of the system but embarrassing exerpts of their personal conversations would be posted online, pictures of their avatars in compromising positions would litter the forums, and their e-mail accounts would be listed on every spam site the world around… not saying that this is nice, just that it’s what you can expect from an effective Admin.
On the other hand, if the Lindens had half the chops of a first-year OS engineer, they would have planned for, even expected, scripting exploits, and fortified the system accordingly. Ever wonder why a *nix system doesnt’ go down the first time a user’s application throws an exception and barfs? Or even how exceptions are thrown in the first place? It’s because the system itself is full of safeguards, on top of which sit applications that are themselves full of checks – or should be. A truly robust SL would allow for a limited, and self-adjusting, number of replication scripts but would prevent *any* users from bringing sims down.
Until the W-Hats are banned and start attacking SL from *outside* SL itself they’re not truly doing anything illegal, because they _are_ legitimate users, and have been _given_ the access that allows them to perform these exploits. Let’s place the blame where it truly lies: squarely on the shoulders of Linden Labs’ administrators _and_ programmers. If LL had wanted to make SL secure against this kind of attack, they could have. They wrote the scripting language, they have control of the servers, and they administer the system. Perhaps they felt that they couldn’t _cheaply_ or _easily_ fix the problem without breaking current functionality, but it _could_ be done. In the meantime, the attacks will continue and the FBI will be able to do nothing about them.
TrannyPet Barmy
Dec 15th, 2005
Correct on your point DP of “nothing is illegal in a virtual world”
Although, what i think we’re argueing here, is weather the action of entering a script into the world(ie; you’re in the real world when you’re actually typing in that script) compiling it, and executing it is actually illegal.
I say it isn’t, since nothing has been done with out authorisation(with the exception of any one doing this sort of thing after having been perm banned, although i still say this is somewhat dubious to)
Prokofy, yes it is called a “Denial of Service” attack, correct, however, i think you’ll find that DoS is covered under the CMA, in “the unauthorised change of material with the intent of impairing the operability of the machine”. Denial of Service isn’t actually an offence in it’s self, it is only an offence in that it’s covered under those conditions already mentioned in the CMA.
The key in all of this is the word “UNAUTHORISED”. The fact is, unless those people doing the attacks are doing so with out permission to access SL(ie; they’ve been told they are not welcome, and perm banned), then they are not acting in any unauthorised manner, and therefore, not one of the clauses in the average CMA is going to stick.
Not sure who said about the idea that SL should just fix the LSL language, because even if they get a successful outcome on any case in the US, the attacks would just come from abroad, well, i totally agree with this, but, on top of this, lets face it, all that who ever it is doing this has to do, is get some one else to sign up, log in, give them a script to cut and paste into place, and execute. The fact the new person is new, means they are not unauthorised to access. Besides which, as i’ve said, LindenLab ban people, and address people on their persona’s identity, not the user driving the persona, so there is a HUGE issue there that could cause any case to fall flat on it’s face.
But, at the end of the day, what i totally don’t understand is why LindenLab don’t just fix the LSL language, i should imagine it’s success rate would be comparatively higher than that of any court case. Not to mention cheaper !!
TrannyPet Barmy
The REAL ONE
ps. I LOVE ANSHE
One Song
Dec 15th, 2005
You’re totally right Sleet Rockwell. In addition I don’t think its in LL’s interest to bring the FBI’s attention specially when they are conducting a tone of criminal proceedings themselves with or without realising I’ve spoken to a few “laywers” and such. It’s not looking good for LL let’s just leave it like that, for now.
Can’t wait to hear about what the FBI will do aobut W-hat’s attacks chances are they will laugh their asses off and ask LL not ot call them again.
Mind out, did it ever come across your minds that Philip may just be bluffing? Using the I’m getting in touch with the FBI is a “scarecrow” tactic to indimidate the W-hat/SomethingAwful.com’s Forum Members? I said it ages ago that all this would just be a matter of time, till eonugh script kiddies undersood some basic inner workings of SL along with server side weakness that can be exploited via scripting. Luckely enough, the W-hat have only acquired a small picture of the stuff that can be done to really damage the game, if I were to even give them a couple of pointers or so, they would have enough fire power to last them at least 5 months.
So I’m gonna say this again, you just gotta hope LL realises what position they trully found themselves in as of recent and start driving all their resources to sort our their “unstable” Metaverse.
Or that the W-hat aren’t all that creative/clever.
Keep on hoping.
Fallen Hasp
Dec 15th, 2005
GOD thank you finally a voice of reason!! ( and i never use exclaimation points. that means im really excited) Sleet thank you. Thats exactly what im trying to say.
Prostitution is illegal as well. Are the FBI gonna come in game to deal with that? You cant kill people in real life. Send the FBI over to WOW to arrest the 10 year olds. This is complete bullshit. Only reason authorities should be involved is if banned players are in game causing these attacks and LL doesnt have any other recourse. But unless you can set me straight . . Prok said it herself.
“they’ve got ample proof of dark servers during those periods, they’ve got the names and accounts and griefing objects of the people suspected (and with LL’s huge information netting capacity, they can prove the links)”
So ban them? For the love of Goddess.
Plastic Duck
Dec 15th, 2005
No other company on this earth spends so much damn time trying to please their customers. LL need to stop investing money in liaisons and need to code a game that is stable and lets people resolve their own disputes. Avatar ignore anyone? I mean how hard could it be to implement a function that lets people ignore an avatar completely… their text… objects… script calls from said avatar… and the avatar itself. This would solve 99% of abuse issues and would let them do away with most of their current babysitter staff. LL, you don’t make profit by listening to the sob stories of every single one of your mildly retarded sexual deviant customers.
TrannyPet Barmy
Dec 15th, 2005
“if i were to even give them a couple pointers or so, they would have enough fire power to last them at least 5 months” – LMAO another all talking self-hyping wannabe trying to create a reputation on nothing more than bs in SL then ?
*laughing hard*
TrannyPet Barmy
The REAL ONE
Fallen Hasp
Dec 15th, 2005
Good idea Plastic.
Raymond Polonsky
Dec 15th, 2005
Tranny do you ever consider that you could be wrong? I have seen other posts made by you and you seem to have a know it all attitude when it comes to coding and/or related laws. Not to say you don’t, I don’t know programming hardly at all so please don’t take my comment as a personal attack. Just saying, please be a little more open minded about what you read.
As you state that is the UK CMA you are pointing out. Let’s keep in mind the servers are in the United States which falls under the US’s CMA if one even exists. Sure there are laws in place to prevent this type of computer and Internet misuse, but I don’t believe their is a CMA type of item in place currently. So for you to base your theory/opinions on the UK’s laws is pointless as they are irrelevant to this matter. Even if the attacker is UK based the UK CMA would not apply unless local authorities get involved. It may be harder to catch the person as the FBI has no jurisdiction oversees, but with the UK and US’s cooperation extradiction is easily possible.
I researched the definition of a denial of service attack and how the laws apply. Even if you wish to go my UK CMA it is still unauthorized. The account is authorized yes, the LSL use is authorized yes, but the misuse of the service is not. The only protection from misuse prosecution you may have is with the EULA (End User License Agreement) and the ToS (Terms of Service) which don’t shield you from real life laws in some cases. Here are some of the results of that research:
Result of any action or series of actions that prevents any part of an information system from functioning. http://www.tecrime.com/0gloss.htm
is a hacker attack designed to shut down or overwhelm a system, such as a Web server or authentication server. http://www.dis.wa.gov/portfolio/Definitions.htm
A condition in which a system can no longer respond to normal requests. http://www.wetstonetech.com/page/page/1972572.htm
Here is the definition of it for the UK….
An attack on a network designed to render it – or an Internet resource – unavailable. The target may be an organisation’s e-mail services or its website. http://www.powernet.co.uk/client/general/glossary.shtml
Raymond Polonsky
Polonsky & Churchill
Second Life In-Game Lawyers
TrannyPet Barmy
Dec 15th, 2005
I HAVE THOUGHT OF THE PERFECT SOLUTION !!!!!
Let TrannyPet Barmy back in game, and let him and his chosen one’s police the grid
It’s simple, any one even looks like grief, TrannyPet and The Chosen HOS THE LIVING SHIT OUTTA THE GRIEFERS !!!!
what do you all think ? get me a petition going then
TrannyPet Barmy
The REAL ONE
Raymond Polonsky
Dec 15th, 2005
Oh here is the best resource here I forgot to put . . . . . . . . . .
http://en.wikipedia.org/wiki/Denial_of_Service
Raymond Polonsky
Polonsky & Churchill
Second Life In-Game Lawyers
Tye rebuH
Dec 15th, 2005
Sleet Rockwell can read wow good job repeating people like a broken record. Let me make this into a dick and jane type of story. Watch w-hat pee in weaties. Watch Philip bitch. Bitch Philip does. Phillip bitches at FBI. FBI laughs. Philip won’t make limits. W-Hat laughs.
This message is useless but I want to add more humor to this.
TrannyPet Barmy
Dec 15th, 2005
Raymond, just to add to your link, the Syn and the Smurf attacks are what LindenLab should be protecting themselves against right now.
If the WHat ever figure out how to use these attacks, i would personally predict the end of SL if LindenLab’s have not taken adequate precautions against such attacks.
Btw, these *WOULD* constitute illegal actions, and then the FBI would most definately be able to take action. The only problem being, tracing who had actually instigated the attack. At least whilst it’s scripts running in game, LL know which account it was created by, and from which ip address the account connected from.
The problem, especially with a SYN attack because of how it works, is the instigator’s ip is not on the packets that flood the target system. So even if they did look through their firewall/router logs, they would only see the originating machine addresses for the flooding ip packets, and absolutely no trace of the attack instigator. Then it would be down to the FBI’s discretion as to weather or not the case had enough merit to warrant the expense of backtracking(which could actually be done in a matter of minutes, but beaurocracy would cause cost) Not only that, ip addresses can easily be spoofed at the level that attacks such as SYN floods work form
SL Lovers should keep their fingers crossed that WHats never get the hang of this attack.
TrannyPet Barmy
The REAL ONE
Plastic Duck
Dec 15th, 2005
TrannyPet, you still don’t understand that no one really actually wants to crash the grid. The original griefsphere was designed to be used in a controlled enviroment to annoy the living fuck out of people with huge g-man heads. The balls swarmed avatars and were genuinely made to grief select individual people. The person who made them then wanted to see if he could make them swarm faster by using recursive rezzing and his recursive script was almost a direct copy/paste of an LSL Wiki example. We’re a group of internet comedians. We want to laugh at other peoples expense and make fun of some of the sick fucks that have settled on the internet. Just look at the SA frontpage, ultimately that’s what it is. SL is something awful and I honestly enjoy making fun of some of the creeps I meet there.
I’ve talked to some of the people responsible for grid crashes and all of them did it for the comedy reasons of watching the grid fill up with balls covered in funny textures flying out of control. These people could care less about damaging LL’s business, they just want some quality reactions from people seething at the mouth because they were interrupted mid-coitus with a small furry animal by an angry mob of spinning spheres.
TrannyPet Barmy
Dec 15th, 2005
No Raymond, i don’t consider myself to “know it all” at all, i wish i did. My apologies if my ability to support/reason what i say outweighs yours and in some way you feel threatened or inadequate in your role as “Second Life In-Game Lawyers”
I’m not entirely sure the point your trying to make in pointing out my arguement references and relies upon the UK CMA. I do beleive at the start of my discussing this with the forum that i myself pointed out that this is what i was using as reference. I also pointed out that the UK and US’s laws are similar regarding CMA.
As far as the US not having a CMA, you’re correct in that the US doesn’t have an act entitled Computer Misuse, however, after a little research, the US does have similar :-
http://www.net.ohio-state.edu/security/links/csa-1987.html
Regarding Denial of Service, the maclicious scripts are actually running on one of SL’s servers, not on the user’s machine it’s self. Therefore it follows that in effect, LindenLab’s is attacking it’s self. On top of which, only the source to the script was created by the malicious user, the actual compiled bytecode is LindenLab’s This issue would put a major spanner in any proceedings that look to be taking a successful course, unless of course LindenLab was taking LindenLab to court
Just answer me one thing though, if it’s misuse to compile and execute such scripts then why would LindenLab’s scripting language allow options to be set that allow such scripts to be written ? Not only that, but fully document the options for open use in the LSL documentation ? In answer the question i dont want to hear any of this non logical bs about “just because it’s there doesn’t mean you have to use it” – the simple fact of the matter is that a computer’s program governs what should and shouldn’t be able to happen. LindenLab have allowed for this to happen, and documented how to make it happen, so how any of this can amount to misuse, i dont see. Look, in the LSL Wiki, it even gives you an example script :-
http://secondlife.com/badgeo/wakka.php?wakka=ExampleSelfReplication
damn you’re 75% of the way there already, then all you need to look up is how to set options so that replicating script is able to move outside of the sim !!
IF YOU DONT WANT SOMETHING TO HAPPEN, DONT WRITE CODE THAT ALLOWS IT TO HAPPEN !!! AND CERTAINLY DONT PUBLICISE IT’S POSSIBLE !!!!
If you dont want objects to be able to self replicate across sim boundaries and continue replicating across the next sim boundary and so on and so forth, then don’t allow the scripting language options that allow any scriptor to tell their scripts to do so !!! ITS VERY SIMPLE !!!
Like i said, alot less expensive to just modify the LSL language, instead of trying to go the FBI route, which i’m almost certain is not going to acheive a lot.
As for the only protection you have from misuse prosecution, is, DONT MISUSE THE SYSTEM, and i have this sneaking suspicion that the WHats have done their homework.
TrannyPet Barmy
The REAL ONE.
PS. if you want to add weight to your claims regarding law, it’s best to post links to Law Acts, as opposed to 3rd party sites who are generally publishing *their* interpretation of the law.
Mord
Dec 15th, 2005
Your game company’s CEO is wasting my taxpayer money getting the FBI to investigate non-crimes. He’s asking them to investigate his inability to keep his customers supplied with services because his sandbox allows people to crap in the sandbox, and he can’t provide enough oversight to stop them.
The people who waged these attacks were authorized users of his property. If I give someone the keys to my car, and they wreck it on a telephone pole, do I now get to have the FBI go after them for grand theft auto? No. Its a civil case, and civil damages, and it should be pursued solely at his expense, not on the Federal dime.
Frankly, I hope this comes back to bit him in the ass. The victim mentality of people who can’t predict griefing when they open their computers to the world boggles the mind.
Fallen Hasp
Dec 15th, 2005
Well thats what makes you an online sociopath, Plastic, along with w-hats and other griefers online. You think you have the right to attack people for your own amusement. Its doesnt matter what the griefspheres are designed for and ive said so in other posts. Grief is grief whether its a grid attack or one specific individual. If w-hat and others were banned like they shouldve been after LL recieved literally countless abuse reports from individuals complaining about their socipathic behavior then these people wouldnt still be in Second Life to cause grid wide havoc. I did appreciate your ignore avatar idea but it doesnt solve all problems. The same way fixing LSL script language wont solve it. If its true that EULA and ToS may not protect users from misuse prosecution then this speculation is pointless. I dont agree with it but I appreciate knowing i could face legal action for playing a game. I know scripters in world who spend whole days manipulating code. I wonder how they feel about all this.
TrannyPet Barmy
Dec 15th, 2005
Plastic
yeah sure once or twice is funny, and possibly even tolerable to most, the problem is though, that these grid attacks aren’t funny any more, judging by the reaction they’re getting now, they’re just plain annoying to people now, and not acceptable. There’s a kind of unwritten law in comedy, something along the lines of “more than 3 times is no longer funny”
Surely getting the same reaction over and over again can’t be all that much fun either ? Again surely once you’ve seen the reaction the 3rd time, you pretty much know what the next one will be, and the next and so forth ? So whats the point ?
Be creative
Surely there are otherways to get reactions that will be more interesting again ? Be offensive, that normally gets mixed reactions, as you already know. At least doing that there is no question at all over the legality of any activity, and you’re not costing any one cash(virtual or otherwise).
On a side note, yes i was no angel in SL, i still dispute weather i deserved to be perm banned or not, but, at the end of the day anything i did wasn’t costing other’s L$. Normally when i got into a griefing situation it was because the other person was already gobbing off at me, so if they had time to waste doing that, they had time to be getting HoS’d 8 sims away
These sim crashes are a bit shitty really man, after all there’s no denying they ARE costing people L$ in downtime, and for what ? So that those doing it can see the reaction that they already knew they’d see, alot of pissed of people.
Saying all this though, why not make a mark in SL history on the positive side instead of the negative. I tell you something now, my screen name is listed on the SL History Wiki as being the person “who wrote the potentially ToS violating scripts, Hand of Satan and DBomber” and to be totally honest, i rather it was something positive to my name than negative(i’d probably still be in game selling scripted objects for stupid amounts of cash that only took 20 minutes to create to). It’s something that i can always be knocked about, always have blacken my past, as and when any one wants to bring it up. It’s also something that prevents me ever being able to have a stable account in SL now.
Why not do something ultra cool, script something that no one else can or has scripted before ? Something so amazing that you’ll get reaction, but, positive reaction. Damn you’ve read enough and worked out how to replicate accross sim boundaries, so between all you guys that are crashing the grid, you should have a fair bit of knowledge ? Why not get togethor, form a scripting group, and take the place’s sales economy by storm ? Surely you should be able to write some AMAZING stuff.
Reaction is good, positive reaction is the best, going down in history for being the first to do something(of a postive nature) or doing it the best, is even better. Going down in history for being an asshole, a griefer or anything else negative is really not going to help you at all.
TrannyPet Barmy
The REAL ONE
TrannyPet Barmy
Dec 15th, 2005
Fixing the LSL scripting language wont fix it Fallen ?
Hmmm there must be something i’ve missed, please do enlighten me as to how once the flag variables that can currently be set to allow this attack, can no longer be set with any effect, how the replication attacks can continue ?
TrannyPet Barmy
The REAL ONE
Mord
Dec 15th, 2005
Monitor the number of processes spawned by a particular user and limit them to a fixed number that could run concurrently that wouldn’t strain the server. Sure, make a self-replicator, after 10 reps, the oldest process you own gets killed by the OS (and then the user has to chase down his own rogue processes before he can start any new ones, since his 5096 are busily chasing their own tails).
Fallen Hasp
Dec 15th, 2005
No of course it can be fixed Tranny . . short term . . but ive said before that these people didnt start out crashing grids. They started out griefing individual players. Plastic just confirmed that. The grief spheres were meant as an attack against individuals not the entire grid. THAT was just a happy accident at first. When they were not challenged by LL for griefing individuals they probably thought a grid wide attack wouldnt be that much different . . executed over and over . . for a laugh . .same as harrassing individuals . . but on a bigger scale. And why wouldnt they think its acceptable? They will do whatever they can as long as they are not banned. Sooooo it goes without saying that if you took away their ability to execute those scripts they would simply find other ways of harrassing users, either the entire grid or reverting back to griefing individuals as another poster just suggested. Ugh. As if that makes it somehow more acceptable. You cant anticipate all the different ways to attack that grid. Thats all im saying. The problem isnt the language. The problem is the individual who uses the language to create grief. The truth is all of your ideas for minimizing grief and grid attacks are decent. But i dont think changing language alone will solve the problem. Anymore than i think having an ignore avatar option will solve it. And isnt it just like LL to pass the buck, this time to the FBI . . they wanted this growth and now they dont have the ability to handle what theyve created. And if you doubt me remember what i said next time you are locked out of game.
TrannyPet Barmy
Dec 15th, 2005
I’ve suggested that before Mord, but having thought on it some, there is a slight problem with it.
If the system is running on just one machine, or on a small cluster of machines acting as one, where the code simply runs “ps -ef | grep” (or equivalent for querying the system for how many scripts a user is currently running), the solution is fine, as you say the load caused by the operation is low.
The problem is though, that SL’s setup is a large grid of machines, and since we’re talking about checking for the number of ‘processes’ that any user has running, or any object has running, you need to query the whole grid. So think about it, you either have the situation where every scripted objects queries the whole grid every time it tries to replicate, meaning for each scripted rez, an object has to communicate with 160 other sims, now think about that happening for every script rezzing objects, and you have HUGE LOAD, possibly enough to take the grid down alone, OR, you have the situation where you make the central server to the grid keep a track of all ‘processes’ being run by each user/object, which then puts large load on that central server, meaning EVERTHING else that relied on the central server(inventories etc …) would start run DOG SLOW, on top of this, part of the fundamental ideal of a ‘grid’ system, is that as much of the processing in that grid system is distributed accross as many of the machines in the system as it can, relying on the central server for unnessecary operations goes totally against this.
My opinion on this form of fix now is that it’s causing a new problem by trying to fix an old problem. Given the choice i would go for my solution of disabling of the ability to spawn objects accross sims, at least this way, the attacker could only total a few sims, instead of the whole grid. Sure they could go from sim to sim, planting and setting off their script, but, i’m sure they could be stopped and kicked out before they got to far.
Perhaps a combination of the disabling solution, along with some monitoring in the sim server software, that checks the number of objects that current exist, and compares it to the last time it was checked, and if the difference is a large percentage, then an alert is flagged to the Lindens so they can spot problems quickly, and get the malicious user out fast before he gets to disrupting many more sims.
TrannyPet Barmy
The REAL ONE
TrannyPet Barmy
Dec 15th, 2005
LOL – hang on a sec, why are we even discussing all of this ?
Surely LindenLab know how to fix their grid and don’t need any help from any outsiders ?
TrannyPet Barmy
The REAL ONE
Raymond Polonsky
Dec 15th, 2005
Tranny, you sound stuck up and conceded and that is most unfortunant. You do not make me feel inadequate as you put it. I think that’s your own insecurities coming out. I do not wish to make this personal, as I simply stated, just be more open minded with others. As you state yourself, you are no expert as neither am I. No need to turn this personal as I have seen you enjoy to do in other posts and I see this one going there as well. You don’t like it when someone challenges your opinions in regards to this, yet you don’t play the game for one and two most of others replies to you are well argued unlike yours which just state this is how it is, deal with it. That is not debate or even a discussion.
All I am saying is be open minded. State your facts but you do not need to say someone is wrong simply because its not what you THINK. Agree to disagree, don’t railroad and pollute topics with your forced opinion. That just alienates you and your posts. Just some friendly advise which I am sure you will take the wrong way and start ill-speaking of me. C’est la vie
Now, it does not matter about IP address even. You are responsible for your account. If you let someone else use it you are still responsible. They just need to know whos account it is to trace it. Even the free accounts require a CC to gain access to the grid so it will not be hard to trace it. It is a DoS attack, not a Syn or a smurf attack. So why bring up those other topics? Sure they are a threat, but not what this conversation is about.
Bottom line, a DoS attack is illegal regardless if LSL allows for it or not. Microsoft software allows for DoS attacks, but it is not Microsoft’s responsibility. They try to fix it, but they are not responsible for the actions of the users. What happened in-game was a DoS attack. It floods the server to the point it no longer has available resources effectively shutting down the server. Sure Linden Labs can do some things to better this, but it is not as simple as you put it by changing the code. You have argued this unsuccessfully in the past just as you are arguing unsuccessfully that this is not illegal. I think perhaps its time that you for once fully think out your argument before presenting it and perhaps look at all the facts before you form your opinion and share it. Knowledge is the best weapon in forming an argument.
Tranny, don’t take things so personally and you will live a stress free life for the most part. Why get all bent out of shape becuase someone makes a valid point against your argument? You should embrace it. Now, let’s stick to the topic, agree to disagree and not turn this personal. UK law does not apply to this and is therefore irrelevant to the topic. Your entire basis was based on UK law. That is all I was pointing out.
Raymond Polonsky
Polonsky & Churchill
Second Life In-Game Lawyers
urizenus sklar
Dec 15th, 2005
CNet’s Daniel Terdiman has picked up this story. You can read it here.
Kiss
Dec 15th, 2005
To answer some of the people wondering why the Lindens would involve the FBI – the FBI is indeed the correct agency for all criminal aspects of cyber crime. The W-Hat’s crossed the line from casual in game griefing to malicious criminal behavior by causing economic damage to LL’s.
The resulting civil suits will no doubt be filed later against the W-Hat members involved to recover economic damages.
I look forward to watching this story unfold.
TrannyPet Barmy
Dec 15th, 2005
Raymond
short and sweet, i dont say something *IS* wrong, unless i *KNOW* it to be wrong. If you’re going to state what i did or didn’t state, at least get it right, i didn’t state i wasnt an expert in this field, i did however agree that i don’t know everything.
You are argueing, as *YOU* have stated, on facts that you are no expertise in. So please, don’t be a hypocrite in trying to disagree with reasoned/proven facts, with nothing to support or reason what you say. You are talking alot about being open minded, and yet here you are again with “bottom line DoS is illegal……. “(bottom line, ie; I AM RIGHT), with no reasoning or proving this.
Perhaps you should learn to be a little more open minded yourself, especially on matters that you have little more experience of than a google search or two !!! Maybe you might learn something !!
Dont take it personally though, no body likes to be wrong, and it takes a bigger man to be able to admit to being incorrect, or not in the know. But ultimately, you will come back more knowledgeable the next time.
After the last round of BS with Marsellus, i’m afraid Raymond, i’m really not going to waste any time getting into some flaming war with some one who appears to be doing nothing more than trying to justify his ‘virtual trade’ in a legal field that he evidently has no understanding of, this is the last post i make regarding your opinion of me. Please feel free to contine your arguement, on topic though, i’d love to see any proof/reason you may have regarding this, just dont take it as a personal attack or feel the need to launch personal attacks on myself in some silly attempt to justify *YOUR* weak unfounded arguement.
Finally, suggestions for you. First of all, i think it’s you who needs to think out your arguement, but even before that, fully understand what it is you are discussing before typing posts here. Secondly, you should maybe read the links you post as reference in here, before posting them. It might save you the embarrasment of asking questions such as “why mention SYN/SMURF ?”, when those were DoS attack methods also mentioned in the wiki post link you posted
You might also consider showing your reasoning/proof in arguements to. A final third note would be, to refrain from trying to justify yourself with nothing more than personal attacks on the person you would like to appear to know more than, it’s so obvious. Try sticking to the points inline with the topic, show what you do know, instead of what you DONT know by using personal attack tactics, however subtle you may think you’re being 
Don’t take any of this personal mind ……… it isn’t, i don’t need to resort to such low levels, just thought i’d address your issues with my debate/arguement skills in comparison to your evident lacking. I have the weapon you refer to, but appear not to have, KNOWLEDGE.
Final point, yes, as already shown, it is as simple as changing the code to prevent the problem happening again, with 30 odd years coding experience, i think i know what i’m talking about here Raymond. Shit, i’ve even shown roughly what the code will look like, and how it will need modifying. LindenLab have not done so, negligence. LSL still ALLOWS and DOCUMENTS the ability to replicate objects accross boundaries, NEGLICENCE. Mord’s analogy to giving some one your car keys, and them then wrapping your car around a tree, this describes it perfectly. LindenLab are giving the keys to the WHat or whoever, all for the sake of making a simple code change.
Cheers
TrannyPet Barmy
The REAL ONE
Fallen Hasp
Dec 15th, 2005
“The W-Hat’s crossed the line from casual in game griefing to malicious criminal behavior by causing economic damage to LL’s.”
That is hypocrisy. Its only malicious if it causes economic damage for LL? BULLSHIT. None of this wouldve happened if theyd enforced their own ToS. You cant allow griefing against your own users and then cry when they come after you next. Those attacks were karma and LL gets what it deserves.
urizenus sklar
Dec 15th, 2005
Story is now picked up by Doug Simpson’s blog, Unintended Consequences. Doug covers research “on the collision of law, networks and disruptive technologies.” It will be interesting to see if he forms any views about this case.
TrannyPet Barmy
Dec 15th, 2005
LMFAO @ KISS
“we the people of the virtual world SecondLife file this complaint against the WHat, they cost use virtual currency in a virtual economy in a virtual world, although none of which actually exists in the real world, we feel the need to allow the virtual world to flow out into the our real worlds to fill the gap that our oh so empty lives suffer, so we’d like to file this complaint, please let us continue filling the empty patches, and listen to our case”
OMFG – please let me know when this damages hearing will take place, i will seriously fly to the US to sit in the public gallery just to see if anyone listening to your cases can actually keep a straight face. I know i’d be p’ing me self laughing, i’d more than like get a contempt of court fine or something !!!
TrannyPet Barmy
The REAL ONE
TrannyPet Barmy
Dec 15th, 2005
STOP PRESS STOP PRESS STOP PRESS
SHIT QUAKE 3 JUST CRASHED ON ME !!!!
WHO DO I SUE ????????
I COULD HAVE JUST SCORED 20000 FRAGS – BUT THE CRASH MEANS I DIDNT !!!!!
HOW DO I FILE A DAMAGES CLAIM – I WANT MY 20000 FRAGS BACK !!!!!!!
TrannyPet Barmy
IRATE QUAKE 3 PLAYER
The REAL ONE
TrannyPet Barmy
Dec 15th, 2005
Oh and one other thing Raymong, i forgot to mention this. You say i was unsuccessful in making any sound arguement in the last thread that discussed this topic.
I’d disagree with you on that note, from where i sit, it seems to me, as with this thread, around 50% of the people participating agree with what i say, whilst the other 50% are left simply floundering around what they think about the issue, rather than any thoughts on any sound resolution !!!
So maybe another suggestion for you, put your glasses on and read what the posts say, instead of just stating what *you wish* the facts were
TrannyPet Barmy
The REAL ONE
Kiss
Dec 15th, 2005
Hasp
At a minimum you’re ignorant, although I’m leaning more toward just being stupid. Save whatever shred of dignity you might have and don’t demonstrate you’re ignorance/stupidity by making posts that are embarrasing to you. Go educate yourself a bit before you espouse an opinion on a subject you obviously know nothing about.
The FBI will be all over this. It’s much sexier than the typical boring DoS attacks they normally have to deal with. It’ll give them all kinds of sexy news headlines and visability. It’s already getting picked up by the news and that’s exactly the kind of attention they love for cyber crime cases.
Additionally, in this specfic case it’s easy to find the in country (for once) culprits who were stupid enough to be high profile about their criminal behavior. You gotta love that charming combination of third rate wanna be DoS attackers and the desire for attention.
Easy case and good vis for both LL and the FBI.