Mittwoch, 30. Juni 2010

Money hacking in Second Life (case study)

Yesterday i was told about a program that allows the user to kinda upload money while the program is hacking into LL servers. There is even a vidio in YouTube that introduces the program. The user sumply starts the program, enters their SL account data and a desired amount of money. 5 minutes after klicking a button the user is receiving the money. Nice idea.

Can it really work? I really hope it can not. Otherwise we are really in trouble. I do not give the link to the program as there is another one i found in few minutes. I'd like to discuss if such program can work in general. I do see three cases here: The program does not work at all, the program works as expected, and the program works but not as the user expects.

Let's start with the simplest case: The program does not work. It has simply text fields to enter data and a few buttons, and plays perhaps some music or a video. Even if the user paid for the download, this case is the best what the user and the rest of SL can hapen. Why? Just look at other cases.

The next case: The program works as expected by the user. This means: The program hacks into LL servers and increases the amout of lindens on the user's account. This is what the developer promissed. Ok, the question: where come the lindens from? As you know, each linden is valued by a real dollar. You can pay US$ to get L$ and vice versa.

So what hapens if the user's account increases the L$ without an US$ was paid for it? Very simple: The worth of lindens will decrease. Either the lindens, the residents own loose their worth or Linden Lab looses the mony and crashes. As you remember, the actual financial crisis hapens because of worthless stocks. The progarm generates something quite similar.

So, what would hapen if Linden Lab discovers the usage of such program? They could do the same as they did if they discovered the usage of invalide credit cards: The fraudsters loosed their money and everyone who got the bad money from them on a legal way. Money laundering is something LL not really like.

And the last case: The program is working, but in a different way. No money is generated but just moved from one acount to another one. There are again two possibilities. First one: The program user will receive it. The question: Why the program needs their password? Giving money doesnt need the money receiver to be logged in.

But the money giver must be logged in into SL. And this is the second possibility: The account data are sent to the program creator, allowing them to log into SL and grab the money from the user's account and also to do anything else they want to do with it. As nothing hapens on server-side, there is not much effort to program this behaviour and this is very likelly how such tools work. There is another word for that: Phishing.

Just remember: There is no magical way to increase lindens other than pay for them with real money.


  1. There is a little program that undermines the security of sl right through Quicktime. The recently discovered vulnerability in Quicktime can be used to steal Linden dollars, the currency used in the virtual world of Second Life.

    Currently be downloaded from:


  2. You need to proofread and spell-check. So many errors make you lose credibility.


Dear creators, internet connection is not a premisse

Hello everyone reading :) This post targets all the people who design and create all the fancy things, be it in hand or on screen. Pleas...