[ISN] 'Second Life' fending off denial-of-service attacks

From: InfoSec News (isn@private)
Date: Tue May 02 2006 - 01:42:17 PDT


By Daniel Terdiman 
Staff Writer, CNET News.com
May 1, 2006

The popular virtual world "Second Life" was shut down twice over the
weekend as its publisher, Linden Lab, fended off denial-of-service

The attacks took the form of someone creating self-replicating objects
in the world that began to crash servers and forced San
Francisco-based Linden Lab to temporarily close down the entire
"Second Life" grid.

This is not the first time "Second Life" has been hit by
denial-of-service attacks. Last fall, it was hit with similar
assaults. Shortly thereafter Philip Rosedale, the company's CEO, told
"Second Life" members that the company planned to turn the responsible
parties in to the FBI.

"Second Life" is an open-ended virtual world that allows its users to
create, buy and sell nearly any kind of avatars, vehicles, attire and
buildings they can imagine. Users can play for free, and Linden Lab
makes money through the sale of virtual "land" and subsequent
land-maintenance fees.

"Second Life" is not the only virtual world to suffer recent server
problems. Over the past month, Blizzard Entertainment's "World of
Warcraft" has been dealing with a variety of ongoing server problems
that prevented users from getting into the game, kicked some out with
no warning and deactivated their accounts due to billing problems.  
Those issues, however, are not related to any kind of outside attack.

This weekend's attacks took advantage of the fact that any "Second
Life" member can create nearly any kind of objects in the virtual
world that they like.

"What happened is people create an object that then replicates itself,
and then of course, it's like cell division," said Robin Harper, vice
president of community development and support. First there's "two and
then four, and pretty soon you've got objects sprouting and they go
across boundaries and they crash servers."

Harper said that Linden Lab had been able to contain the object
replication, and indeed, a check by CNET News.com Monday morning
showed that "Second Life" was up and running normally.

Still, she said that the attacks are serious business and that Linden
Lab is once again getting federal authorities involved.

"It's certainly a very important issue because it disrupts commerce,"  
said Harper. "It disrupts events. People have weddings planned or a
party or something, and it gets in the way. It's (also) costing our
customers money, and that's what makes it something we can discuss
with the federal authorities, because it's a significant economic

Ginsu Yoon, Linden Lab's general counsel, said that he expects federal
authorities to take action, but isn't sure when that will happen. He
said law enforcement action on the previous attacks is forthcoming as
well, and that the perpetrators shouldn't take heart in any delay in

"People who are thinking that they're off free because there's been
grid attacks before and nothing happened--they will be surprised,"  
said Yoon. "It's just a matter of time."

And while Linden Lab won't say who the perpetrators are, citing the
ongoing investigation and the company's policy not to give out the
names of its customers, it hinted that it knows.

"We have very specific information about the identities of individuals
involved in the attacks," Yoon wrote to CNET News.com on Monday in an
e-mail originally drafted in January. "There are people who think that
bringing down our grid is fun, and that it's not breaking the law. I'd
encourage those people to read the federal code" about
denial-of-service attacks.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts
from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Tue May 02 2006 - 01:47:12 PDT