Jump to content

Hack alert: Hoax or not?


Merit Coba
 Share

You are about to reply to a thread that has been inactive for 2437 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Last week I have seen the same hacker warning being posted in several groups.  People are called upon to spread this message around. This is the text ot the message(I removed the name of the person accused for reasons I will explain below).

" a hacker has been discovered here in sl. he has taken over 63 accounts stealing money and other assets. so be on the lookout for this person. -------------. he is able to over ride security and everything. 

Warning! This is a bad one. Please pass this message out to as many friends and groups as you can. Dont Accept anything from unknown people"

In one version it is said that the FBI and Linden Lab were involved. 

I tend to be sceptic about these messages because some are just hoaxes. Considering that a specific name is given and in one version it is said that the FBI  and Linden Lab were involved this made me curious about the source of these messages. I can not find any confirmation of this actually being true.

Now it seems to me that naming a person means people need to have some solid proof to back up their claims because they can't just go around accusing other people merely on hearsay.  Suppose the person mentioned is totally innocent and just the target of an enemy who uses this way to get back at him or her?  And what are we going to do? Are we going to ban this person merely because someone says he or she is a hacker? I hope not. 

When I asked how the poster knew about this, his answer was that he just posted what was said in another group. He didn't bother to check the source. He figured it was more important  to propagate the warning than to check the truth of the matter. In fact he soon got some people backing him up,  including the sim owner, with arguments like:

1 In SL different laws apply(the law that a person is innocent until proven guilty is suspended)
2 You don't need to check sources.
3 The end justifies the means. 

I post this here not quite knowing what to do with it, but perhaps someone can shed a light on this. Or at least ask people not to spread around messages accusing persons without some proof. 

 BTW: the person being accused of being a  hacker is an existing account. This is one of the reasons I am posting this here. 

 

 

 

 

 

 

 

Link to comment
Share on other sites

It is just spam. I have seen a few of these over the years. They are always urgent, send to everyone on your friends list blah blah blah. No link to any kind of credible reference.

The correct thing to do if you directly find out someone is violating TOS is to send an AR to Linden Lab with all the details, they are fast to act on these kinds of reports.

The purpose of posting alarming reports to public groups is just to wind people up, so don't become a part of it.

Link to comment
Share on other sites

Good point... I read the tos on it and I think this is clearly a case of :

 

You will not post or transmit prohibited Content, including any Content that is illegal, harassing or violates any person's rights.

Post, display, or transmit Content that is harmful, threatening or harassing, defamatory, libelous, false, inaccurate, misleading, or invades another person's privacy;

Link to comment
Share on other sites


Merit Coba wrote: [...]

1 In SL different laws apply (the law that a person is innocent until proven guilty is suspended).

2 You don't need to check sources.

3 The end justifies the means.[...]

 I doubt they’d use those exact words... few except the most hardened cynics want to sound *quite* like that. Otherwise, yeah, those are three of the many unwritten rules of SL... come to think of it, of RL too, but it kinda rings even truer in here, I guess due to the fairly popular “nothing matters much in SL” attitude of so many residents.

 

However, much of the spread of this (and other) warnings aren’t *completely* because of that “not a big deal” mentality; there’s also a fair deal of the mindless, Facebook-like attitude of “passing chains” without barely a second thought... you know, the typical “there’s a lot of children dying of this or that... publish this in your feed, if you don’t it means you’re so cruel you want children to die!!”. Many people barely dedicate enough thinking to it to rebel against the blatant stupidity of it, they just pass them and move on to the next inane thing. In here, in the case of these “warnings”, many just don’t pause enough to think about what you said: that these things are an accusation without proof or, for that matter, source-checking, and that they could potentially affect an innocent resident; it’s not that those who pass these “SL warning chains / hoaxes” don’t care about that... it’s more that they don’t actually make the mental effort to realize it in the first place.

 

In other words: welcome to SL. There isn’t that much you can do about it... you can post about it here, and you can argue these things in the groups where the warnings are issued; and one or two residents might realize you’re right and refrain from passing it on; then again, five or six others that did pass it on will be offended on the basis of the “good samaritan / conscious citizen that got chastised by a contrarian (that’d be you) when they just had the well being of everyone in mind”.

And you’ll have a very hard time snapping them out of it :smileywink:

Link to comment
Share on other sites

I've never known any of these type of alerts to be credible.  Mostly they are based on false rumors or misunderstandings.  People can't hack your account.  They can only gain access if you give your password out, use one that is easy to guess, click links that lead to phishing sites or sites that download malware like a key logger to your computer or grant access to allow a script to take your Lindens.  In other words, if a persons account is compromised, then they have done something to allow it.

Don't re-post this drama.  The person that started it should AR the person if they have any proof, not spread rumors  Chances are they have no proof, just a grudge.

Link to comment
Share on other sites

A question to anyone with an in with an in depth knowledge of the login process...

 

Is the password hash salted or sent as is from the hard disk.

 

Reason I ask this is whether there's an opportunity to capture an unsalted hash and replay that to hijack credentials without the user having installed malware or knowingly given up anything intentionally.

 

In general I agree with you Amethyst but I'm sure there are other opportunities for well crafted hacks but not as described in the OP.

 

 

Link to comment
Share on other sites

You are about to reply to a thread that has been inactive for 2437 days.

Please take a moment to consider if this thread is worth bumping.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...