Liza Veliz reports on Emerald mess, read about it here!

Sun August 22nd 2010

Cliff's notes of the whole situation, an old sl friend of sl reporter Liza Veliz

Details:

Companion Videos: http://www.youtube.com/user/TOBSDA

== Datamine Incident ==

Fractured collected avatar / ip combinations using scripted objects in the Emerald Point sim and the Modular Systems / Emerald RegAPI site in a central "Datamine". This was used to determine who was whose alt account and they he had created a web application that allowed him to locate any of said users on the globe with a margin of error of about 200 miles. Various emerald devs had access to this system, and they used it regularly.

Phox and Fractured stalked and hacked the third party who discovered the Datamine (a developer of a non-TOS compliant viewer like them.) They hacked his voice account so he would not be able to use SL Voice, and stalked him to a randomly sim when nobody had map rights. The sim was chosen and the user logged on when the third party found out Fractured had a "surprise" waiting for him. Phox and Fractured confronted the third party, saying they knew who he was and they'd called his house. He was apparently a student on financial aid and was living with his mother. Phox stated in private that he intended to steal the third party's computer so he couldn't mess with them again.

Fractured sends around the chatlog to people, laughing about how they had trolled the third party.

It turned out not to be the third party, and they had been harassing a random person.

The third party called Fractured at his house, to let him know that he knew all about the "datamine", and the information regarding it would be publicly released. Eventually an agreement was reached with Fractured that only information regarding who used the "Datamine" and who was in it, not any identifying information, would be released to the public so long as the datamine was removed from his servers.

Fractured apparently removes the datamine and associated code, the list of users who were in the datamine is posted on the Alphaville Herald.

== EmKDU Incident ==

Phox and Fractured attempted to get the third party's internet disconnected (again, a common tactic of their also used on Neil,) but were unsuccessful. Phox still believes he was successful and has gloated about it to numerous people.

Fractured and several other Emerald devs also worked on the Onyx project, a malicious viewer under the guise of a project to find security holes in SL. It was based on a client of Fractured's that had been banned in the past, along with Emerald. This client was used to harass and stalk others when they saw fit. They claimed it wasn't malicious, and was used for research only. The old source code was leaked. They claimed that it didn't have any of those features anymore and the viewer was just for research. Much more recent source code was leaked, and they didn't say much of anything, but the Onyx site was taken offline. They started hiding that they were using Onyx by spoofing their tag and channel name to be the same as Emerald's, but there were still a few pieces they forgot that identified it.

Someone found out a library the ModSys team had made was being used to leak information about Emerald users. It could be viewed by anyone who knew how to decrypt the message, and the source code to the library was not open to public scrutiny. The message was decrypted by others, using custom software, and it turned out that one was able to determine what version of Emerald they were using, and in some cases, what their username on their computer was. This is dangerous, because the information can be used to pinpoint who a user is in real life if their username on their computer is the same as their real name. It also enabled people to determine who was and was not using Onyx, along with several other unwitting Emerald derivatives.

They claimed they removed this info after several Emerald devs questioned them about it, and they promptly changed the encryption used on the message that was sent out. The message was decrypted again, and it turned out that the majority of the contents were the same, despite their claims. It was changed a third time, and hasn't been decrypted yet.

A core emerald dev decided to leave

One ex-Linden, Qarl decided to join.

== DDoS incident ==

This was all documented by the third party. Fractured thought it would be funny (apparently while he was drunk?) to add hidden frames to the emerald login screen that would load content from said third party's website (which they had stated numerous times was a website hosting malicious software,) and overload the third-party's server with requests every time someone logged into Emerald. The third party found out about it, saying he didn't really care if they wanted to attack him, but to not use their own users as tools to do it. The way the website was loaded, the third party's website could have launched exploits infecting the computers of anyone logging into Emerald, change their login location, or crash their computer.

Soft Linden, head of Security for LL, railed on the Emerald team in the opensource-dev mailing list.

Two core devs left.

Arabella then made an official post about the incident, whitewashing it by saying it was only one developer, who was disciplined, and that they were merely boasting about their traffic to the third party.

Another ex-linden, Data, joined.

In an audio recording, it was determined that they had known that Fractured may be adding the code to the login page before he had even done it, and nothing was done about it until someone complained. Arabella knew it was a lot more than just boasting about traffic, but didn't want to say so, as not to "scare the users". All mention of it on their forums of blog comments was deleted until they made the official response. Arabella thinks very carefully about whether or not to censor a comment from YET ANOTHER ex-linden, Pathfinder, that was less than complimentary of what they were doing to their own users. She and others censored the majority of other comments and posts that did not agree with what they had said in the original post.

== Aftermath ==

Emerald is removed from the Third Party Viewer List.

Fractured steps down from the leader of Emerald, and leaves Arabella in his place. Phox remains.


Ty for reading the article,
Liza Veliz,press pass reporter, Senior Writer

Also Check out Arabella's blog (Emerald viewer executive) for her view on the events that happened http://arabellasteadham.wordpress.com/