Monday, November 19, 2007

SL Financial institutions taking massive hit.

I'm getting so much content and the market's getting so hot on this news I've had to start another post. Reports are that the attacks came in two waves, one in the morning and one in the afternoon.

Victims known to date:

1. LNL - Lindsay Druart: 3.2 million in deposits affected. LNL has recovered from the first attack. Recovery amounts are now detailed in the comments section.
2. SLIB - Tyrian Carmillo: Reporting no impact with no changes to operations. Security coding minimized damage and the CEO reported the only real loss was time verifying the attacks failed.
3. Royal Bank - Christopher Whitfield: Managed to recover the impact of the first attack from Linden Labs, second attack is still pending. Estimated impact still remaining $L160,000
4. Giovinazzo - Individual Source, Unconfirmed .. impact measure unverified.
5. Second Life Business Bank (SLBB) - Individual Source, Unconfirmed.. impact measure unverified.

Banks surviving the incident with no attacks seen/reported:
1. JTF/CAPEX: Arbitrage Wise: no apparent attack.
2. Edge: Salas Steinbeck: reports no apparent attack.
3. BCX: Travis Ristow: Attack discovered, but no effect. They were testing security. Utilizes LL Risk API.
4. BNTF/ACE: Intlibber Brautigan: no apparent attack.
5. Crystal Springs Land & Loan: Skip Oceanlane: no apparent attack.

Supposed victim count reported by multiple independent sources: 4 or more institutions.

These are confessed victims of the vulnerability and so far no others have been named directly.

I'm not sure even that all the banks are aware as to the level of damage that may have yet been done to them if any so I have reported the incident to the heads of other institutions to make sure they are aware of the event and are checking on their own internal operations. That said, I'd encourage all depositors to be patient with your institution as, even if your money is still available, it may not all be there and there's a significant chance that a broad based panic will result in catastrophic bank collapses.

The information I collected from verified sources, associated with the bank in question, will be marked as verified. This is data I know to be true based on their accounts/claims and their representation of the measure by which they have been affected. Unconfirmed accounts come from second hand individual sources and may or may not be accurate, I will be contacting these institutions if I can in order to find out the validity of the claims.

If you are an SL Bank and want to report the status of your bank in relation to this incident, please fill in the comments section.

With the multiplicity of banks that are supposedly being affected, it suggests the flaw is not directly related to any particular programmer, but a security flaw that may be easily overlooked in transaction api; it's still the responsibility of the administrator to ensure quality coding.

A suggestion has been made that the targeted banks may not be shielded by LL Risk API. I wish I could uncover which of these banks were protected by LL Risk Api and which ones were not. If you'd like to report your Linden Lab API status, again, please use comments.

Reported attack times seem to be taking a similar time frame. This seems to indicate one hack or a co-ordinated group of hackers.

16 comments:

Lindsay Druart said...

Note: L&L Bank and Trust recovered the first attack.

Maelstrom said...

Can we get a figure on the recovery?

Lindsay Druart said...

The first attack was the one listed and we recovered $20,500. The second attack was the big hit. I just got off the phone with concierge and the governance team is still working on it and I have not been given an ETA but since this spans more than one account I don't expect a response today.

Lindsay Druart said...

Note: Risk API does not stop someone from hacking the database

Anonymous said...

I suspect that institutions with their bank sites hosted on servers sharing with other users have a special vulnerability. A hacker could findout a sites hosting company, get a site of their own on the same server, and then use php hacks to do sql injections into sites on the same server.

ACE and BNTF implemented strong protections against this vulnerability last night, and also has a number of other security features using databases on likely hackers that is only available to BNT.

Lindsay Druart said...

oh...this will not happen again...brick walls, steel doors, M1A2s, and MOABs are being installed.....smell the napalm

Maelstrom said...

Operation shock and awe the hacker(s) :-P

Anonymous said...

JC Brink = Lindsay = new hacker

watch for someone to spring forth and save this heist to. only to repeat in 3 months.

or maybee lindsay will use lll / lcl to save lnl to the demise of shareholders and bennifit of herself. theres a patern of her fucking shareholders to make a dollar, while crying "im the good one"

/me remembers her using lnl funds to create lcl, then trying to ipo lcl seperately at the wse, without any credit to lnl shareholders. which would be great for her, bad for lnl.
this was corrected, but the attempt was made and not forgotten.

i wouldnt be supprised if lnl does fail, and in a month or two when we forget about it, lindsay somehow manages to "put all of her RL funds in" for another growth spurt.

holy hell, that reminds me... didnt lindsay put a bunch of money into an ing RL account for the company? shortly after JC Brink stole alot of cash.

Unknown said...

What is lcl? Are you referring to the Credit Reporting Agency LLCRA is the correct abbrev. (has sometimes been referred to as LLCA however) Let me point out that each of the 3 L&L businesses run separately from each other. Separate avatars to hold the cash (none of which are personal avi's I'll point out), separate financial books, shall I go on? They share a common brand name.

LLRS has donated land for LLCRA to function off of, but your inferance that IPOing the LLCRA on the WSE as some evil scheme is a bunch of poo. Shall I point out that LLRS already operates on the WSE.

Mateo Infinity

Lindsay Druart said...

here we go with the anonymous hiders....

LLBT has NO financial obligation in LLCA and LLCA's complete build comes from the IPO. Geez, at least get the facts right before you start accusing.

Unknown said...

Indeed the LL Risk API has nothing to do with hackers directly accessing the database.

However, transferring the funds to other avatars might be made less easy with the risk API kicking in.

Every thinkable security precaution can be taken to protect against hackers, but never say "this won't happen again". It may - and better - not happen again in the exact same way, but if you're up against a knowledgeable adversary with time on their side, sooner or later a hole will be found or exploit abused.

Anonymous said...

Yesterday, 21:44
Lindsay Druart Re: Current Dilema
I have also been in contact with our investment manager for our USD holdings. Some of our funds mature early to mid December at which point we planned to bringing the funds back in game but I should have an idea within the next few days what early termination will cost us and if it is viable with the end being so close. I will update the market on that as information becomes available.


was just browsing the capex fourms. saw this post.

I TOTALLY FUCKIN CALLED IT!

Anonymous said...

and initaly llcra started out as an lnl project, started with lnl funds, and was publicised to be an lnl asset at many meetings.

then, lindsay decided she would make more if llcra was its own entity, and went to ipo on the wse. forgetting all about the lnl shareholders.

only after being called on it in the capex fourms did she make any consideration toward giving lnl shareholders their fare share. initally she just wanted to build llcra with lnl money, then ipo it seperately so she would have a huge piece, and lnl shareholders none.

interestingly enough tho, you dont talk about the other points i bring up.

yesterday i said it wouldnt suprize me if she appeared with some money from rl resorces once this blew over. then today i read that mid december she would. ..... i wonder how much of the missing L$ will manifest itself as this injection from her rl funds.

Anonymous said...

So, fellow anonymous, am I correct in summarizing your theory as:

Lindsay hacked not only her own, but other three other banks too, and submitted false reports to LL about these 'faked' thefts, all in order to put the money straight back again, so that she could look good?

That is quite possibly the most stupid thing I have ever heard.

Anonymous said...

Update from ACE/BNTF: Someone attempted to hit our site 579 times yesterday through sshd without a single success. The origin of these attacks was the following IP and location: IP Address Country Region City Latitude/
Longitude ZIP Code Time Zone
207.44.146.234 UNITED STATES TEXAS AUSTIN 30.3811
-97.7581 73301 -06:00
Net Speed ISP Domain
- EVERYONES INTERNET EV1SERVERS.NET

Lets see if the others had a similar source of attack.

BNTF and ACE are entirely secure and suffered no loss of funds, nor was system security compromised at any time.

Lindsay Druart said...

I would suppose this would be a proxy, Intlibber as we found when we pulled the logs. That IP we had resolved in China and was a dead root so it was a proxy for sure. We were brute forced and that is how the database go it. Note: A whole lotta restructuring goings on. I don't pay monthly for substandard service. My service provider will be dumped fairly soon.

And for the anonymous poster, I report USD balances every month. No hidden mistery there. And I openly ask the opinions of my shareholders. Again, no hidden mistery. But thank you very much for being a fan. You know more about me than I do. :)