Over 100 Opensim regions wiped in weekend virtualization exploit

by Tateru Nino Jun 10th 2009 at 3:30PM

Filed under: Exploits, News items, Second Life, Virtual worlds

Hypergrid Business is reporting that an unknown person or persons destroyed a large number of OpenSim regions over the weekend, by exploiting a weakness in LxLabs' Linux-based HyperVM management software. OpenSim is a popular third-party reverse-engineered implementation of Linden Lab's Second Life server software used in a variety of commercial, non-commercial and educational virtual-environment grids.

More than 100 regions are reported lost, along with any data that wasn't backed up off-site. Apparently more than just the simulators were taken down, Web-pages and other ancillary data and files on the affected servers were also lost in the attack.

OpenSim regions using virtualization software other than LxLabs' HyperVM were unaffected. The attack hit more than just third-party Second Life compatible grids, however, as more than 100,000 other websites and servers were wiped over the weekend using the software exploit.

In the wake of the attacks and massive data-loss, LxLabs' founder, K T Ligesh (32) allegedly committed suicide in his Bangalore home on Monday.

Are you a part of the most widely-known collaborative virtual environment or keeping a close eye on it? Massively's Second Life coverage keeps you in the loop.

Tags: exploits, hypervm, k-t-ligesh, lxlabs, opensim, second-life, virtual-worlds

Reader Comments (Page 1 of 1)

Ari Blackthorne said on 5:06PM 6-10-2009

I can believe the suicide thing.

Not so much about anything to do with virtual worlds and grids and such. But who else was using that software for multi-bazillion-dollar mission-critical enterprize-level business stuff?

Yikes.

TigroSpottystripes Katsu said on 9:01PM 6-10-2009

Holy Shit! 0.0

My condolences to all that lost things U.U

Plastic Rat said on 10:24PM 6-10-2009

Need to smack some 4chan or something awful kiddie in the face repeatedly with this story.

"I did it for the lulz" doesn't cut it anymore.

The attitude of "The internets is serious business" kinda falls flat when people start dying over this crap.

Would be great if they could catch the person/persons responsible and charge them. Be even better if they could add the weight of the suicide to the case.

vimesmordan said on 6:06PM 6-11-2009

So, in your worldview, if your post here resulted in my suicide, you should be charged with murder. Hmm, tempting.
Of course your reasoning is absurd. The blame for the suicide lies in the perpetrator - the suicide victim. He murdered himself. Far too late to punish him, but he was the author of his death and the reason for the pain of his loved ones.

Furthermore, equating the deliberate, malicious crashing of servers and the deletion of content with dressing up like an roast ham and staring at someone for ten minutes is even more absurd. There is no comparison, no way of any reasonable person could compare the two behaviours. On one hand you have a business being attacked and their secure data being wiped, their servers being reset and having to expend real resources to recover. On the other hand, you have someone who stares at bizarre Second Life behaviour while dressed up as an anthropmorphic ham. And who occasionally, unavoidably, laughs.

Plastic Rat said on 9:07PM 6-11-2009

I really have no clue what exactly it is that you're on about, but I do hope the medication will provide you with a chance of leading a normal life.

TigroSpottystripes Katsu said on 12:57AM 6-11-2009

is the suicide thing confirmed? I thought it was just rumors...

my condolences to those close to the guy that died too then

Tateru Nino said on 1:37AM 6-11-2009

Times of India says he was found hanged in his home on Monday and there's an announcement on the LxLabs forums. We've seen no information to the contrary.

Joshua Meadows said on 10:17AM 6-11-2009

This article is kindof ridiculously inaccurate.

Firstly, and most importantly, OpenSim isn't a reverse engineering of anything; there's no code from Second Life anywhere in it. While it utilizes libsl which was, in part, reverse-engineered by the libsecondlife group, OpenSim itself is not.

Secondly, this is only tangentially related to OpenSim at all. It looks like it was an exploit attacking Linux machines using HyperVM that were wiped; if OpenSim happened to be on it, then it was erased too as part of the attack. Your article implies that both OpenSim itself was targeted or vulnerable, and that the founder of LxLabs committed suicide in response to losing 100 OpenSim regions.

Tateru Nino said on 11:42AM 6-11-2009

Absolutely not, Josh. The Opensim regions were a casualty of a much larger strike against HyperVM-equipped servers. I'd hoped I'd made that quite clear. More than 100,000 servers in the UK alone were wiped (paragraph 3).

As for "reverse engineering" - that is indeed the term that I believe is correct. That is, it was created to be compatible with system, but contains no code from Second Life. That's reverse engineering.

Joshua Meadows said on 11:49AM 6-11-2009

Reverse engineering implies the original code was somehow exploited or broken apart into tiny pieces, analyzed and then OpenSim was created copying functionality. Given concerns with Second Life's terms of service, such phrasing has potentially nasty connotations.

OpenSim wasn't created to be compatible with Second Life. There's some compatibility, obviously, given that it shares the same viewer, but the goal of OpenSim is not to be the open-sourced SL or copy/duplicate it. Certainly some grid operators have acted otherwise, exploiting frustrations in the SL userbase with LL's policy decisions to further their own enterprises, but they largely have nothing to do with the development of OpenSim and certainly don't speak for it.

This issue gets confused a lot and only muddies the truth.

Tateru Nino said on 12:03PM 6-11-2009

Ah, I see the confusion. Reverse engineering is a very broad term with its own taxonomy, it is true. The usage here is in the traditional sense, that is "the process of analyzing a subject system to create representations of the system at a higher level of abstraction." (Chikofsky, E.J.; J.H. Cross II)

I doubt anyone would think that actual disassembly or exploitation was involved. The very notion seems unnecessary and silly.

grover96 said on 12:06PM 6-11-2009

Sound like KT had more problems than just the loss of this data.
http://timesofindia.indiatimes.com/Bangalore/Techie-hangs-himself-in-HSR-Layout-/articleshow/4633101.cms

Adric Antfarm said on 1:37AM 6-12-2009

Can we confirm the whereabouts of M. Linden during this time?

Reverse engineering is a good way to get a result that looks close until you open the hood. Thus, no is one is suggesting that Third World (a better name) cribbed a ton or their end result wouldn't look silly compared to the already silly basis.

Anyone in business who leaves anything of value in a non-real environment and then if so lacks a business resumption restore plan isn't a victim.

The tragic death is not related, this poor guy had a series of pain from multiple family members taking their own lives to business setbacks and was said to have no one in his life.

TigroSpottystripes Katsu said on 1:52AM 6-12-2009

For me the meaning of reverse engineering does apply to OpenSim, they reverse engineered the protocols, from analysis of the working system they managed to recreate the system (to some extent), I don't see much different between analyzing machine code on a hard disk, or on RAM, or the behavior of a remote system, in all cases the true original source isn't accessed and yet by analyzing the end result the person/group was able to figure out how the thing works, in a way, an abstraction of the original source.

Unless my knowledge about the way OpenSim is compatible with the official client or about the source of the majority of the knowledge used to achieve such compatibility is too inaccurate, they did use reverse engineering to make OpenSim according to my understanding of the meaning of the expression.

Gareth Nelson said on 4:45PM 6-12-2009

The claims that opensim wasn't reverse engineered or that it wasn't originally meant as an SL alternative really irritate me.

Yes, opensim WAS reverse engineered - the protocol specs were not handed over by LL, it all had to be analysed by reading packet dumps. I did a lot of this myself "back in the day" and find it really irritating to be told "no, that never happened".

As for not being intended as an SL alternative - you kidding?
The first version of the code was called "second server". Seriously, ask Michael Wright about it. It has of course grown a lot since those early days and does now have a goal of being a more generic virtual worlds server, but it did START as a simple hack to implement an SL-compatible sim.

"hack" is actually the best word for that early version - a messy hack that dumped packets loaded from binary blobs on disk. Bit by bit, enough of the protocol was reverse engineered......... err, sorry "analysed in a way that isn't reverse engineering, honest" to generate everything dynamically.

Why so many insist on saying "opensim wasn't reverse-engineered" as if this is something dirty is beyond me.

Danton Sideways said on 9:56AM 6-21-2009

History is full of businessmen who commited suicide because of bankruptcy. Last January the German magnate Adolf Merckle threw himself under a train after losing millions on a speculative investment. So it is quite possible that KT Ligesh killed himself because of the attack at VAserve. Even if he had other problems, the website deletions may have pushed him over the line.

This story is like an Agathie Christie: there are too many suspects. Was it Microsoft trying to divert attention from SQL injection holes in their own servers? Linden Lab wanting to cripple OpenSim? One of the OpenSim grids out to eliminate competitors? A website hosting company rankled by low-cost virtualization alternatives? Direct competitors of VAserve or of HyperVM? Exploit hackers or 4chans?

Whoever did it went for the jugular. Massive deletion of server data is the most violent type of internet attack, the virtual equivalent of a nuclear bomb. This goes far beyond what exploit hackers typically do, which would be to leave evidence that they COULD have deleted the data, but without doing so.

There were probably big real-world financial stakes involved. According to the Computerworld post, someone claiming to be the hacker says they exploited insecure password management practices at VAserv, rather than flaws in HyperVM. Would this mean that the real target was VAserve, rather than HyperVM, Linux or OpenSim?