Woodbury University Hacker(s) Claim Responsibility
by Paladin Proto
Sometime in mid-April, the web site belonging to Modular Systems was hacked. Modular Systems is the creator of “Emerald”, the immensely popular third party client for Second Life. Exposed was the inner workings of a prototype system undergoing limited tests within Second Life. The tests appear to have taken place primarily on a region known as Emerald Point, a region operated by one of the members of the Modular Systems development team known in-game as Fractured Crystal.
The now-discontinued project compromised was called “ModLink”, and was being developed to ban griefers based on their IP addresses. ModLink was very similar to other currently existing systems that work the same way, TheBoris Gothly’s “RedZone” being one such system.
The database stolen did not contain passwords or other identifying information other than IP addresses (and a correlation of which accounts were being used from the same IP addresses, identifying probable alts), so the most part security threat to the general public is considered minimal at best.
No real life information belonging to any of the users of the famed Emerald client was exposed, apart from an identification of some people’s alternate accounts. In their public response, Modular Systems recommends changing passwords anyway as a precautionary measure.
The griefer gang “Woodbury University”, now banned from Second Life, have claimed responsibility for the break-in.
Evidence of the hacking operation was posted on May 11, 2010, on a Second Life-specific blog called “The AlphaVille Herald”, known for its heavily anarchist and anti-establishment bias. A very busy stream of comments followed the article, and a subsequent discussion appeared in SLUniverse. The information was apparently gained by actively hacking the Modular Systems web site and extracting a password from a poorly protected PHP file owned by Fractured Crystal.
The attack may have been in response to growing public unrest regarding the allegedly shady past of some of the participants in the Modular Systems development team, specifically and chiefly that of Fractured Crystal himself. Crystal is a self-admitted former griefer, and now writes security systems and tests exploits for Linden Lab as a representative of Modular Systems. However, the attack may also have been spurred by personal conflicts between Crystal and various members of the Woodbury University griefer gang, since the attackers also purportedly hacked into Fractured Crystal’s Second Life account and rummaged through his inventory.
Modular Systems had released their own statement the same day, stating that while the materials stolen were a private project and not operated by Modular Systems, but that because the site had been compromised, they were recommending that everyone using their service change their passwords and that they had taken steps to ensure the security of the site moving forward. They also took the opportunity to state that Emerald viewers do not store or forward login credentials to Modular Systems.
In a letter from Joe Linden on April 16, 2010, Hazim Gazov, a major player in the Woodbury group, was told that the security issue uncovered was extremely serious and that if he knew what the source of the information was that he should encourage that source not to release it to the public. Regardless of this, the article in the Herald appeared on May 10, revealing everything. Within ten days, Woodbury University and everything related to it was banned from Second Life, giving the appearance that Linden Lab was far more interested in the fact that Jordan Bellino and his accomplices were actively engaged in repeatedly hacking into third party web sites than any information they might have uncovered. This, combined with the long history of Woodbury misdeeds reported to Linden Lab by various agents over the past three years, was almost certainly the group’s undoing.
Also stolen was a complete copy of the source code for an undistributed Second Life client known as “Onyx”. This client, formerly known as VLife, was used as a platform for testing exploits in Second Life. It was originally considered to be a “griefing client”, or a client that gave inappropriate abilities to people who used it to connect to the Linden Lab grid. Fractured Crystal and Modular Systems characterize Onyx as a test client, as they claim the code base is no longer used for griefing purposes. Links to this material appeared in the comments on the Herald’s article almost immediately.
The Herald, through its editor-in-chief (who claims to be Mark P. McCahill) appears to have a sweetheart relationship with “Woodbury University”, its founder Bellino, and the alleged hacker known only as Hazim Gazov. These names appear repeatedly in pages of the Herald, in SLUniverse, and other websites and blogs in relation to previous successful server invasions. Some of these include the BrainiacWiki break-in in January of 2010, and the hacking of BanLink in September of 2009. The Herald has been diligent in posting links to materials stolen from various sites, frequently including detailed instructions for its readers on how to obtain illegal copies.
Woodbury University as a group in Second Life was founded by Bellino under the alias “Azzu Manga” in 2007 when he was still a student at the real life Woodbury University in Burbank, California. He was banned from that online service in July of that same year, was mysteriously reinstated and finally banned again with most of his accomplices and their related groups on April 20, 2010, with Linden Lab confiscating the four islands of the Woodbury University estate – these were Soviet Woodbury, Animation, Estonia and Fetid Inner Sandbox. At last count 27 Woodbury members were banned (most of them not actual students of the University), making it the single largest mass banning of griefer accounts in Second Life’s eight year history.
The Woodbury University group was ostensibly under the watchful eye of Edward Clift, professor at Woodbury University and dean of their communications department. However, it wasn’t Clift driving the MC Fizgig avatar in Second Life – it was Bellino. By handing over control of the Woodbury administrative account in SL to one of the students, Clift had apparently allowed his students to supervise themselves, with disastrous results.