DarkLife hacked, $400us stolen

Today I logged in to DarkLife to see a disturbing message from the coder, Bram (aka. Mark Busch in game). The post describes how we’ve had $400us stolen from our main ‘account’ holding our cash in Second Life for the DarkLife game.

When I came back from holiday I noticed my secondlife account was empty. When I went away it was still about 112.000 L$

So I looked what happened, and it turned out on the 17th my account got robbed by some dude named ‘CheckOutThis Hax’ and ‘Data Lindman’.

Probably the same guy as ‘Client Hax’ who had hacked darklife before.

He used a part of the shop script that gives back the L$ if the buy fails. The only way he can do that is if he knows the channel number (and judging from the previous levelup-hack he does).
But how did he know the channel number? 3 possibilities:

-Secondlife had a bug for like 7 hours some time ago where everything bought would be copy-mod, including scripts.
-He found a new bug in SL (Client Hax means Client Hack?)
-He used a scanner: but this seems highly unlikely, there are 4 billion channel numbers. On each channel he would have to listen, then wait if anything is being said (for how long?) even IF he would be able to do 100 scans in 1 second (which seems impossible to me, because he doesn’t know how long to listen on a channel) it would still take about 2 years of full scanning to test all channels, and let’s say 1 year before he finds it.

So I guess either 1 or 2…. anyway it’s very very bad. we’ve been robbed for about 400 USD

Not the best news to wake up to on a Sunday morning.

Later in the day Bram put in place a fix to prevent a similar kind of hack in the future and we caught “Amatamat Amat” trying the same exploit, another young, new character and likely alt of the main, whoever exactly that is. In the evening, US time, we had an alt come in and continue to cause trouble by crashing the Navora sim repeatedly. After the third or so crash, “StealingCashFromDarkLife Allen” was found, and booted from the sim and the sim put on lockdown and no one allowed to enter. Our smart moderators, Ethen and Trevor went about forming a special group for players, invite only, and started working through our known player list, inviting everyone they could. They then allowed only the developer group and the special, new group, access to the property.

Slowly we’re getting all of the legitemate players back into the game while the alt fools around on our DarkLife Player’s group channel (despite being kicked from the group). We’ve messaged Linden Lab and put in some petitions, but there’s very little likely to happen over the weekend (in contrast with my credit card, where were four hundred dollars to be defrauded I would find someone to talk to pretty easily!).

How did the guy do it? Well we think it’s most likely that during a period of time (very short, perhaps a few hours?) when a patch for Second Life left all items open to view and all code open, the hacker read the scripts and found the channels items in our game communicate on. Knowing the channels he first (using the “Client Hax” character) levelled up his own character and messed with the game a lot. He was booted from the sim, whereupon he created some alts who came in and started experimenting. We had word of one of these seen in the sim idling, but it was removed. Apparently, it was too late, the guy already knew the channels and had devised an exploit based on the way that money is refunded to DarkLife players who over or underpay for an item.

Using this bug he fooled the system into thinking he needed paying out, and quickly drained Bram’s account, the one where cash for DarkLife is stored. Bram doesn’t keep all of the cash in this account, but needless to say, some is required at all times and he got just about all of it I think.

We don’t know what will be done about this, how the theft will be handled, or what impact it has on the rest of DarkLife, but we’ll let you know as we do.

Advertisements
Leave a comment

1 Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: