Most of you know that I've been steady posting about SL models and runway shows. This time, I'll address something important.
I've been informed about all copybotting that has been going on and the constant sim crashing during fashion shows caused by a group of people in SL.
About copybotting, there's nothing you can do, it's up to Linden Lab to solve this. Creators in SL can only report abuse, all the nine yards and then wait. It's understandable the feeling of frustration regarding these situations.
SL Model's shapes have been copybotted and again, nothing we can do about it, unless keep filing reports, opening tickets.
However, there are lots of things we all can do to prevent our SL accounts from being cracked.
Let me start by telling you this: this group of people are NOT hackers. A true hacker would resent what this group of people are doing. A hacker can access websites, email accounts, whatever. He will take a look, and leave without touching anything. This IS a hacker. That's why the most famous hackers have been hired by several government departments all over the world, to keep their websites safe. No one better than a hacker to do that, because a hacker knows how to catch traces that have been left behind by another hacker. And actually track his/her physical location in the planet.
This group of people that are copybotting in SL are just script kids. We cannot stop them from copybotting or crashing sims.
But we sure can do our best protect ourselves, our SL accounts.
First thing and this is very important:
- they operate by instigating fear. It looks that they can do it all, but actually, they can't.
And now you're asking: how did they crack SL accounts and even withdraw money from several SL residents' bank accounts?
Simply by social networking and social engineering. It's simple, but it takes time, lots of time. This is a huge group of people, sitting in front of their pcs doing absolutely nothing but this, for years.
Just as an example , in real life, you all probably remember a guy that cracked actress Scarlett Johansson's email and published several of her private photos. I read an interview with him and he was very clear: he was just the regular guy, unemployed, sitting in front of his pc all day long. And just by chance, he started to look for celebrities' emails, using their names and searching all he could about their personal lives. Celebrities are extremely exposed, publicly. Eventually, the easiest email for him to crack was Scarlet's. He just found out her email address and kept trying different passwords until he managed to get the right one. All done by social engineering - he just tried a couple of her private life info, as password, and he got the right one - and this took him a lot of time, according to him. From then on, once he opened the actress' email, there were tons of other celebrities emails there; people she contacted with and so he did the same with some others. And why did this happen? Because he could. He had everything: time, access to the actress private info - which we all can just by googling it - and kept trying passwords with her private info.
Lesson here? Never use any of your private info as password; no pet's names, no birthdays, no mother's maiden name, nothing of this sort.
About this group of kids that are operatingg in SL, many of them are among the groups they're targetting. If they attack SL models, you can be sure that you know some of them very well, probably trust them enough to just talk about your private lives. And this is where social engineering becomes important; they know that most people use easy-to-memorize passwords, usually connected to their private lives, things they like, birthday dates and so on.
First step is NOT to trust anybody and I mean nobody! Don't share your SL password or your private life with anyone in SL.
Remember, this group has been in SL - some of them - more than the most of us have. You probably got used to seeing them around for years, so you trust. DON'T!
Follow me here: some time ago, a member of this scrip kids' group managed to send out several models' shapes through a well know SL Group. Everybody thought how did he do that? He didn't have permission to even send notices in the group, so he must be able to change any group abilities and permissions in SL, true? False! They simply can't!
How did he do it? So simple!
One of the group managers invited the avatar for a couple of minutes and gave him the ability to send out notices. And then, after doing what he wanted, the kid left the group. Quietly. It looks like he is so powerful that he can even change things in SL groups. NO, he can't. Neither of them can. They were enabled to do that.
What they do have in 'friends in high places'. Yes, they are among you, SL Models and Designers. You have seen some of them for so long in SL that you got to trust some of them and this is how they do it.
Bear with me here: if they really could do everything in SL, why don't they do the same in other SL Groups? Why did they do it only this once or twice?
Because they could! Because someone inside that Group (or Groups) gave the avatar permission to send out notices for a couple of minutes. Simple!
The question remains - how do they crack SL accounts, crack email addresses and even withdraw real money from several people's bank accounts?
Social engineering: think about this - how many of you have your SL email addresses with your SL name? Let's say your SL name is Marie Claire; they will try every email account related to this name; they will do it in several email providers - firstname.lastname@example.org, email@example.com, firstname.lastname@example.org and the list goes on. Why not doing it? They have time and nothing else to do!
Don't you wonder why they are doing this exactly now?
Why not before?
Simply because it took them years to have some of them inside the groups they target, trustable people, people you have been dealing with in your SL; it took them years to make some of you trust some of them.
Why do they attack some people and don't attack others?
Same reason, because they can.
How to make them work hard to attack you?
- Change your passwords frequently. SL password, your email password, everything that connects you to SL.
- NEVER use the same password twice. Your SL password should be one and your email account should have another password. If you blog, the password should be different too. If you can, change email addresses frequently, as well.
- Protect your private lives. Those of you who have been attacked think! Who did you give personal info to? Who do you trust enough in SL to actually talk about your personal information?
- Get in touch to your bank NOW! Ask your bank NOT to allow any transaction with your credit card without your pemission. NONE! Not even 5 bucks! The bank must ask you personally if there is a transaction going on.
All of these suggestions will not stop them, but believe me, they will work harder to attack you. We all can make them work double time! If they spend, let's say, 12 hours sitting by their pcs, they will have to be there for 24 hours non stop to actually manage to attack you or withdraw money from you. It's a huge group of people we're taking about and some of them are among you, for years.
Now to another topic. If you see my blog's name - Fashion Critique - in any other website than this one, I can assure you that it's not me. As I stated before, I only posted in another website once and it was years ago. From then on, I only write here and nowhere else.
Back to the subject, I hope this helps, really! Protection on the web is never enough.
What would be great was to just ignore them. Let them do what they want, and just ignore. Take all measures to report, over and over. Then, proceed to mute, if you're contacted privately and move on. Let them fall into oblivion! They're just kids, they may throw a temper tantrum, but they'll get over it.