Second Life Forums Archive - **Asri Falcone Hijacked(Idenity Theft)**

Burke Prefect

Cafe Owner, Superhero

Join date: 29 Oct 2004

Posts: 2,785

08-08-2005 11:40

If you were conenient to Dallas I could do a complete nuke,pave,lock on the PC, for fairly cheap (dinner or something).

I'm not going to bother with diagnostics on a forum like this (for reasons other than bitchy backseat techs).

Camille Serpentine

Eater of the Dead

Join date: 6 Oct 2003

Posts: 1,236

08-08-2005 11:42

I'd install

AVG from grisoft.com
microsoft anitspyware beta from http://www.microsoft.com/athome/security/spyware/software/default.mspx
Ad-Aware from www.lavasoft.com

Skip mccaffee and norton

and make sure you disconnect from the internet while you clean up your machine.

_____________________

Circe Broom

Registered User

Join date: 2 Aug 2004

Posts: 26

08-08-2005 11:49

I am so sorry this happened to you, Asri! It is frightening! I think your idea of logging in with other than our user names is a good one.. But there is something strange about all this. All those who carry a lot of Lindens, beware!

Jesrad Seraph

Nonsense

Join date: 11 Dec 2004

Posts: 1,463

08-08-2005 12:02

From: Camille Serpentine

I'd install

AVG from grisoft.com
microsoft anitspyware beta from http://www.microsoft.com/athome/security/spyware/software/default.mspx
Ad-Aware from www.lavasoft.com

Skip mccaffee and norton

and make sure you disconnect from the internet while you clean up your machine.

And I'd get a Mac instead. Behind a router.

Asri, such misuse of your personal computer systems and theft of your accounts constitute a serious crime, and I hope the perp gets at least a few years of jail.

_____________________

Either Man can enjoy universal freedom, or Man cannot. If it is possible then everyone can act freely if they don't stop anyone else from doing same. If it is not possible, then conflict will arise anyway so punch those that try to stop you. In conclusion the only strategy that wins in all cases is that of doing what you want against all adversity, as long as you respect that right in others.

Christopher Omega

Oxymoron

Join date: 28 Mar 2003

Posts: 1,828

08-08-2005 12:09

This is very scary, and I really hope Asri's able to get some of her SL assets back. As a preventative measure, make an alt account and dont use it for anything other then holding money & dont tell anyone you have it. Every so often, transfer all of Asri's funds to that alt, save about L$1000, just to have some conveniant spending cash on hand.
==Chris

_____________________

October 3rd is the Day Against DRM (Digital Restrictions Management), learn more at http://www.defectivebydesign.org/what_is_drm

Gabe Lippmann

"Phone's ringing, Dude."

Join date: 14 Jun 2004

Posts: 4,219

08-08-2005 12:12

This is disturbing. Perhaps you could try contacting an organization such as this:

http://www.idtheftcenter.org/vresources.shtml

_____________________

go to Nocturnal Threads

Hiro Pendragon

bye bye f0rums!

Join date: 22 Jan 2004

Posts: 5,905

08-08-2005 12:16

From: Huns Valen

It pretty much takes an attorney to do this, they can subpoena the information from LL.
...
Asri, I would suggest you reformat your computer and install your antivirus/firewall software BEFORE you take it on the net. Then, go to windows update and download all the patches.

I would advise contacting the FBI and frame this as identity theft. (Since it is business accounts being hacked.) They may actually want you *not* to erase your hard drive if they act on it.

_____________________

Hiro Pendragon
------------------
http://www.involve3d.com - Involve - Metaverse / Emerging Media Studio

Visit my SL blog: http://secondtense.blogspot.com

Laquita Maracas

She's A Brick House

Join date: 5 Dec 2003

Posts: 19

08-08-2005 12:17

I just confirmed with Robin Harper that it is impossible to get a password from customer service by calling them. The passwords are stored as encrypted one way hashes - they do not have access to them even if they wanted to give it to someone. They can only reset the password and send it to the email on file. Also, any requests or changes of account information must have the account security question answered correctly.

It certainly sucks what is happening to Asri, but at least it does not appear that customer service is the weak link here and that you can just call and finesse a password out of them.

Cristiano Midnight

Evil Snapshot Baron

Join date: 17 May 2003

Posts: 8,616

08-08-2005 12:19

I just confirmed with Robin Harper that it is impossible to get a password from customer service by calling them. The passwords are stored as encrypted one way hashes - they do not have access to them even if they wanted to give it to someone. They can only reset the password and send it to the email on file. Also, any requests or changes of account information must have the account security question answered correctly.

It certainly sucks what is happening to Asri, but at least it does not appear that customer service is the weak link here and that you can just call and finesse a password out of them.

_____________________

Cristiano

ANOmations - huge selection of high quality, low priced animations all $100L or less.

~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more.

Roseann Flora

/wrist

Join date: 7 Feb 2004

Posts: 1,058

08-08-2005 12:20

I'm sorry to hear this.

_____________________

Sensual Casanova

Spoiled Brat

Join date: 28 Feb 2004

Posts: 4,807

08-08-2005 12:47

From: Cristiano Midnight

I just confirmed with Robin Harper that it is impossible to get a password from customer service by calling them. The passwords are stored as encrypted one way hashes - they do not have access to them even if they wanted to give it to someone. They can only reset the password and send it to the email on file. Also, any requests or changes of account information must have the account security question answered correctly.

It certainly sucks what is happening to Asri, but at least it does not appear that customer service is the weak link here and that you can just call and finesse a password out of them.

No they did not give them the PW Cris, but THEY DID talk to this person thinking it was Asri and it really wasnt!

_____________________

Sensual Designs & Animations
Sensual Productions

Teleport to Sensual Designs & Animations

Jeska Linden

Administrator

Join date: 26 Jul 2004

Posts: 2,388

08-08-2005 14:20

Moved to Notices and Well Wishes.

Roseann Flora

/wrist

Join date: 7 Feb 2004

Posts: 1,058

08-08-2005 14:54

Bump

_____________________

Asri Falcone

THAT B!TCH

Join date: 30 Apr 2004

Posts: 356

08-08-2005 14:54

seens they move the post....considering its not an announcement or a well wish i was looking for i dont know why it was moved. I posted this because im flustered and dont know what to do about the situation and was looking for the general input of sl residents which was working til it was passed off amungst the birthday crap. just like lindens to look at a pictures and not read the content.

(too many big words i suppose)

_____________________

I belive the children are our future...teach them well and let them....wait a second...I dont belive that $hit!!

Asri Falcone

THAT B!TCH

Join date: 30 Apr 2004

Posts: 356

08-08-2005 15:03

From: Hiro Pendragon

I would advise contacting the FBI and frame this as identity theft. (Since it is business accounts being hacked.) They may actually want you *not* to erase your hard drive if they act on it.

i did that on the 10th yet nothing....and been hit a few time since.

_____________________

I belive the children are our future...teach them well and let them....wait a second...I dont belive that $hit!!

Roseann Flora

/wrist

Join date: 7 Feb 2004

Posts: 1,058

08-08-2005 15:15

From: PetGirl Bergman

Oh my.. moment 22.. But LL must take care of this so the future will be brighter for us all.. and that it cant happen again.. the question are of course whos next???

LL must act... who want to do serious business in SL when this can happen us all??

In my case it was ”easy to prove” and they hunted down the man. But at that time this was so new that there was no prejudicats.. He are still out in cyber and IRL of course - but I am checked up often - still now after many years... no fun but. what to do...

Exactly my thoughts....this is just horrible and I really hope something can be done soon to fix this mess!

_____________________

Cutter Rubio

Hopeless Romantic

Join date: 7 Feb 2004

Posts: 264

08-08-2005 15:27

Interesting question is how the password is passed from client to server? Is it encrypted enroute or does it go clear-text. If it's clear-text, any old packet capture tool could grab it. If Asri is in fact choosing secure passwords, with special characters, numerics and mixed case, it would seem that's the only way someone could be grabbing it, short of actually logging in on her actual PC themselves if the "Remember Me" box is checked.

This is, of course, assuming that any chance of a trojan or password grabber has been eliminated already, as others have noted.

_____________________

The early bird may get the worm, but the second mouse gets the cheese.

Lisbeth Cohen

Registered User

Join date: 4 Jul 2004

Posts: 53

08-08-2005 16:18

Oh no, Asri

So sorry to hear what happened to you.

I really hope Lindens take this security issue very serious, and at least raise the level of security to netbank standard. Because we are after all trading with real money here!

I too have experienced not being able to log in because already logged in a few times last year. Since I was able to log in only a few minutes later I didn't think more about it. But after my last attempt to quit sl (mission impossible - lol) a good friend sworn she had seen me come online while I were offline. I asked her and other good friends to tell me if that happened again. And I changed my sl password. Have not happened to me since - that I'm aware of at least.

Cutter: I really hope Lindens have properly encryption to passwords and anything the client sends and receive. But I fear most are sent without encryption

I suggest changing password very often, use your alt as your bank (as I understand she is not exposed to this crime...?), and to install multiple anti-spyware programs and virus checkers. I use PC-Cillin, System Mechanic and AdAware.

Hope this was the last time this have happened to you - and to anyone else! *warm huggs*

Rose Portocarrero

Here to look cute

Join date: 23 May 2004

Posts: 168

08-08-2005 16:41

{{{hugs Asri}}}

I agree with others that this sounds like a key-logger was put on your computer. These obnoxious pieces of code are not picked up by virus checkers and can easily send out on any of your open communication ports by-passing your firewall.

It is the only way to fully explain your passwords being stolen and the thief seemingly "ahead of you" on all your changes.

Keep an eye out on your credit cards as well. If it was a key logger, they can get your credit info the exact same way. If this person did get greedy, you may have your "paper proof" right there.

It sucks, and I hope you find this person and press charges.

I would also hope Linden Labs would take this as seriously as they did the client hack last month and be as cooperative as possible.

- Rose

Sensual Casanova

Spoiled Brat

Join date: 28 Feb 2004

Posts: 4,807

08-08-2005 17:25

From: Jeska Linden

Moved to Notices and Well Wishes.

Why was this moved here? Good lord! Dont you think this should be in the general forum for discussion and assistance, why was it moved???????????????????

_____________________

Sensual Designs & Animations
Sensual Productions

Teleport to Sensual Designs & Animations

Ardith Mifflin

Mecha Fiend

Join date: 5 Jun 2004

Posts: 1,416

08-08-2005 17:44

From: Sensual Casanova

Why was this moved here? Good lord! Dont you think this should be in the general forum for discussion and assistance, why was it moved???????????????????

Because it's a notice to the community that her account has been hacked? Feel free to start a general discussion about password security in another forum. This thread belongs here, however.

Eboni Khan

Misanthrope

Join date: 17 Mar 2004

Posts: 2,133

08-08-2005 17:54

From: Lisbeth Cohen

Because we are after all trading with real money here!

Lindens have no value per the TOS.

_____________________

Asri Falcone

THAT B!TCH

Join date: 30 Apr 2004

Posts: 356

08-08-2005 18:39

From: Eboni Khan

Lindens have no value per the TOS.

yet they advertise the money making possibilities?

_____________________

I belive the children are our future...teach them well and let them....wait a second...I dont belive that $hit!!

Ardith Mifflin

Mecha Fiend

Join date: 5 Jun 2004

Posts: 1,416

08-08-2005 19:00

From: Asri Falcone

yet they advertise the money making possibilities?

Yehp. Even relatively benign companies like SL frequently distort the truth. The sooner you catch on, the sooner you can join the rest of us bitter, jaded, and disillusioned persons. The world is a vicious place!

Asri Falcone

THAT B!TCH

Join date: 30 Apr 2004

Posts: 356

08-08-2005 19:13

From: Ardith Mifflin

Yehp. Even relatively benign companies like SL frequently distort the truth. The sooner you catch on, the sooner you can join the rest of us bitter, jaded, and disillusioned persons. The world is a vicious place!

jaded? bitter? i only wish my feelings toward that were so ....so....so....eeeeh clear and non-hostile.

and accepting bullshit as the way it is just wont happen here....im not capable im pissed.

_____________________

I belive the children are our future...teach them well and let them....wait a second...I dont belive that $hit!!

Asri Falcone Hijacked(Idenity Theft)
Burke Prefect Cafe Owner, Superhero Join date: 29 Oct 2004 Posts: 2,785	08-08-2005 11:40 If you were conenient to Dallas I could do a complete nuke,pave,lock on the PC, for fairly cheap (dinner or something). I'm not going to bother with diagnostics on a forum like this (for reasons other than bitchy backseat techs).
Camille Serpentine Eater of the Dead Join date: 6 Oct 2003 Posts: 1,236	08-08-2005 11:42 I'd install AVG from grisoft.com microsoft anitspyware beta from http://www.microsoft.com/athome/security/spyware/software/default.mspx Ad-Aware from www.lavasoft.com Skip mccaffee and norton and make sure you disconnect from the internet while you clean up your machine. _____________________
Circe Broom Registered User Join date: 2 Aug 2004 Posts: 26	08-08-2005 11:49 I am so sorry this happened to you, Asri! It is frightening! I think your idea of logging in with other than our user names is a good one.. But there is something strange about all this. All those who carry a lot of Lindens, beware!
Jesrad Seraph Nonsense Join date: 11 Dec 2004 Posts: 1,463	08-08-2005 12:02 From: Camille Serpentine I'd install AVG from grisoft.com microsoft anitspyware beta from http://www.microsoft.com/athome/security/spyware/software/default.mspx Ad-Aware from www.lavasoft.com Skip mccaffee and norton and make sure you disconnect from the internet while you clean up your machine. And I'd get a Mac instead. Behind a router. Asri, such misuse of your personal computer systems and theft of your accounts constitute a serious crime, and I hope the perp gets at least a few years of jail. _____________________ Either Man can enjoy universal freedom, or Man cannot. If it is possible then everyone can act freely if they don't stop anyone else from doing same. If it is not possible, then conflict will arise anyway so punch those that try to stop you. In conclusion the only strategy that wins in all cases is that of doing what you want against all adversity, as long as you respect that right in others.
Christopher Omega Oxymoron Join date: 28 Mar 2003 Posts: 1,828	08-08-2005 12:09 This is very scary, and I really hope Asri's able to get some of her SL assets back. As a preventative measure, make an alt account and dont use it for anything other then holding money & dont tell anyone you have it. Every so often, transfer all of Asri's funds to that alt, save about L$1000, just to have some conveniant spending cash on hand. ==Chris _____________________ October 3rd is the Day Against DRM (Digital Restrictions Management), learn more at http://www.defectivebydesign.org/what_is_drm
Gabe Lippmann "Phone's ringing, Dude." Join date: 14 Jun 2004 Posts: 4,219	08-08-2005 12:12 This is disturbing. Perhaps you could try contacting an organization such as this: http://www.idtheftcenter.org/vresources.shtml _____________________ go to Nocturnal Threads
Hiro Pendragon bye bye f0rums! Join date: 22 Jan 2004 Posts: 5,905	08-08-2005 12:16 From: Huns Valen It pretty much takes an attorney to do this, they can subpoena the information from LL. ... Asri, I would suggest you reformat your computer and install your antivirus/firewall software BEFORE you take it on the net. Then, go to windows update and download all the patches. I would advise contacting the FBI and frame this as identity theft. (Since it is business accounts being hacked.) They may actually want you not to erase your hard drive if they act on it. _____________________ Hiro Pendragon ------------------ http://www.involve3d.com - Involve - Metaverse / Emerging Media Studio Visit my SL blog: http://secondtense.blogspot.com
Laquita Maracas She's A Brick House Join date: 5 Dec 2003 Posts: 19	08-08-2005 12:17 I just confirmed with Robin Harper that it is impossible to get a password from customer service by calling them. The passwords are stored as encrypted one way hashes - they do not have access to them even if they wanted to give it to someone. They can only reset the password and send it to the email on file. Also, any requests or changes of account information must have the account security question answered correctly. It certainly sucks what is happening to Asri, but at least it does not appear that customer service is the weak link here and that you can just call and finesse a password out of them.
Cristiano Midnight Evil Snapshot Baron Join date: 17 May 2003 Posts: 8,616	08-08-2005 12:19 I just confirmed with Robin Harper that it is impossible to get a password from customer service by calling them. The passwords are stored as encrypted one way hashes - they do not have access to them even if they wanted to give it to someone. They can only reset the password and send it to the email on file. Also, any requests or changes of account information must have the account security question answered correctly. It certainly sucks what is happening to Asri, but at least it does not appear that customer service is the weak link here and that you can just call and finesse a password out of them. _____________________ Cristiano ANOmations - huge selection of high quality, low priced animations all $100L or less. ~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more.
Roseann Flora /wrist Join date: 7 Feb 2004 Posts: 1,058	08-08-2005 12:20 I'm sorry to hear this. _____________________
Sensual Casanova Spoiled Brat Join date: 28 Feb 2004 Posts: 4,807	08-08-2005 12:47 From: Cristiano Midnight I just confirmed with Robin Harper that it is impossible to get a password from customer service by calling them. The passwords are stored as encrypted one way hashes - they do not have access to them even if they wanted to give it to someone. They can only reset the password and send it to the email on file. Also, any requests or changes of account information must have the account security question answered correctly. It certainly sucks what is happening to Asri, but at least it does not appear that customer service is the weak link here and that you can just call and finesse a password out of them. No they did not give them the PW Cris, but THEY DID talk to this person thinking it was Asri and it really wasnt! _____________________ Sensual Designs & Animations Sensual Productions Teleport to Sensual Designs & Animations
Jeska Linden Administrator Join date: 26 Jul 2004 Posts: 2,388	08-08-2005 14:20 Moved to Notices and Well Wishes.
Roseann Flora /wrist Join date: 7 Feb 2004 Posts: 1,058	08-08-2005 14:54 Bump _____________________
Asri Falcone THAT B!TCH Join date: 30 Apr 2004 Posts: 356	08-08-2005 14:54 seens they move the post....considering its not an announcement or a well wish i was looking for i dont know why it was moved. I posted this because im flustered and dont know what to do about the situation and was looking for the general input of sl residents which was working til it was passed off amungst the birthday crap. just like lindens to look at a pictures and not read the content. (too many big words i suppose) _____________________ I belive the children are our future...teach them well and let them....wait a second...I dont belive that $hit!!
Asri Falcone THAT B!TCH Join date: 30 Apr 2004 Posts: 356	08-08-2005 15:03 From: Hiro Pendragon I would advise contacting the FBI and frame this as identity theft. (Since it is business accounts being hacked.) They may actually want you not to erase your hard drive if they act on it. i did that on the 10th yet nothing....and been hit a few time since. _____________________ I belive the children are our future...teach them well and let them....wait a second...I dont belive that $hit!!
Roseann Flora /wrist Join date: 7 Feb 2004 Posts: 1,058	08-08-2005 15:15 From: PetGirl Bergman Oh my.. moment 22.. But LL must take care of this so the future will be brighter for us all.. and that it cant happen again.. the question are of course whos next??? LL must act... who want to do serious business in SL when this can happen us all?? In my case it was ”easy to prove” and they hunted down the man. But at that time this was so new that there was no prejudicats.. He are still out in cyber and IRL of course - but I am checked up often - still now after many years... no fun but. what to do... Exactly my thoughts....this is just horrible and I really hope something can be done soon to fix this mess! _____________________
Cutter Rubio Hopeless Romantic Join date: 7 Feb 2004 Posts: 264	08-08-2005 15:27 Interesting question is how the password is passed from client to server? Is it encrypted enroute or does it go clear-text. If it's clear-text, any old packet capture tool could grab it. If Asri is in fact choosing secure passwords, with special characters, numerics and mixed case, it would seem that's the only way someone could be grabbing it, short of actually logging in on her actual PC themselves if the "Remember Me" box is checked. This is, of course, assuming that any chance of a trojan or password grabber has been eliminated already, as others have noted. _____________________ The early bird may get the worm, but the second mouse gets the cheese.
Lisbeth Cohen Registered User Join date: 4 Jul 2004 Posts: 53	08-08-2005 16:18 Oh no, Asri So sorry to hear what happened to you. I really hope Lindens take this security issue very serious, and at least raise the level of security to netbank standard. Because we are after all trading with real money here! I too have experienced not being able to log in because already logged in a few times last year. Since I was able to log in only a few minutes later I didn't think more about it. But after my last attempt to quit sl (mission impossible - lol) a good friend sworn she had seen me come online while I were offline. I asked her and other good friends to tell me if that happened again. And I changed my sl password. Have not happened to me since - that I'm aware of at least. Cutter: I really hope Lindens have properly encryption to passwords and anything the client sends and receive. But I fear most are sent without encryption I suggest changing password very often, use your alt as your bank (as I understand she is not exposed to this crime...?), and to install multiple anti-spyware programs and virus checkers. I use PC-Cillin, System Mechanic and AdAware. Hope this was the last time this have happened to you - and to anyone else! warm huggs
Rose Portocarrero Here to look cute Join date: 23 May 2004 Posts: 168	08-08-2005 16:41 {{{hugs Asri}}} I agree with others that this sounds like a key-logger was put on your computer. These obnoxious pieces of code are not picked up by virus checkers and can easily send out on any of your open communication ports by-passing your firewall. It is the only way to fully explain your passwords being stolen and the thief seemingly "ahead of you" on all your changes. Keep an eye out on your credit cards as well. If it was a key logger, they can get your credit info the exact same way. If this person did get greedy, you may have your "paper proof" right there. It sucks, and I hope you find this person and press charges. I would also hope Linden Labs would take this as seriously as they did the client hack last month and be as cooperative as possible. - Rose
Sensual Casanova Spoiled Brat Join date: 28 Feb 2004 Posts: 4,807	08-08-2005 17:25 From: Jeska Linden Moved to Notices and Well Wishes. Why was this moved here? Good lord! Dont you think this should be in the general forum for discussion and assistance, why was it moved??????????????????? _____________________ Sensual Designs & Animations Sensual Productions Teleport to Sensual Designs & Animations
Ardith Mifflin Mecha Fiend Join date: 5 Jun 2004 Posts: 1,416	08-08-2005 17:44 From: Sensual Casanova Why was this moved here? Good lord! Dont you think this should be in the general forum for discussion and assistance, why was it moved??????????????????? Because it's a notice to the community that her account has been hacked? Feel free to start a general discussion about password security in another forum. This thread belongs here, however.
Eboni Khan Misanthrope Join date: 17 Mar 2004 Posts: 2,133	08-08-2005 17:54 From: Lisbeth Cohen Because we are after all trading with real money here! Lindens have no value per the TOS. _____________________
Asri Falcone THAT B!TCH Join date: 30 Apr 2004 Posts: 356	08-08-2005 18:39 From: Eboni Khan Lindens have no value per the TOS. yet they advertise the money making possibilities? _____________________ I belive the children are our future...teach them well and let them....wait a second...I dont belive that $hit!!
Ardith Mifflin Mecha Fiend Join date: 5 Jun 2004 Posts: 1,416	08-08-2005 19:00 From: Asri Falcone yet they advertise the money making possibilities? Yehp. Even relatively benign companies like SL frequently distort the truth. The sooner you catch on, the sooner you can join the rest of us bitter, jaded, and disillusioned persons. The world is a vicious place!
Asri Falcone THAT B!TCH Join date: 30 Apr 2004 Posts: 356	08-08-2005 19:13 From: Ardith Mifflin Yehp. Even relatively benign companies like SL frequently distort the truth. The sooner you catch on, the sooner you can join the rest of us bitter, jaded, and disillusioned persons. The world is a vicious place! jaded? bitter? i only wish my feelings toward that were so ....so....so....eeeeh clear and non-hostile. and accepting bullshit as the way it is just wont happen here....im not capable im pissed. _____________________ I belive the children are our future...teach them well and let them....wait a second...I dont belive that $hit!!

Welcome to the Second Life Forums Archive

**Asri Falcone Hijacked(Idenity Theft)**

Asri Falcone Hijacked(Idenity Theft)