Friday, August 20, 2010

Emerald viewer's login page used as a Denial of Service Attack [Update: Emerald Devs Apologize]

Graphic representation of ddos attack by a giant hand coming down a building marked .com
I have been getting reports that the Emerald Viewer had been using their login page to perform a Denial of Service Attack on iheartanime.com . Why they did this is unclear to us now, but it looks like some geek drama at its core that has been going on for some while.

If you look at the source of the google chache of their login page from august 9th you can see that they use a 1px iframe to pull about 20 dynamic page and a dozen images from the site, just to put high load on the targets server.

What is important to note is that they used every Emerald user to participated in this attack. All a Emerald user had to do was just login in the Emerald viewer to be a unsuspecting vector of attack towards iheartanime.com . A attack like this results in the target page to become unresponsive, and have massive amounts of bandwidth and cpu cycles wasted. And it should be noted that a Denial of Service attack is a violation of the law in many countries.

From wikipedia: Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.

This should bring up serious doubts to use this viewer if you do, and if you should trust them with your password and to 'do no evil'. I rather forgo the nifty features in Emerald than support behaviour like this.

Update: The Emerald Devs apologize, but it shows a culture of ego boosting that skews the sense of right and wrong.
Two weeks ago, amid an atmosphere of pride and boasting about Emerald traffic, a silly idea was hatched.

This idea was to target a blog owned by a creator of a malicious viewer, and boast of the traffic Emerald has captured. The method for doing this was to add links to the Emerald log in page linked to said blog. Each time anyone logged in, our page loaded up and also the other page loaded up – simply to show off our volume of traffic.

This was not a DDoS. This was a poor attempt at boasting that failed miserably. Once we discovered this, these links were deleted and the dev concerned was disciplined.

The entire Emerald Team offers it’s sincere apologies for concern, panic, worry, mistrust and disappointment felt by our users because of this. I can most strongly assure you that this will not happen again.

Sincerely,

The Emerald Dev Team
This apology doesn't make much sense, they wanted to "boast of the traffice Emerald had captured" by sticking 30 links to iheartanime.com? In no way does this show off their traffic, it sends a thirty fold of their traffic to a random site. If they want to boast their traffic why not make their Stats public.

Even if the site owner it self is making a malicious viewer, it is in incredibly poor taste to use your entire userbase to perform a DDoS attack on it. One crime does not cancel out the other.

links:
Picture of source view of page  
Google cache of Emerald Login page(click only if you want to confirm for yourself)
iheartanime.com
Denial of service attack
SLU post by iheartanime.com site owner
Apology by Emerald Devs

14 comments:

  1. Yes, thanks for calling them out on this, Frans, it's all so fake.

    Criminal at heart, all of them.

    ReplyDelete
  2. I can't help but wonder why emerald is still listed in the TPV directory.

    ReplyDelete
  3. Why did they do that? Well, you may recall that Emerald (more specifically the libemkdu library in it) was caught leaking personally-identifiable information about its users in an encrypted form that could be read by Emerald developers. They were then caught continuing to do so after the developers in question claimed the problem was fixed, just with stronger encryption that made it harder to prove. iheartanime.com is the website of the person who figured out how to decrypt the secret information they were leaking both times, and the website on which he publicised this issue. It's basically a vendatta attack against someone who revealed the Emerald developers had been up to no good.

    ReplyDelete
  4. sure they are sorry... that they got caught.

    ReplyDelete
  5. Thank you for the back ground info A.

    Is Emerald still doing this?

    ReplyDelete
  6. Jay made vlife/onyx.

    ReplyDelete
  7. In recent activity with emerald that has been a few developers who have taken the idea of what emerald is supposed to be and have used it to do other things. This has caused one of the most senior developers who have been working on this projects since the beginning to leave saying he does not find emerald to be a stable user platform for SL any longer and that you should use it at your own risk. Inside Emereald one of the developers has put a hidden encryption that is now to strong to break and can not be taken out now. the developer that left confronted the person responsible and was told that it was taken out and completely removed when found, which is a complete lie and it was just hidden so no one can find it. Now, i do honestly doubt that the entire emerald team was behind what had happened as stated in this blog post, and for you to blame an entire team for one persons wrong doing is not fair to those who have seriously worked hard on this program. Here is some further information if you would like to read up on the malicious internal uses that the emerald team has be facing.

    http://lordgreggreg.wordpress.com/2010/08/14/emerald-reassessment/

    http://www.sluniverse.com/php/vb/alternative-sl-clients/47830-lordgreggreg-reassesses-emerald.html

    https://docs.google.com/document/pub?id=1IofRTqt4yXcAlfPpeQiG_cxI-22SVJ54ynscoYvMeVQ

    ReplyDelete
  8. To that person with information about emerald, it was not ALL emerald developers, but only one who had been up to no good. i have in my post included the links that which have been provided to me about the information.

    ReplyDelete
  9. The Emerald dev team is a opaque group to me, No idea who is who, or does what.

    Modular systems itself does not say who has done it and instead rightly so try to apologize as a team. It is impossible for me to know who changed the login page and who knew about it.

    I think I should address them a team, who you associate with is important and reflects back on the whole. If they have a bad egg they should purge it.

    ReplyDelete
  10. I completely agree, but it was not the entire emerald team who is to blame, and while we cant point fingers at one specific person you can point it to the group who would have been more likely at fault instead of the whole team. The only wrong doings of the entire emerald team was not telling the public about the hidden code encryption that logs user information when they found out about it the first time, and to let the person who created the emkdu into the program itself should have been removed from the entire project instead of allowed to continue working and to further encrypt there wrong doing, Had that been done, i can believe that none of what happened would have. I would think that the person who called out the person who did the wrong doing is the one to blame, though without knowing ever person and there exact purpose in emerald that is hard to do.

    ReplyDelete
  11. Emerald Dev team members - as the saying goes, one rotten apple spoils it for all. This is quite true.

    Everything they have done with THIS event, is in violation of the TPV ToS - and they have NO accountability - they do not HAVE to explain, or apologize, and honestly, it falls on deaf ears.

    This is the third incident. Prior leak of personal information, the emkdu scandal *which there is NO telling WHAT was included in that and nothing, not so much as a "oops" was given* now THIS - THIS .. IS CRIMINAL - it's against the law.

    I hope SL pulls the Emerald/Modular Systems credentials - this is NOT ACCEPTABLE.

    ReplyDelete
  12. and the rotten apple is............ Fractured Crystal

    Seriousely.
    Fractured Crystal was responsible for the Emerald Login DDoS attack
    http://www.youtube.com/watch?v=3iB9g6O9NEo

    There is where the fingers should be pointing, this is from Arabella's mouth so no doubting the source.

    ReplyDelete
  13. Unfortunately the "one bad apple" is now known, and he is at the top, in charge, and paying the bills.

    There is no recovering trust of the users in this case with him in charge, and he's not going to go anywhere. Everyone at Modular Systems who thought this was serious has already left; the rest are laughing at all the kool lolz this got. Besides, it's clear now (from the YouTube audio recordings) that Arabella may have been the only one who didn't know back on August 9th when the plan was hatched (to others on the team) and the bragging started.

    I feel bad for the new ex-Lindens joining this mess. (Guys, just get out now.)

    ReplyDelete
  14. I've had Emerald uninstalled from all the household computers, and we won't be using it again!

    I only caught wind of this today through the official LL messaging, but as neither my partner or I have been using SL regularly for about 6months it's unsuprising I dident hear anything about it till now.

    It's utterly shamefull, and to boast about your figures in a way that undermines your user base? It doesent even make sense as an apology, and you shouldent try to pass something like that off as 'silly' - if they had treated it with some degree of maturity maybe? That they dident just prooves that theres not enough sense behind the wheel.

    We all like to try and take things in good humor, but hijaking peoples computers for an attack is not humorworthy. Especially for a viewer which has acted like the abused puppy of the litter for the last year or so.

    Pfft... Well no slv2 for me either way, better go find some other horse to back :3 (Well maybe I'll look at viewer2 just to make sure it's still as bad as I remember... :D)

    ReplyDelete