SL International Business

Heya! There’s need for some changes with SLIB to make us more profitably and smoother operation, as the lately been problem with account suspension and all has shown us, some changes should be done for smoothing problems out. Also as the latest weekly report showed us, we need to change our investments on less-volatile items. So, let’s start out what i’m planning on doing to prevent such disastrous impact when LL just decides i’m a bad guy, because some bad guy’s deposited! I intend to enhance the banking security with many many new things:

• Bank deposit & withdrawals management ALT account
  • Different account on which all the deposits are kept and handled on.
  • Requires backend programming to manage the current existing ATMs which would be a huge job to replace, so they remain under my main, but backend handles transactions between Tyrian and the new management account.
  • Backend tracks the balance of this avatar.
  • Backend script scrapes and verifies the balances & transaction histories.
• Deposits with PBA is made possible with the above mentioned changes.
• Rudimentary client background checking: AV Age, Payment info on file/used/no payment info on file
• SLIB’s client data parsing: Past transactions, transfers between accounts, Interests earned, overall average balance, highest account balance ever
• The two above mentioned things allow us to create alarms and limits per account basis for security, not only general limits, but actual avatar based limits.
• Maximum deposit, maximum total account, maximum amount to transfer limits.

All that should smooth operations to a larger extent, PLUS allow easier book-keeping!

Investment wise i want to swap many volatile investments into stabler ones, with steadier appreciation and dividends! Ie, SNE MUST GO, which has been maybe the worst investment ever! Well, apart from Ginko

ESN, Shopping Express Network i’m going to hold, as i said before i hold over 82.5% of it, so it’s value is about to increase heavily, along with some new things coming for ESN, increasing their profits.

Springboard is at a very low value right now, and am a bit unsure as of what to do with it right now. Maybe i hold right now, and buy tons when it hits a few cents per share.

Also, SLIB Real Estate is being separated as a subsidiary, and new subsidiary company is being formed, an venture and attempt on a new business field. IPO application has been sent to Ancapex.

So, the sad thing happened today again, this time however with mails accompanying, that my account has been disabled. and i’ve been penalized with 330,000L$, because i had received fraudulent funds from DreamAngel Flanagan.

Of course i check immediately all the deposits etc. No where to found, and can’t access transaction history. So it HAS to be direct AV payment.

I talked with Belinda Linden, she couldn’t do anything because there was some notes, but she forwarded kindly my requests to both Echo and Harmony Linden. Told me i had to wait, and there’s absolutely nothing she can do for me!

I remind you also of the fact that i’ve now TWICE applied for Risk API, and still haven’t gotten even a reply! Belinda told me to try again.

I logged in with SLIBRealEstate Aeon, the new SLIB Real Estate Management alt, this is something VERY interesting i found out:

DreamAngel Flanagan’s account was atleast visible on search, by prior knowledge thus active, just to make sure, i searched for myself:

Yeap, can’t find myself. So i’m being suspended, the supposed payer of fraudulent L$ was not!

This is VERY VERY peculiar! Also, timing is very good, today is the weekly report date, and naturally: I cannot get all the damn numbers without being able to login! Ouch!

So, i contacted concierge again, and got Spike Linden (Kudos to him again! He really is good at his job! Even when he cannot help you, he makes you feel like he’s doing everything and beyond his duties to help you!)

Spike Linden told me too he can’t do anything, wasn’t suprised here. He could however tell me that: It’s complicated, he cannot give more info, and it was stolen L$. Ok, that’s kinda clear, if they are fraudulent, they are in some form stolen, in a form or another. Maybe DreamAngel is the one from who was stolen? I didn’t IM her or try to make contacts, i want to talk with Echo Linden first. Also, Spike told me that Echo wants to have a chat, and he also told there is some notes on my account.

Well, Spike kindly gave me transactions histories, latest and also from the 28th Oct and forwards, basicly full history he could attain! So, i start to inspect it, and cross-reference some data. There came up one someone who has fairly new SLIB account, and is not in search anymore, thus apparently suspended, but this account has WAY more deposited than the 330,000L$, which made me want to look into it in the first place too! So new account, so much deposited. Ok, i admit that can be some big business man’s alt too, so it isn’t always possibly shady, but it rings alarm bells. It was suspended, but no word from LL about that specific person at all. To be safe, i froze that account with a message told to contact me.

But what’s even more interesting that there is no payment of 330,000L$ made to me, there is no payment of 210,000L$ made to me, and there is NO PAYMENT FROM DREAMANGEL FLANAGAN! woah! That IS interesting. Thus, i cannot link this penalty to a made payment in anytime near history!

Very curious indeed! Neither there is an account which size would be relative to the sum mentioned, simply put: i can’t find a match for 330,000L$ and 210,000L$ atleast for now! So what warranted this penalty? I do not know!

I’ve always handled requests by LL promptly and precisely, doing what i can to help them resolve whatever problem they are trying to resolve. And every single time it’s been resolved fast, to the point, efficiently, and justly! Now, i’m left to wonder with no intel at all, wondering and pondering what’s going on?

All i know, i’m not happy at all. They won’t simply give me anything at all, other than: Fraudulent L$, Payment, DreamAngel Flanagan. Why not? Again, i do not know. I just know that i have to wait when Echo Linden goes at work. So around in maybe 2-3hours now, i do not even know what’s the office hours there, do they start at 8 or 9AM? In anycase, rest assured, it’ll take for Echo a moment after arriving at work to get on my case.

My hopes are that no loss will happen for SLIB at all, and business can continue as usual. Maybe implement further, new security measures, even if not requested by LL. What i know atleast, that i cannot finish weekly report before my account is activated again, and can get balances, land amounts etc. from every location, along with the ability to make announcement.

Oh yeah, dividends were paid to all SLIB group members this time as my account was suspended. This time, it was about 100USD worth. So at the moment, this fiasko is standing for SLIB at approximately 1300USD down the drain. Just like that, with a push of a button.

I will be doing everything i can, and update this post when i got more information. You can IM inworld: SLIBRealEstate Aeon or Mainostaulu Tomorrow, in order to reach me.

Operations HAS BEEN halted until further notice, and resolution from LL. Operations will continue shortly after resolution.

[UPDATE 10:20AM PST / 20:20 GMT+2] Over an hour now since it came office hours in US, and still no reply. All activity remains halted still, until we get somekind of reply.

[UPDATE 11:09AM PST / 21:09 GMT+2] Account has been activated. However i will NOT login until farther clarifications. LL has decided to take 108,834L$ more from the account. Pending further investigation. Nothing else was told to me. I will update when i know everything and what the future is. Echo Linden has not been available, JP Linden has been looking into this.

[UPDATE 2:12PM PST / 00:12 GMT +2] Got a list from LL of avatars who had paid fraudulent L$. However it was incomplete and had errors. 112k L$ is still at large, and i cannot lift the halt before everything checks out! Don’t want to risk that SLIB get’s charged for, and then the who paid the fraud L$, comes and withdraws the same money! Also, i cannot make exceptions for anybody, because that just wouldn’t be very fair, now would it be?

I would like to remind that you do have protections, and there is real assets behind SLIB, and this is not any scheme, nor scam to try and go away with your L$! Also, you do have a small protection from The Rock automatically as SLIB client, paid by SLIB for you. The Rock has been informed of today’s events (However, no reply from Eliale Morigi)

I’m again waiting an answer from LL, and this might take us all the way till tomorrow I’ll lift the halts immediately when big enough portion has been recovered, and hopefully tomorrow i can also get the weekly report done! All my time has gone into sorting this.

[UPDATE 2:28PM PST / 0:28 GMT +2] I made the decision to activate again, afterall, 112k L$ is under 1% of SLIB’s total assets. We cannot let that stop YOUR activities!

[UPDATE 30th of November] All discrepancies has been solved, and investigations closed. It took a while, but atleast it’s done now. No financial losses occured for SLIB, some reputation/credibility damage was caused however resulting in withdrawals. I have again applied for Risk API.

Here is the full scoop, how i learned about it fast, how it didn’t affect SLIB, and why the false allegations were actually quite expected.

The morning all this happened, was just a regular morning for me… At first.
I did the accounting, and looked through all my nightly mails (I get upto 200-300 mails a day!), and was about to login to Second Life, that’s when everything turned upside down … In my stomach (metaphorically)

I only got a message “Account Disabled” … I can only imagine my expression looking at the screen, with all of sudden a pale face, mouth open, looking in disbelief…

Then i refreshed SLIB page, saw a massive increase in deposits, tried to get My Account, got a message to call Linden Lab, but Support portion worked, i contacted concierge ….

Belinda’s VERY first question was had i received large sums of money lately. Yes i had, 1.7Mil L$, from Betatester Allen. I gave LL the information they requested in the full, and Belinda re-activated my account, after my account had been disabled maybe 20-30minutes, and i paid the remaining balance of Betatester to Belinda. Case Closed.

After that i had a short break and vented the fear off. After that i warned Lindsay Druart, and she noticed a massive deposit, and looked into it. Betatester Allen had deposited a lot, and withdrawn as much as he/she could, same as with us.

Then the sky ripped apart!

Lindsay said to me something like “Hold on! An object is paying a lot of money out!” …. Moments later it had been figured out that L&L BT had been robbed!

I had also warned Cristopher Whitfield of Royal Invest, who had been attacked too. I kept watching the situation unfold, and got reports from many sources.

During the day i made extra precautions, just to be sure. That included distributing money to my alt accounts to safeguard if something actually is cracked. At the point i did that, there was rumours originating from couple sources it might actually be an SL or LSL problem which caused these robberies.

Later it was told that some of the banks were robbed via a very stupid logical problem: Allowing negative withdrawals. Huh, can you believe that? :O Somewhere down the line of development somebody had an oversight apparently …

Lindsay did tell me it was a brute-force attack. However, what is interesting it needed only a few hours :O Given network latency, and BASIC security measures built-in to many server software packages, it was very quick brute-forcing. But as Lindsay updated us it was a mistake by their hosting provider that there was No Security At all, by the sound of it. A classic honeypot.

They got all the basic security packages quickly installed however!

Nobody Fugazi says that we use the same software as L&L does, this is completely false. SLIB’s system is completely hand-built by myself. He also fails to conduct proper journalism (once again) in his article, on L&L’s case it was server side problem, but as i hear Royal Invest and Giovinazzo had the problem at their banking softwares.

What most of you guys don’t know, that my background is in server administration & web development. I have LOTS of experience especially in the security field, and have done multiple jobs relating to either PHP projects security or server security. I don’t want to go too specific on the security measures i’m using, but here are just some of the measures:

- All server accounts jailed. (Cannot access other than specific directory & it’s subdirectories on the server)
- Only necessary ports open.
- Connection attempts 24/7 monitored, and automatic filtering of all the basic attack types.
- Almost no accounts contains shell access. (Shell access is most often required for gaining root access)
- All web requests are processed within the jail of the user in question.

I’ve been in the web hosting industry for 6 years now, attacks on the servers are a daily event. At worst days, there can be hundreds of different origins for attacks.

About the software then? It contains a bunch of tests, of which all has to be accessed, some are standard run of the mill tests. Not only does the requests need a key, which combines multiple elements all cross-referenced, there is also tests verifying the origination among other things.

Infact, i did tighten and add more tests to the security yesterday, motivated by the weekend’s events. Infact, i mostly updated logging, and added two new tests. (Forgetting PBA’s needs which is currently failing to work because of how tight these new tests are, but i will be working soon on fixing that portion, with specific tests for PBA which replaces one of the new tests) .

Of course, no security is tight enough! All computers are vulnerable, it’s just matter of knowing the vulnerabilities! That’s why security is not a feature, it’s a (daily) routine. We must also remember that with proper security measures, when that breach happens, we can limit the impact A LOT. Yes, i do believe that it’s always just a matter of time. That’s why it’s a routine, not a feature. We must always look to make our security better, and thus keep on pushing the time when it happens further, and multiple levels of security comes into play to limit the damage of what can be done.

Now, one question i didn’t answer yet, is why did i expect the allegations that i would be behind it.

That’s very easy to answer: No financial losses, and early knowledge, and thus giving warnings.
Simple huh?

The guy who suffers from mass event like this the least, and knows it fast, is often alleged. People need someone to blame and/or accuse.

Still believe the false allegations? If i would be behind it, would i now be writing this, and running my SL business like usual? I thought so.

Infact, i didn’t even come up with the idea that people would be accusing me, it was a friend who warned me that by the sounds of it, i will be accused of being behind it. And as we see in the Nobody Fugazi’s post:

“The banking software itself had been cracked. The affected banks we know of are:

• L&L Bank and Trust
• SL Investor’s Bank (Tyrian Camillo, no losses)
• Giovinazzo Choice Investments (Barton Giovinazzo)
• Whitfield Holdings/Royal Invest (Cristopher Whitfield)
• SL Business Bank (Anre Heron)”

He makes a point out of it that i didn’t incur losses. And like he also pointed out: “And as far as Tyrian’s comments about me, well - we don’t like each other. That isn’t a secret. However, he doesn’t actually respond to what it was that made his bank so special that it took no losses. Maybe he doesn’t know. Either way, he does seem to stand out in the crowd. Maybe its all those ads.”

It infact is He who hates me all alone, it’s he who started this all, and for me Nobody Fugazi (Taran Rampersad) just doesn’t matter really. I went on my daily routines early on my second life ventures, and all of sudden i started to TP home all over the place all of sudden, sometimes client crashing, and at worst, i couldn’t even login to SL because the client would crash the moment i get to login. I very soon noted a common factor on 90% of the sudden problems: Nobody Fugazi had land close-by for sale, by that time i already knew that Nobody Fugazi isn’t really ethical and abuses LSL bugs when it comes to people he hates, thanks to Little Birds.

It soon turns out, he got angry because i had 4x 256sqm pieces of land, next to his land, and accusations of being an ad farmer. While i admit, i had 16-32sqm pieces already back then here and there, and i dealed a lot with them, i never turned a place into an ad farm/farm of 16’s …. Until then, i got pissed off at the problems he caused, i went and bought land from Nobody Fugazi, and cut it into small pieces. Hell, i had just begun when he appeared already there, and started buying up the parcels, and i asked him to play nice and stop the griefing. all he did was yelled “just put the fucking parcels for sale!”, so i did, then he progress to threaten etc. and i said to him calmly “all you need to do is ask politely, and i will join it and set it sellable to you at the price i bought it for”, wasn’t satisfied with that. Virtouse Lilienthal bought the remainder of pieces and gave them to Nobody, i gave Virtouse a full refund.

Later on, i gathered quietly evidence of the griefing, which was easy with the help of Disq Hern (and a script of his creation), and filed an abuse report. All of sudden, when i received resolution mail, it stopped and Nobody Fugazi disappeared for a while. He had no land for sale on Mainland, and later learned he had bought an island.

I never did anything further that take snapshots of his actions for my own pleasure, instead, he has made after that several extortion attempts, lots of slander and false allegations, and one of the things i enjoy the most is how he made himself look very very childish on AVC shareholders meeting when i arrived

He seems to have some kind of fixation on me, a burning desire to hate. I’ve tried to avoid to touch the subject at all, my time is more precious than responding to his slander.

That being said, i really hope he would stop his attempts to cause me grief, and do the good journalism he appears to be capable of. I really want this to be the last time i have to read, as he once again tries to cause some grief to me and just wastes everyones time.

If you got any questions at all, feel free to IM me and ask! No need to speculate on blogs etc. Just ask!
No one, except Eric Reuters has asked me just about anything about the weekend’s events :O But afterall he didn’t even ask me anything, nor replied after i had replied to him i’m open for questions he might have, and just made this stub story.

PS. My name is Tyrian Camilo, not Camillo, or Cammillo, or Tirian, or [insert_your_fav_typo_here].
PPS. Now i toggled the setting in WordPress again which seemed to break comments all together! IM me if there is any problems commenting! Ty

Today has been a dark day for SL financial sector, with multiple SL banks being attacked, one after another, apparently by same person.

There is common trend: First a huge deposit from Betatester Allen, then a bit later their server and/or software gets compromised, where possible, and funds stolen.

SLIB was attacked by the first method, hell, even my account was disabled for some 20-30 minutes! I was shaking with fear of what was going on, then in fear of what LL is going to do. Everything happily resolved for SLIB however, promptly too, and for that a big Kudos to Belinda Linden. To best of my knowledge, SLIB was the first target, L&L the second, as far as i know.

Then just as I warned Lindsay Druart about what happened, she noticed a 10mil L$ deposit … This got solved for them happily too, but then came the second attack, and stealing of 3.2mil … OUCH!

There’s multiple postings on blogs right now, first Maelstrom Baphomet’s:

http://dragonsbite.blogspot.com/2007/11/sl-financial-institutions-taking.html
http://dragonsbite.blogspot.com/2007/11/lnl-rocked-by-32-million-dollar-heist.html

Then the ever-so-loving Nobody Fugazi’s post: http://www.your2ndplace.com/node/742
See how it seems that he’d like to allege me to be the person behind these attacks! Our own little beloved fuzzy teddy bear Nobody Fugazi, who likes his shady griefing extortionist tactics ^^

Also, he should get SLIB’s correct, he makes it sound like Lindsay Druart saved us! that SLIB he means is SecondLife Investment Bank, not SL Investor’s Bank (us).

Got to love bad journalism
Someone said to me about that ‘Like I could Say. ” Everybody knows that I hate John doe, but this time i will be objective and say that he is an asshole”‘

This week has been rather horrible for SLers, technical problems left and right, and in-between.

As i’m writing this, land sales are down (There goes my profit margins …), and several sims are lagged the hell out and/or offline. This week, for people who work in SL, and get their living from SL has been horrendous in general, with more or less fatal stability problems.

Personally, this might have caused several hundred USD lost.

Then again, more often SL breaks, more Linden Lab finds what needs fixing and where new hardware is being needed, thus, eventually after all these hardships, we should get more stable experience. However, looking at the stats posted by LL (Service Quality Metrics), it might not always feel like that.

Aeon of SLIB Real Estate, the management account of SLIB Real Estate is SLIBRealEstate Aeon, and group SLIB Real Estate Holdings.

Aeon stands for “age”, “forever” or “for eternity”, http://en.wikipedia.org/wiki/Aeon

Maybe suitably chosen name? For the coming age of dominance by SLIB Real Estate. Nothing less is satisfying enough, only, the utter market dominance for ever. Aeon of SLIB Real Estate.

The management changes has been started now, and are well on the way. The new group already holds a quarter sim of land, all set for sale etc. Still, a lot of work remains to be done, for example setting the credentials how SLIB is going to be paid, AND so that before, if ever, the money this account has deposited, maybe, shouldn’t show up as a liability, or should it?

I will consult accountants and other business men how this should be done, or should i not deposit to SLIB at all, but actually login to that account to make land acquirements? Maybe.

Some people has  shown concerns that this could show up very negatively on SLIB accounting, and real estate is the main revenue source and it would disappear. If taken public, SLIB would gain in form of dividends and share value, if not taken public, all the assets of SLIB real estate would be on the bottomline of SLIB also, as SLIB is the sole 100% owner of the subsidiary company.