Now Playing
Loading ...



 Listen Live!

Drug Cartel Kidnapping of “Anonymous” Member Likely A Hoax

 Cybercrime, Games, Special Reports  1 Response »
Nov 052011
 

Krypton Radio Special Report“Anonymous” Fizzle After Fizzle as Arrests Continue

Krypton Radio Newswire
Dumpster Knights of LulzSec

Dumpster Knights of LulzSec

On October 6, 2011, the group Anonymous released a video stating that Los Zetas, a Mexican drug cartel, had kidnapped one of the group’s members.  Anonymous threatened that unless the hostage was freed, they would publish personal information about members of the cartel and their collaborators in politics, police, military, and business, which might lead to their persecution by rival cartels or Mexican authorities.   However, according to the U.K. Guardian, two hacker members of “Operation: Cartel”  have now indicated that they are “stopping their scheme to identify collaborators and members because they don’t want anyone to be killed as a result”.  This sudden backpedal is very likely in response to the discovery in September of  the torture and murder of two bloggers found hung from a bridge in Mexico along with the message, “This is going to happen to all of those posting funny things on the Internet, you better (expletive) pay attention. I’m about to get you.”

It now appears that there may never have even been an abduction.  No police reports of an abduction have surfaced.   The retraction by the British members of Anonymous may simply be a rethink on the real world consequences of going up against drug lords with nothing to lose armed with nothing more than pixels and electrons.

Anonymous, the self-proclaimed ‘hacktivist’ organization, is known primarily for criminal acts of illegal entry into commercial and government computer systems, but usually carrying out acts of retribution for what they perceive as injustice.  These acts of retribution often consist of mass theft of tens of thousands of personal or financial records, defacement of web sites of branches of both the United States government and governments abroad, and denial of service attacks using their LOIC (“Low Orbit Ion Cannon”) distributed attack software.  The group has no apparent leader, instead seeming to act on whatever idea seems to be popular in various chat sites such as 4Chan.org, and often takes actions that appear contradictory to statements made by Anonymous spokesmen.

From Altruism to Crime & Punishment

Anonymous first gained significant attention from their opposition to the Church of Scientology’s questionable practices, staging both online attacks and real world protests.  Protests in February and March of 2008 gathered thousands of protesters in more than 93 cities worldwide.  While the protests were conducted in a relatively peaceful and legal manner, however, the attacks on the web site were not, and in October of that year 18-year old Dmitriy Guzner from New Jersey and self-proclaimed member of Anonymous was indicted and pled guilty to the internet attacks on the Church of Scientology websites.

In 2009, a wave of attempts by various governments to attempt to censor content on the internet captured the attention of Anonymous.  Australia in particular was attempting to enact laws that would require ISP’s to filter internet content to restrict the distribution of  child pornography.  The rules were widely considered unworkable – though while citizens’ groups within Australia worked through the proper channels to resolve the matter and were eventually successful, Anonymous took another approach:   they declared war on Australia.  On September 10, 2009 Anonymous took down the Prime Minister’s website. It was offline for approximately one hour.

On February 10, 2010, Anonymous launched a more prepared attack, called ‘Operation: Titstorm’ and defaced the web site of Stephen Conroy, Australia’s Prim Minister, attacked the Parliament web site and took it offline for three days, and nearly taking the Department of Communication’s website down. The Australian press later said that the attacks were not considered a serious crimes by information security consultants, who suggested they only had an impact because the government “knew the [second] attack was coming but was unable to stop it.”  Anonymous then began discussing assassination of Stephen Conroy as a possible next move.

Public opinion swayed sharply against Anonymous.  In a furious back-pedal move, they changed the name of the operation to “Operation Freeweb”, and began staging real life demonstrations through March – however, the thousands of marchers in the streets promised by Anonymous materialized in the form of only dozens of participants and not the thousands they promised. In the end, it was public opinion that the new rules would do little to protect children online and would stifle free speech that put Conroy’s plans on the back burner.

Continue reading »

Krypton Radio News Flash: The Last of the Wrong Hands Falls

 Community, Cybercrime, Games, Hero Community, Special Reports  35 Responses »
Jul 252011
 

Krypton Radio Special Report

Krypton Radio Newswire - July 25, 2011
The Wrong Hands Logo

The Wrong Hands Logo.  Second Life Citizens are advised to be aware of where you see this symbol in-world and report its use to the proper authorities. By this we mean Linden Labs, of course.

Tux Winkler, the last member of the notorious Wrong Hands group to retain his original account, was deleted from Second Life  at approximately 9:30 this morning, for egregious violations of  the Second Life Term of Service .  With the loss of their sims Red Square and Revolution, the power of the Wrong Hands over the good people of Second Life is broken.

The Wrong Hands was a group virtually synonymous with that of the now banned Woodbury University group.  The group’s leader pro tem, Tux Winkler, was responsible for a spyware stalking network which targeted peacekeepers, but then broadened its scope to include anyone Tux Winkler didn’t happen to like.

The Wrong Hands group was also responsible for the theft of the Justice League Unlimited’s BrainiacWiki in January of 2010, a move originally touted as whistle-blowing, but their true griefer gang roots were exposed over time.

Activities of Woodbury University, an earlier related group called the Patriotic Nigras, and most recently The Wrong Hands have been strongly supported and sustained by Mark P. McCahill and Peter Ludlow of the Alphaville Herald, presumably to benefit their own academic work studying something they call “Hacktivism”.

The last remaining Wrong Hands base was located in Second Life in the southwest corner of the region known as  Superville.  Built and maintained by Tux Winkler, remained in place for a few hours, but by late afternoon was wiped clean and placed back into the pool of Linden owned property for resale.

On his blog, Winkler claims to have simply shut down his account abruptly and without warning; however, all his known alts are also missing from search, as well as one of the accounts of his wife Tuxette Magic (other of her alts remain untouched). The scripts used in his spyware stalking system have also been blacklisted and cannot be redeployed, effectively killing the system.

The action against Winkler was taken by the Lindens who disassembled some of his devices, verified what they did and how they worked and who Winkler was tracking, and based the ban on their findings.

Winkler is now a fugitive and unwelcome in Second Life.  Merely logging on for him is now a ToS violation.  The public is advised to remain vigilant, and report any sightings of Tux Winkler alternate accounts to the Lindens via abuse reporting.

Update: April 3, 2012

The region Nope in Second Life, established October 22 of 2011 and used exclusively by the fugitive Wrong Hands cybergang, went permanently offline approximately three weeks ago as of this date.  The Wrong Hands group itself appears missing as well.  This indicates a corrective action by Linden Lab.  The online community within Second Life is urged to report Wrong Hands members to Linden Lab admins via abuse reports whenever they are encountered.

It is rumored that Tux Winkler, long time Second Life troll and key figure in The Wrong Hands, has been placed under house arrest in his home in England back in February of 2012 for hacking into, and defacing, various web sites.  While this could not be readily confirmed, Winkler did completely vanish from Second Life so far as anyone has been able to determine, and his web sites and pages on various social media have been altered to cover his tracks, or completely removed.  In the meantime, still obsessed with trying to paint themselves as popular heroes, the Wrong Hands has been busy writing what can only be termed a very creative version of actual events on various third party web sites, whitewashing their break-ins, stalking and theft as being somehow justifiable.

Links

Dumpster Knights – The True Face of Hacktivism

 Cybercrime, Editorials, Games, League of Heroes (LoH), Politics, Special Reports  3 Responses »
Jul 042011
  
Krypton Radio Newswire 
(See also: Woodbury Banned a Third Time, SL-Bronies Take a Hit)

'Borrowed Honor'

LulzSec’s Dumpster Knights

A Krypton Radio Editorial

They’re like a bunch of garbagemen, trash-pickers who found a couple of old suits of armor in a dumpster and now think they’re knights.   A disorganized gang of Kabuki dancers, running in and out of endless doorways, changing costumes, changing masks, making everyone think there’s more of them than there is.  Angry, nihilistic college students, professors, and would-be entrepreneurs, guilty over their desire for success in a world where success is supposed to be a sign that you’ve sold out to the Dark Side.

The hackers, so-called “hacktivists” that have been breaking into systems as diverse as Eve Online, Sony, the CIA, the US Senate, and the UK’s Serious Organized Crime Agency, are lauded on one side as virtual freedom fighters, but seen by authorities as criminals and terrorists.

These are the hackers who have been terrorizing the Net – and it may have started at least partially in the online service called Second Life, owned and operated by California based Linden Research, Inc.  A group calling themselves the Patriotic Nigras formed on 7Chan.org in December of 2006 and came to Second Life in an arrogant attempt to “own” it.  At least one of the members of the Patriotic Nigras went on to form a branch of the amorphous internet gang calling itself “LulzSec”.

LulzSec has set their sights higher than dropping boxes in sims and telling furries to “Yiff in Hell”, but their attitudes haven’t changed all that much.  When it was the Patriotic Nigras begging for attention in the sandboxes of Second Life, it was almost amusing, when Eekdacat Ondeneko’s “Doomsday Gun” would send clouds of “Choppa Man” cubes reproducing and screeching like mad all over a region until it crashed.  But recently, the US Government has been reclassifying hacking as a potential act of war, something decidedly unamusing.  This is no longer rape cubes and particle zombies, this is deadly serious.  Too bad the hackers still seem to think it’s funny, some kind of video game, as an Anonymous IRC log seems to imply:

Jun 03 15:05:41 storm    HACK US AND WE WILL BOMB YOU. – Obama
Jun 03 15:05:48 trollpoll    didnt see :P nice lulz ye
Jun 03 15:05:54 trollpoll    yes, this is not so lulz… :P
Jun 03 15:06:03 storm    lol
Jun 03 15:06:05 trollpoll    and the NATO doc too…
Jun 03 15:06:12 storm    i didnt see it
Jun 03 15:06:28 trollpoll    NATO document talking about anonymous
Jun 03 15:06:29 *    storm gives channel operator status to Topiary
Jun 03 15:06:35 storm    oh
Jun 03 15:06:36 trollpoll    that must be prosecuted
Jun 03 15:06:43 storm    yeah i saw that
Jun 03 15:06:58 trollpoll    one of these days we will have tanks on our homes…
Jun 03 15:07:19 storm    yeah no shit

The “first strike” of the LulzSec boat appears to have been the recent breach of the Sony Playstation Network first reported on April 27 of this year.   The interlopers broke into half a dozen web servers, stole and posted proprietary source code owned by Sony on BitTorrent sites and even left messages inside the system identifying themselves not only as Anonymous, but a specific splinter group within Anonymous calling themselves LulzSec.

LulzSec claimed that its attack on the Sony Playstation Network was an attempt to convince them to drop its charges against hacker George Hotz, who hacked his PS3 to “jailbreak” it.

George, however,  is giving mixed messages on why Sony took exception to his bypassing the  security on Playstation hardware.  In one interview, he says his basic error in “making Sony mad”.  (http://news.cnet.com/8301-13506_3-20028540-17.html) In another (http://www.pcworld.com/businesscenter/article/226603/playstation_hacker_sony_has_only_itself_to_blame_for_breach.html) he issued a statement: “The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea.”  But still other posts have him wanting to get on with life and put the lawsuit behind him, accepting a permanent injunction.  Even when unmasked, these people can’t stop shifting faces.

The “hacktivists”, however, wanted to avenge him anyway, and attacked Sony’s Playstation Network on April 19 to defend his questionable honor, sort of like burning down a bank that had a bankrobber arrested for robbing it.  George himself doesn’t appear to be very grateful for his compatriots’ act of vengeance in his name.  On the Kotaku news site, in an article reporting a rise in PS3 systems being hocked following the shutdown of the Playstation Network, George (or someone using his usual handle) made the following statement in a comment:

GeoHotz
May 15, 2011 at 8:17 AM

Anonymous Hackers Top number 1 site to blame
http://www.somethingawful.com reasoning blameing 4chan site knowing it just to secret get FBI agentz off their legal hacks on interwebs & IRC channels
http://www.woodburyuniversity.edu Mostly all Anon crowns who dose this & run 4chan go’s to this college :]
http://www.Lindenlabs.com probably their at getting back at Sony Homes riping off ScoundLife Like how Tizzers Foxchase soviet russia group goted their butt kick by furries & W-Hat hackers

Link: http://www.kotaku.com.au/2011/05/retailers-ps3-owners-are-ditching-the-platform-migrating-to-360/

Of particular interest are two names out of the entire post:  Woodbury University and Tizzers Foxchase.  Why on Earth would GeoHotz, the creator of the PS3 jailbreak hack, be mentioning Tizzers and Woodbury, much less Second Life, in a comment relating to the LulzSec phenomenon?  Tizzers is known to have provided support for the nascent Patriotic Nigras in the Woodbury group in 2007, and for other raiders in 2010, but why is a small time operator like Tizzers even worth a mention in this saga?

Simply, all these people keep showing up over and over.  The “hacktivist community” would have us believe that there are thousands and thousands of hackers all over the world, a “hacker army” hidden in plain sight.  The truth is, there just aren’t that many of them. They show up over and over, wearing different clothes.  This is why Tizzers and Woodbury are noteworthy.  They’re a model in microcosm of the larger whole – but the whole is so concentrated, even someone as small as Tizzers can be a significant element.

So we go back to Eekdacat Ondaneko, one of the founders of the Patriotic Nigras, whose first name is identical to that of a member of LulzSec.  A recent post on Pastebin.com, reported by several sources, has revealed EEKDACAT’s involvement in the sailing of the LulzSec boat.

The PN and Woodbury in SL use a tactic in common when engaging in griefing.  A single entity could force multiply their effectiveness by building a large backup supply of throwaway accounts, already equipped with griefing tools from a safe repository in-world or from text files of scripts. The mask would change as the action progressed, even as the player behind the mask stayed constant.

In this fashion, few can have the effectiveness of many, and can look like a small army.  If a machine can run more than one avatar at a time, this force multiplication by technology becomes even greater.  But more to the point, as Justice League investigators moved the focus of their attention from griefing group to griefing group, they found that it was the same players involved in each case.

Operating through different masks, the griefers attempt to increase their apparent size and perceived threat, and to create the impression that we as a virtual society are literally drowning in griefers, and that the /b/tards outnumbered the normal citizens by some huge number.  It makes it easy to begin to assert that anti-social or borderline criminal behavior should be accepted because it has become the norm. We’re told the griefing is unimportant, because it’s all just a game, or some kind of digital dream. We are meant to believe that fighting back is hopeless, because the battle is already lost.

Seeing the musical chairs approach for what it is dispels the smoke, and fogs the mirrors. The PN and Woodbury claimed to be legion, but knowing how they leveraged this illusion destroys it.  They were not legion at all.

The LulzSec operation is little different.  We’re seeing many of the same players from other hacking activities, and still others are outing them. We’re seeing some familiar names, some from our own neck of the woods, and is it surprising?  We’re finding that the global hacker army is more of a global hacker platoon, playing musical chairs and trying to convince us they’re bigger and more dangerous.

What makes them more dangerous is that they’re as much after each other as they are the businesses and institutions they’re trying to destroy, and they don’t care much about hurting people who get between them and their targets.  This includes the less clueful people they call “cannon fodder”.

One of the better known methods of attack wielded by Anonymous is a distributed denial of service attack that can be directed at any target by anyone downloading their LOIC software.  LOIC stands for “Low Orbit Ion Cannon”, and runs on user’s machines.  When invoked, everyone who has it installed contributes some of their bandwidth to an attack on a web server, and anyone can select a target.  There’s only one problem: the LOIC does not hide your IP address when you use it, and every person with it installed reports their IP address with every packet it sends out.  LOIC users are cannon fodder.  If you’re caught, it’s just chalked up to “collateral damage”.

This is nothing more than a turf war, waged on the Internet and on other people’s property – and it’s suddenly clear that this turf war is being played on a vastly smaller scale in terms of numbers than anybody had previously supposed, but with higher stakes than anyone had imagined.

LulzSec hacked both the C.I.A and the United States Senate, and gloated about it.  Since the participants come from countries around the world, it’s no longer just a matter for the United States’ Federal Bureau of Investigation – now they’ve inspired changes to military rules of engagement, and an international effort is underway to find and capture the members of LulzSec.  Naturally, the members are now all saying they aren’t members, or were never members, and backing away from LulzSec as fast as they can.  But should we believe them just because they say this?

Can they cause trouble?  Yes.  Should they be taken seriously?  Yes. Are they a world-class threat, a “nation” inside the Net, that should be warred against?

No.  They’re a small, relatively insular group of the same faces over and over.  They’ve already succumbed to attack from other hackers who appear to have unmasked them.  This is the true face of Anonymous – they’ll give each other away, or give up (possibly involuntarily).  You can only make a handkerchief look like a bedsheet by cutting it up and rearranging the pieces for so long.  Eventually, someone will notice the gaps.

 

- 30 -

Update – July 4, 2011

And now the music stops and the haxx04z take their seats…and a new group emerges…The Script Kiddies! New masks for the same bodies in a new arrangement!  A new group calling itself – and we kid you not – TH3 5CR1PT K1DD3S – managed to hack into Fox New’s Twitter feed and announce that President Obama had died.  They’re not LulzSec.  They’re not the AntiSec group either (which was just LulzSec in a new fright wig) – they’re affiliated with AntiSec.  Their statement to Fox News:

We are a new group called The Script Kiddies. As i have stated in past interviews we do have connections to anonymous, however this does not represent them in anyway. personally I have been part of many hacks leading back to HBgary and #operationPyaback with anonymous. we will not go into details about how we have acquired Fox news twitter account. We do have several email accounts belonging to fox news. As far as our security i obviously can’t go into details, but i have faith that the members of the script kiddies will remain hidden. We have no announced plans for future attacks, we have brainstormed several ideas. we will be contributing to #antisec in the future but we have found nothing of value within fox to add to the leaks.The updates about Obama are the result of boards script kiddies members after we found no information to leak to anonymous“.

 

They got some email addresses, and hacked a Twitter account. Bow down before the might of  – who were they again?

Links

W-Hat Leader Banned From Second Life

 Cybercrime, Games, Interviews, League of Heroes (LoH), Special Reports  41 Responses »
May 242011
 

 

Infamous “W-Hat” Group In Disarray, Closing Down

Krypton Radio Staff

W-Hat Logo

Masakazu Kojima (Masa), known within the virtual world of Second Life as leader of the controversial and at times infamous W-Hat group, has announced via the W-Hat website that his account had been permanently banned from the SL service by Linden Lab.  The online service cites “severe or repeated violations of the Terms of Service” but in their email to Masakazu did not detail what those violations were.

W-Hat was originally created in Second Life in 2004 for members of the forums at the popular Something Awful web site.  W-Hat members referred to themselves as “goons”, or “SA goons”.  They were well known for their general interest in that which others find offensive, and the group attracted wide range of people, from the merely curious to some of the worst griefers Second Life has ever known. Members of W-Hat have created hacked clients, committed content theft, and even created sim crashing weapons.  The sim crashers used by the Patriotic Nigras were based on the original ones created by W-Hat.

However, the FAQ page on the W-Hat web site states that none of these things are condoned or are the official policy of W-Hat, and that people who engaged in this activity were removed from the group whenever they were discovered.

The infamous Voted 5 group was comprised primarily of former W-Hat members who were invited to leave because their activities cast W-Hat in a bad light and put the group at risk.  Plastic Duck, the creator of both the first truly effective sim crasher weapon and creator of the first megaprims (distributed via his alternate account, Gene Replacement) was one of these.  Plastic Duck was also responsible for the discovery and correction of a critical bug in the Linden Lab monetary system which could have destroyed the entire economy.  Plastic Duck could have simply exploited the flaw, but instead worked with Linden Lab to identify and correct it before it became a problem.  Plastic Duck lost his account permanently immediately following an interview on a griefer-friendly blog site in February of this year.

Masa’s primary interest seems to have been technical, and while the official W-Hat policy was against griefer and racist activity within the group, this same activity went largely unmoderated, thus leading to W-Hat’s overall unsavory reputation.

In an email interview with Krypton Radio, Masa shared what information she had on the possible circumstances surrounding her banishment and the future of W-Hat:

Continue reading »

The Wrong Hands : Lies Exposed

 Cybercrime, Games, League of Heroes (LoH), Special Reports, Stark Reality  9 Responses »
Apr 162011
 

An Investigative Report

by Vagabond "Tony" Carter

Shortly after my exclusive on Stark Reality Exclusive: The Wrong Hands-Spies on you, Tux Winkler posted a lengthy response on his public blog. In which he makes several accusations generally trying to play himself off as a victim. Keep in mind that we at Krypton Radio are not interested in getting into a blog-war with anyone, however in the interests of truth and public safety it is our responsibility to keep you the public informed on matters such as this. What started out as Tux Winkler and his group simply trying to stalk and harass the Justice League, turned into him stalking private residents with no connection whatsoever to the JLU or any Peacekeeper group.

Snapshot-_-Superhero-Monitor-Station-Superville-

Tux Winkler's 'base' owned by him displaying "The Wrong Hands" Logo, where he gives out his freebies.

Mr Winkler’s most common assertion is that he is not involved with and never has been involved with “The Wrong Hands”, however an investigation conducted by members of the Justice League Unlimited and Krypton Radio has uncovered a wide array of facts to debunk Winkler’s claims.

As shown in the pictures of Tux Winkler’s base/store, he is indeed a member of The Wrong Hands, even having his land and objects set to that group. It is a known fact that another person can not set another person’s objects to a different group, so this easily refutes his claims.  This parcel which Winkler maintains is where he gives away his freebies in-world, it also serves as a small base for The Wrong Hands. The simple fact of checking Tux Winkler’s in-world profile shows his connection via the use of The Wrong Hands logo, and directions to its main base in the region of Red Square.

Red Square and its connected region of Revolution, are the current home of the Woodbury University refugees previously banned by Linden Lab. And while permanently banned from the use of SL, these individuals have made very public statements antagonizing the lab as if daring them to ban the regions once again, along with the continuing actions of Winkler which serve to increase the exposure of the Woodbury University’s illegal return to Second Life.

Screenshot of Tux Winkler's tracker page

Screen-grab from Tux Winkler's tracking page, now hidden from the public.In this screen-grab of the tracking page from Winkler's website, we see the long list of people who never consented to their in-world locations or login times being posted for the public to see. Winkler may have violated Section 8.3 of the Linden Lab Terms of Service forbidding the use of Trojan Horse programs in recording this information. Note that many of the detections in this screengrab list the location as Red Square, a closed region. This is because when location data was unavailable, Winkler had to resort to a simple online status monitor which reported its location as being on that region. His logging system was unable to differentiate between field sensors and his stationary online status monitoring device.

 

 

Tux Winkler had several accomplices assisting him in placing spy prims in various locations around the grid, without the permission or knowledge of victim landowners. Ryokashi Revestel is shown here as owner in these screenshots, and was one of the more prolific. Winkler appears to have caved to public pressure to remove or deactivate the tracking page to which these devices and his Trojan horse freebies streamed information.

The function of the trojan horse scripts in Winkler’s devices (all named “”#.- DO NOT DELETE THIS -.#”") was verified by independent testing.  When the scripts were removed from the freebies, the tracking page no longer updated with avatar tracking information for the current location, yet the freebies continued to operate unaffected by the removal of the script otherwise.

In the case of the spy prims hidden in various estates as stationary probes, in each case when the device was removed, the tracking page stopped updating for that location.

It is important to note that Trojan Horse scripts are in clear violation of the Linden Lab Terms of Service and are expressly addressed by the Community Standards. Also, there is no way of knowing what other “features” his spy devices have; remote chat logging is certainly possible with such a device.

The three major claims made by Mr Winkler in his defense:

  1. Winkler denies association with The groups calling themselves “Woodbury” and “The Wrong Hands”: Proven false
  2. Winkler claims that the “#.- DO NOT DELETE THIS -.#” Scripts are merely product support / updaters. : Proven false
  3. Winkler claims that he did not employ spy prims, either on public or on private lands. : Proven false

While not unexpected, continuing in his counter claims against the JLU and its free networked security system known as The Phantom Zone, asserting that it uses IP detection and geolocation. It does none of these things. Readers are cautioned that Winkler does not speak for the League and to refer instead to the About page here on the Krypton Radio web site for further information about this system.

Winkler had been using the tracking page in attempts to blackmail some of the people listed on it into handing over chat logs or other information about, or from, the League. The individuals approached have turned over logs of the attempted blackmail by Winkler and this information has been forwarded to Linden Lab. These logs will not be printed out of respect for the privacy of the individuals who do not wish to be named or contacted by the public.

Residents are advised to delete any objects in their inventory created by Tux Winkler as a safety precaution, or if you desire to keep the object or item, remove the script called “”#.- DO NOT DELETE THIS -.#” to disable the trojan horse functionality.

In this day and age of armchair bloggers and forum flame wars it’s easy to lose sight of the facts. The facts here support the charges against Tux Winkler and The Wrong Hands for stalking, harassment and defamation. I know some people are rolling their eyes at this, looking at it as some grudge match between two groups. However, Tux Winkler has decided to drag innocent people into this and make it public, so before anyone tries to convince you of anything ask for the facts.. Ask your own questions and don’t listen to the rhetoric, judge the situation solely on the facts.

 

Update:

The land at the Superville region, once home to Tux Winkler’s trojan horse spyware, went up for sale sometime in the latter portion of May of 2011. The precise reason for the decision to sell is not known, but the usual motivations of economy and financial strain are the most likely cause.

Additional pictures:

Script inside

Same prim, inspecting it shows Tux Winkler as the creator of the prim and the script.

Oxbridge Villag, Caledon Oxbridge V2

One of Tux's creations, a spy prim placed on open land, verified by the fact that on returning it, the Tracker stopped updating for this location

Tux Base prim

Note the owner and Group this prim is set to...

 

This image, taken just hours after the initial publication of this article clearly shows Tux Winkler wearing a Soviet Woodbury logo belt buckle. This puts to rest any doubts that he has ties to Woodbury.

Tux Winkler's "The Wrong Hands" LinkedIn Page, which puts to rest any doubt that Winkler considers himself in charge of The Wrong Hands, proclaiming himself to be CEO of "TWH Ltd.". The page has since been deleted. He had posted his city of residence on the page, but this has been redacted to protect his safety and that of his family.

 

 

 

Stark Reality Exclusive: The Wrong Hands-Spies On You

 Cybercrime, Games, League of Heroes (LoH), Special Reports, Stark Reality  2 Responses »
Apr 102011
  


By Vagabond "Tony" Carter

Some here may recall “The Wrong Hands” theft, via espionage,  of documentation belonging to the JLU. Scummy as that was, Tux Winkler has sunk to a new low… Using Second Life residents as pawns in his personal war against the JLU and peacekeeper groups in general.Tux maintains that he has no association with The Wrong Hands, or Woodbury, despite the facts otherwise, including documented Twitter communications with Tizzers Foxchase.

Tux has for several months now been tracking JLU members and other residents he has a grudge against on his publicly accessible web site. Despicable as this is, Tuxes claims that this is compliant with Second Life Terms of Service is correct from a technology standpoint – it  uses nothing not already publicly available to achieve his goals.

Tux makes the claim on his site that “This page simply lists the JLU members (former, confirmed, suspected and friends).  It uses only the tools provided by LL and no exploits.”

This is true, unless you count:

  • exploiting residents, by utilizing ‘hidden’ functionality in freebees.
  • exploiting land owners and open land permissions by hiding spy prims on their property without their permission
  • listing not only online status but their locations as well, enabling the page as a tool for stalking residents of Second Life. See Terms of service regarding incitement/ encouraging others to violate ToS. While this last is not an exploit per-say it does sow the point of concern here. Listing this information publicly exposes those residents to harassment.

Related to these is section 8.3 of Second Lifes Terms of service, which states:

8.3 You agree that you will not post or transmit Content or code that may be harmful, impede other users’ functionality, invade other users’ privacy, or surreptitiously or negatively impact any system or network.

You agree to respect both the integrity of the Service and the privacy of other users. You will not:

(i) Post or transmit viruses, Trojan horses, worms, spyware, time bombs, cancelbots, or other computer programming routines that may harm the Service or interests or rights of other users, or that may harvest or collect any data or personal information about other users without their consent;

This functionality of the freebees , being hidden, easily classifies as ‘spyware/Trojan’.

 

The devices also appear to track not just League members and friends, but anybody with whom Winkler has ever crossed swords, or that might do so in the future.

On tips received , JLU members acquired a number of freebies Tux Winkler had created and was distributing to new and old residents alike. These items were examined and compared with Tux’s public tracking page. An interesting fact emerged: when the members teleported with these freebies attached the tracking page updated!

The Items identified so far are :

  • “DISTURBED Online Status Board” – Rezzable Status board
  • “E-Howl v2.1″ – wearable on AV communication device
  • “PAO Hearts an Hugs” – wearable AV device to give hugs and kisses
  • “-= Disturbed Photo Booth v2.05″ – rezzable structure to take photos

Each includes a script left no mod named #.- DO NOT DELETE THIS -.# Removal of this script does not harm the freebies in any way but, surprise surprise , the tracking functionality stops! This was verified several times and double tested by inserting the same script into a ‘blank’ prim, at which point the traces would again update.

Now, speaking strictly for myself, I have no real issue with my in-world location being known. However, the underhanded use of residents as pawns like this is utterly deplorable!

Until Linden Lab steps up to bat on this I am not sure if this sort of shenanigan is AR’able or not, so let’s not be hasty with those mouse clicks. I will say this however, if you do not enjoy being used as a pawn – if you feel as disgusted by this as I do:

  • Delete any objects you own created by Tux Winkler.
  • Share this information with friends and land owning residents.

-30-

UPDATE  4/14/2011

As of at least yesterday Tux Winklers public tracking page is giving the appearance of being down. I say appearance as the PHP script is still clearly there but returns only the line “404 – page missing”. This is not a genuine 404 error but rather the output of the script. What this means is unclear, but it does seem that at least the Location tracking has gone non public. I still advise residents to be wary of the above mentioned Freebees and other suspicious items.

Genuine 404 is a full HTML page, not a single line of plaintext, were the script actually missing the error would look like the following:

Not Found

The requested URL /XXX.php was not found on this server.

Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2 PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8 Server at www.XXX.XXX Port 80
The actual URLS have been expunged for Krypton Radio Reader safety

The fact that the page is returning a false 404 error simply means the system is not publicly visible and may well still be in use.  It should be noted here that other attempts to generate a “page not found” error on Tux’s web site produce a genuine 404 error – only this one page on this site produces a fake 404 error, so this one is confirmed as a red herring. Were Tux to actually have removed the script the above example 404 would have shown, instead he chose to obfuscate, having the file jlu.php echo the line “404 – page missing”. Extra work, when simply removing the script would have done . We are left to ponder why, and this leads credence to the idea that there is more going on here than meets the eye.

Woodbury University Cybergang Sneaks Back Into Second Life

 Cybercrime, Special Reports  12 Responses »
Jan 102011
 

JLU Exposes Details on Woodbury Return to Second Life: Leader’s Alts Banned

(staff)
Twice banned en masse by Linden Lab, refugees of the now-illegal Woodbury University group are reappearing in Second Life, using new new sims.  The regions Red Square and Revolution went online on or about December 21, 2010.  The Woodbury University/Wrong Hands cyber-gang, best known for hacking into the Modular Systems’ CDS database and stealing and redistributing the League’s private wiki (“Wrong Hands” ringleader known in-world as “Robble Rubble” once described the action to Carl Linden as “the wiki heist” ) has returned to their Soviet-style imagery, complete with red stars and hammer-and-sickle flags.  An interview by Vaneesa Blaylock with Tizzers Foxchase alt “Pepper Zero” showed photos of the sim.  These photos, in combination with data acquired from cooperative inside sources at Woodbury helped confirm Pepper’s identity.

Tizzers’ alt lasted just long enough to make an appearance at the Alphaville Herald’s Post 6 party on January 9 in a region called Idia.  The avatar, however, did not last long enough to leave the party under its own power.  Another Foxchase alt, Sub Zero, was cross-referenced, confirmed, and has now been removed from the grid just this morning.

The new Woodbury estate management  group is a recycled one.  Atlas Inc, founded by Atlas Saintlouis, was formerly used to control access to the Rancor region – our readers may recall that this region between the time Linden Lab destroyed the Woodbury estate and the time all its group managers and owners were mass permabanned from Second Life for violations of the Linden Lab Terms of Service too numerous to count. The Rancor connection confirms the suspected ties between the Nicholas Mafia in Second Life and the Woodbury cybergang.

Other members of this group are (but not necessarily limited to):

  • Admiral Polandia
  • Atlas Saintlouis – the group’s founder
  • Atlas Vendetta
  • Atlas Straaf
  • Charity Nexen
  • Codizzo Resident
  • Nadia Topaz
  • Rachel Breaker
  • Shifty Centaur
  • Huns Valen
  • Overbrain Unplugged
  • Pixeleen Mistral (this is Mark P. McCahill in real life – what one of the founding fathers of the Internet wants with a bunch of teen and post-teen internet trolls remains one of the greater questions in the Woodbury fiasco)
  • Toast Steampunk (also of another group called Troll Manual)
  • Atheron Alter (a FurNation admin)
Another group of interest appears to be the new Woodbury visitors group, called Soviet Commuter College, and the letters SCC currently appeared for a short time written in prims on the grid map of the Revolution region before both regions were blacked out with megaprims. This group, created in 2010, was associated with the previous installation of Woodbury University. Some of its members at the time of this writing are:
  • Korpov Resident (now banned)
  • Code Slacker (now banned)
  • Codizzo Resident
  • Mentally Unplugged
  • Mullet Resident (now banned)
  • Dioh Composer
  • Narika Niosaki
  • Atlas Saintlouis
  • Camov Kalinakov
  • Theta Darkward
  • Valeriya Pinelli
  • Vivid Static (now banned)
  • HogLogs Longspring (now banned)
  • TerriSchiavo Unplugged
  • Charity Nexen
  • Xyz Wyx
  • SovietCommuterCollege Resident – Banned as of 2011-01-10 simply for founding the group
  • Zax Zero
  • Overbrain Unplugged
  • Pixeleen Mistral (Mark P. McCahill, professor of Duke University)
  • Vendivar Vectoscope
  • Shifty Centaur
A number of the other members of this group were deleted by Linden Lab this evening.  Why both IntLibber and Pixeleen Mistral are also members of these two management groups for the Woodbury regions is, for the moment, a mystery, but both could have possible motives for bankrolling Jordan Bellino (Tizzers Foxchase) in the effort.  Note that a number of people are in both groups:
  • Atlas Saintlouis
  • Charity Nexen
  • Pixeleen Mistral
  • Codizzo Resident
  • Overbrain Unplugged
  • Shifty Centaur
The only reason to be in both groups would be to exercise administrative control.  We see therefore that Pixeleen Mistral and at least these six others are actually playing a major role in operating the regions and are not simply observers or passive participants.

Citizens of Second Life are urged caution when approaching these individuals. Linden Research legal transmitted a letter to Bellino in April of 2010 informing him that no Woodbury presence in Second Life would be tolerated. He is ignoring these instructions and sneaking back in under what one can only assume to be false pretenses, as well as assisting other permanently banned gang members to do so.

The Woodbury / Wrong Hands participants seek to align themselves with the notion of “hacktivism”, a relatively new term coined by designer/author Jason Sack in a 1995 InfoNation article about the media artist Shu Lea Cheang.  Woodbury’s claim to hacktivism as a noble pursuit is based entirely on illegal breaking and entering into the servers and databases owned by people with whom they have previously come into conflict, most notably Modular Systems, operators of the CDS (Client Detection System) and the Justice League Unlimited. In neither case were they successful in shutting down or limiting the operations of either of their victims.

The term “hacktivism” is meant to describe the use of destructive or illegal computer hacking to bring about social change.  However, in the case of Woodbury’s participation, the necessary bar of social change was never reached, relegating their activities to the mundane definition of felony computer invasion and content theft.

A Correction:

Sub Zero was not, in fact, an alt of Tizzers Foxchase.  His account was deleted in less than a minute after reporting it as being an alt of Tizzers Foxchase, but was removed from Second Life for reasons other than the reported one, at the Linden admin’s discretion.
Sub Zero was another griefer associated with the InfLife client (now the “Reborn” client), a Second Life client which appears to be little more than a copybot client made from the Phoenix client code base. The likelihood that the Reborn client actually exists is very low, considering that the Paypal account used by InfLife has been suspended and there is no new payment method available.  “Reborn” has never, to the knowledge of Krypton Radio or the Justice League Unlimited, been encountered in the wild.

Stay tuned to Krypton Radio for more news on this, both in the print edition and on Vagabond Carter’s Stark Reality radio show.
- 30 -

“The Wrong Hands” Gets Final Slap From Second Life’s Linden Lab

 Cybercrime, League of Heroes (LoH)  21 Responses »
Sep 222010
 

“Wrong Hands” Gets Backhand

by Paladin Proto

As previously reported on Krypton Radio, Linden Lab has diligently removing accounts belonging to members of the outlawed Second Life group “Woodbury University” and its subgroups. The deletions have been coming in response to reports by the Justice League/League of Heroes, together with those from a cluster of intercooperative peacekeeper groups in Second Life.

On September 13, 2010, Robble Rubble, leader of “The Wrong Hands”, a subset of the Woodbury University group, logged out for the last time. His account disappeared from search at approximately 9:35PM that Monday evening. JimK Korpov, founder and sole owner and officer of the Wrong Hands group lost his account on September 18 at around 9:45PM Second Life time, leaving the group headless and useless for any practical purposes.

The borders of Rancor closed within mere hours of Rubble’s loss of his account, in an apparent reaction to the event. Many had assumed Rubble to be untouchable because he had survived so long after the initial wave of Woodbury deletions.

Rubble’s final curtain call came as the result of an attempt to deceive the Justice League and the **Police Department**, a well known public service and support group in Second Life,  into attacking a rival griefer group squatting on the untended University of Bradford region.  He had made use of an alt in the deception, reasoning that after masterminding the theft of a portion of the Justice League’s BrainiacWiki in January of this year that he would be unlikely to receive help if he approached the League directly.

When the Woodbury University group was initially banned on April 20, 2010, its lands were seized by Linden Lab. Discarding any pretense of legitimacy, the group resorted to a continuously rotating stream of ban evasion alts in order to sustain their presence on the Second Life grid. Relying on tips from concerned citizens, Linden Lab monitored activity on Rancor, a region once controlled by Codizzo Hax. The sim was once home to the Nicholas Mafia, a group with friendly relations with Woodbury University.

The Woodbury University group has the dubious distinction of being subjected to the largest mass ban and land seizure in the history of Second Life,  at approximately three dozen individuals and their alts.  A reliable source has been able to confirm that Rubble was never a student at the real life institution by the same name.

-30-

Story Update: October 17, 2010

While JamesK Korpov and Robble Rubble were both deleted from the grid, the group “The Wrong Hands” itself remained.  Though lacking any owners, members still existed with the power to invite  other members, as their membership count was observed by the League to grow from 28 to 32.  Seeing that the group was obviously still active, the League made a request of Linden Lab to remove the Wrong Hands group from Second Life on October 7, 2010.  A detailed investigation by Linden Lab took place.  By October 17, ten days later, the group had been forcefully disbanded, tying up the last loose end in the Wrong Hands saga.  It is not known how many of the group’s members lost their accounts in the process.

The illegal copy of the BrainiacWiki materials stolen in January of this year and hosted at http://jlu.sl4.me has also been taken down.  The web site belonged to Wrong Hands member Tux Winkler, who redistributed copies of the materials from that site in violation of international copyright law. While the domain itself still works, the entire site it points to no longer exists, displaying only the hosting service’s default page.  The lack of a redirect to a new server  clearly demonstrates that the shutdown of the site was involuntary.

Story Update: October 21, 2010

RETRACTION:  Though the timing aligned well between the filing of reports with Linden Lab and the apparent disappearance of the Wrong Hands group, it has been discovered that the group is merely hidden from search.  Detailed examination of the profiles of existing members show that the group is, in fact, still active, with vague threats being issued to various residents by some of its members. Not only did the Wrong Hides go deep into hiding, they also cleaned house, possibly  to reduce the number of potential targets for Linden action, shrinking their count from a high of 32 members to their current compliment of 8.

What does the Wrong Hands have in store for the Grid?  Considering that their original act of espionage was one of revenge for the destruction of the Woodbury University regions and related accounts, and that the result was the banning and destruction of all their own long-held public identities on the grid with no affect on the League, their losses are mounting.  Citizens are warned that contact with known members of the Wrong Hands can be hazardous, as they appear to choose additional targets more or less at random.  Citizens with information about the Wrong Hands are encouraged to contact the Linden administrators of Second Life, as since most of them are now banned permanently from ever accessing the grid again, they are in possible violation of United States federal law.

-30-

 Older Entries