by Pixeleen Mistral on 15/03/11 at 9:01 pm
Threatens critics with animal control – hopes for security system to delete accounts
Controversial zf Redzone developer zFire Xue told me he believes that Linden Lab has failed to provide Second Life players with an adequate security system, saying "DMCAs take too long, stolen objects are passed off to alts, Linden Labs does nothing to block criminal viewers, hardly even blocking Emerald. A system as effective as RedZone, upsets everyone with anything to hide. They love to tell everyone how to try to copybot or attack even with such a system. Attackers and thieves change accounts faster than Linden Labs can respond to them."
Mr. Xue went on to say he was not concerned about being banned by Linden Lab and believes the Lindens benefit from the controversy that zf Redzone created. He hinted at future enhancements to his product musing "Bans are so….RedZone. The new system should outright delete people".
These revelations came during my interview with Mr. Xue Saturday afternoon after what must to have been a very trying few days for the embattled security system developer – his site was hacked, database deleted, and what anonymous hactivists claim are screen captures of a secret admin interface to his site circulated.
Who could have imagined an aging MMO could create so much drama? Welcome to Second Life!
Late in our conversation, Xue had harsh words for his critics’ actions saying, "ARing my ISP, inventing fake law, rumors, whatever. Snitching off my Boris to animal control… yeah ok mother fuckers. I will see you join him next".
In Linden Lab’s virtual world, conflicting values and faction wars define much of the gameplay. Drama is created in the bitter struggle between Second Life content creators and land owners who have an unrealistic expectation about how well online behaviour and illicit copying can be controlled, and players who do not wish to be tracked or datamined during their escapist roleplay.
Privacy advocates express deep concern about databases compiled by zf Redzone and other security systems, while the security advocates are more than willing to compromise privacy in hopes of tracking troublemakers. Linden Lab’s inconsistent enforcement of an ever changing ToS and community standards leaves everyone guessing — an environment ripe for vigilante action from both factions.
The weekend battles between Xue and his critics were sparked when anonymous hactivists responded to Mr. Xue’s challenge to "bring it on" in a post to his site’s forum Thursday. Confident of his security prowess, Mr. Xue claimed his server is the "most secure in Second Life", but by Saturday afternoon Xue seemed primarily interested in identifying those who had trashed his site – a completely understandable desire.
While the sort of unauthorized access that apparently took place on Mr. Xue’s server is a criminal act, it seems several parties felt that the challenge and risk was worthwhile, posting several screen captures as evidence then asking if anyone could suggest a way to anonymously send evidence to Linden Lab. At this point both sides are playing for high stakes, hoping to drive their enemies put of the game.
a screen capture from zFire Xue’s site posted to sluniverse.com forum epic-length Redzone thread
The interview was conducted under rather difficult conditions – it took most of Saturday to track down Mr. Xue. Our conversation began when I sent Mr. Xue several IMs which went unanswered, then switched to e-mail, then finally continued via a live IM session. A transcript of our multi-modal new media meet-up is below:
Pixeleen Mistral: It appears that your isellsl.cx site may have been compromised. There are php errors on several pages that suggest that the site’s sql database has been altered. Also a source has pointed to what are claimed to be screen shots of the "Admin Overlord App". I am working on a story and have several questions – will you be available to chat sometime today?
zFire Xue: Yep they deleted the database.
zFire Xue: Are you going to be protecting cybercriminal(s) or where they anonymous?
Pixeleen Mistral: do you really think that they guys who got loose in your server would tell me who they are?
zFire Xue: they might have the same IPs that I have on my log
Pixeleen Mistral: well they might, but it is unlikely that it would do you much good
Pixeleen Mistral: fwiw – all I know is they sent a comment from an IP address that is an exit from a Tor anonymizer
Pixeleen Mistral: I’ve seen some people claim that the SQL injection exploit for your site was known for quite some time
Pixeleen Mistral: how do you know that the backup you loaded has not been altered?
zFire Xue: It was first attempted on the 7th
zFire Xue: I have a log to check for IPs of attackers and check that.
zFire Xue: Merlins PW seems to have been known
Pixeleen Mistral: some of the hactivists that compromised your site say that you invited them to try – and they will publish more embarrassing info if you don’t acknowledge that they did compromise your site
Pixeleen Mistral: so – I guess they can stop now since you told me that they did get in
Pixeleen Mistral: what I can’t figure out is why you would capture failed logins and make those available as "Possible SL PW(s)"
Pixeleen Mistral: at the point news of that gets out your reputation is in tatters
Pixeleen Mistral: what were you thinking?
zFire Xue: Do you want an official reply, or an off the record, clear english one?
Pixeleen Mistral: this is on the record
zFire Xue: Starting now? LOL
Pixeleen Mistral: I’m a reporter – you know who you are talking with
zFire Xue: ok sure
Pixeleen Mistral: so – what was that rationale?
zFire Xue: The entire system is intended to do the Job Linden Labs completely fails at doing. DMCAs take too long, stolen objects are passed off to alts, Linden Labs does nothing to block criminal viewers, hardly even blocking Emerald. A system as effective as RedZone, upsets everyone with anything to hide. They love to tell everyone how to try to copybot or attack even with such a system. Attackers and thieves change accounts faster than Linden Labs can respond to them.
zFire Xue: RedZone is the only system to find, block, ban, (or worse), the cyber criminals of SecondLife. By every means necessary. Even automated ones LL fails to implement.
Pixeleen Mistral: but why try to capture the possible SL passwords of your own customers?
Pixeleen Mistral: you explained why some people buy Redzone – but the screen captures show you tracking possible SL passwords for your own customers
Pixeleen Mistral: how can that possibly help your cause?
[...6 minutes pass...]
zFire Xue: If I where logging SL passwords, and I have heard the theory, Linden Labs would have clear evidence of logins on other accounts from the same IPs I use. I find the idea interesting and wish I was able to log into some of the copybot accounts that I am aware of, and delete them from SL because when LL does anything, it is a suspension, if anything at all. LL fails at tracking inventory objects and banning alts of Copybot users.
zFire Xue: Your information says I log RL locations as well, but they failed to put a nice "real life location" box into the pictures.
Pixeleen Mistral: so I guess the theory would be that some Redzone customers could also be copybotters, and if you had their passwords then you could possibly log into their accounts – but that would be a bad idea since it would come from your IP address and LL would notice that
Pixeleen Mistral: so my guess is that if someone were to do that sort of thing, they would go through a Tor anonymizer to hide their IP address and also fake their Mac address, etc.
Pixeleen Mistral: in other words – LL would not be able to tell
Pixeleen Mistral: which is probably the same reason that LL fails at security
zFire Xue: It is well known that some serious hate bloggers, griefers, even a few creators that copybot competitors are found out by their own system. If I where able to log into and delete them, all stolen goods, and alts.. Yes LL would notice. But would they have cared?
Pixeleen Mistral: It is hard to know if LL cares
zFire Xue: Linden Labs would see the Tor, or other proxy, as a sign of a problem.
zFire Xue: Linden Labs would get distress calls from deleted accounts, see the proxy IP and simply unban them, ban the proxy, and contact the proxy. However that would work.
zFire Xue: So the theory would not work. LL could just block all proxy’s.
Pixeleen Mistral: Are you concerned that today’s developments might lead to your accounts being banned?
zFire Xue: Nope. Linden Labs knows fact from fiction.
zFire Xue: I have photos of the Greenzone founder copybotting. Clear photos, and the Lindens don’t accept those.
Pixeleen Mistral: Isn’t the bad press from this scandal something Linden Lab would want to stop?
zFire Xue: Linden Labs loves the google ranks this provides.
zFire Xue: They also must enjoy watching a "social simulator"
Pixeleen Mistral: no such thing as bad publicity then?
zFire Xue: Not at all. According to what I read, I am now zFire "The godfather" Xue, Dr Claw, super hacker, capable of impressive impossible things.
zFire Xue: I wont bother listing what they claim I can do, or have done, but it is impressive sounding.
zFire Xue: Even the small silly ones, like blaming the rise in friendship requests on RedZone.
Pixeleen Mistral: Plastic Duck told me this morning that he is surprised you are not banned already – he said Redzone caused much more drama than he ever did
Pixeleen Mistral: but Michael Linden is no longer with the Lab so that might explain it
zFire Xue: I have never heard of Plastic Duck, so I assume RZ created more drama.
zFire Xue: Eco Linden, Glen Linden, etc.
zFire Xue: 30% layoffs.
zFire Xue: Where are the disgruntled X lindens?
zFire Xue: So who will protect SL?
Pixeleen Mistral: a very good question
zFire Xue: Maybe the hacktivists should work on finding and deleting copybots.
zFire Xue: Bans are so….RedZone. The new system should outright delete people.
Pixeleen Mistral: I think the hactivists value their privacy more than the pixel clothes and other elements of the SL economy so they are unlikely to go after copybotters
zFire Xue: The Privacy argument indeed.
zFire Xue: Privacy, or security. Linden Labs wants a happy middle ground.
Pixeleen Mistral: well – I’ve taken a lot of your time – thanks for talking
Pixeleen Mistral: is there anything else you would like to tell the Herald readers?
zFire Xue: yes there is
Pixeleen Mistral: I’m all ears
zFire Xue: Give me a second
Pixeleen Mistral: k
[...5 minutes pass...]
zFire Xue: ARing my ISP, inventing fake law, rumors, whatever. Snitching off my Boris to animal control… yeah ok mother fuckers. I will see you join him next.
zFire Xue: I have nothing more to say on this.
Pixeleen Mistral: I have no idea what "Snitching off my Boris to animal control" means
zFire Xue: Oh they do.
Pixeleen Mistral: I guess someone will explain it in the comments
[...9 minutes pass...]
zFire Xue: http://www.youtube.com/watch?v=5UPg1GfxGTU
zFire Xue: no point in sharing that, Im taking it down. Id rather see who knows about it.
Pixeleen Mistral: ok – now I have seen it all – a raccoon in diapers
What sympathy I had for Xue’s desire to learn who had reported Boris to Animal Control waned by Saturday evening when I found myself ejected from his zf Redzone store in-world. I had apparently been marked as a "former copybot" after what I can only conclude was my manual addition to his copybotter database.
By Sunday I was no longer being ejected when visiting the Redzone store. Had Mr. Xue been trying to send me a message, then thought better of it ? Or were the hactivists updating the zf Redzone database behind his back?
In either case, many questions remain unanswered. Is someone in zFire’s inner circle feeding his critics pointers YouTube videos to cause him trouble? Who snitched out Boris the raccoon to animal control? Has the level of drama risen to the point that Linden Lab will take action? Will the Second Life babyfur community look favorably on zf Redzone now that they know zFire Xue is a potential fan? What of the wider Second Life community – and the risk of gross anarchy with diapers?