Imaginary Realities Imaginary Realities About Search Glossary
What's new? Index :)
Select issue:
Join a discussion Resources
     

Adjusting to Altitude
- Sanvean
Keep on Dreaming
- Kazumba
Eating and Drinking in Muds
- KaVir
Identity Theft and Mudding
- Anthony Haslage
Theories About Players
- Sire Teige
Cartoon - The Mud Wringer
- Rebecca Handcock
The Ascendancy of Mass Market Games
- Bob Mandel
Potlaching Your Way to Riches
- Jessica Mulligan
Bringing Women to the Game
- Dalaena

Letters to the editor

Enter your email to be informed when this site is updated.


Comment on articles

Letter 1
Contact editors

   

Identity Theft and Mudding

by Anthony Haslage

We are at a day and age where people in the community want to be known and respected. Many people slowly work up over the years and gain both wisdom and respect. Others do almost nothing and as well wish for the respect of others.
Buying on credit

Gaining credit in the mud world.

Obviously, if you want to be someone who is both wise and respected, you need to go the long, hard road and very slowly work upwards. It is alright to make a few mistakes as long as you learn from them.

However, there are now people who decide one day, "Hell, I want to be able to gain access to places I normally could not and get the respect I feel I deserve!". Some of these people will work for it, but then others will be the ones who steals your identity and use it to gain what they want.

Again and again identity theft occurs. Some are innocent enough, but others use it as a way to gain access to things they would normally never gain access to. Let us define the different forms of indentity theft. We will also describe ways to detect the true identity stealers.

A. Identity Theft - Case 1

You are a mudder who strongly believes the codebase you most commonly use is the best in the world. You respect the designers and may even think of them as gods.

You are in search of a new mud for any reason and find a mud which you found at MudWorld or TMC which seems like it be fun, by its' description alone.

You log into the mud which you had known, by its' description, was a SMAUG. You see on the greeting the names of only the muds staff and as you log in, nothing mentioning the Diku or Merc creators at all.

You eventually finish character creation as well as reading the MOTD to discover not even those have a mention of the creators of Diku or Merc. Checking the help CREDITS file again you notice something is missing.

You take it apon yourself to make it known that the mud owners are breaking the license which requires certain information on the GREETING and CREDITS help files. You make a comment to the administrator available that he or she is breaking the license. He or she then tells you, "We were told we did not have to." or "Goto HELL!" and punishes you.

Once you realize they will not comply, you try to email the codebase designers about the license breaking. The designers never get back to you and after a few days you revisit the same mud and discover nothing has changed.

You finally become so angered by the disgrace these people have made of the codebase that you love, you decide to force them to follow the license yourself, but how?

You decide on which person would be most likely to visit a mud who breaks a license, so you take on thier persona. You may make up an email account at hotmail with that person's name and log into the mud.

Welcome to the official identity theft club!

You complete character creation and arrive in room 100 and stand there for god knows how long. An administrator finally realizes you standing there, or simply tried to ignore you and could not, and transfers you to him or herself. You then end up at the point of no return by saying you are the persona of the person you are logged in as.

The administrator welcomes you and asks what you need. You reply that they administrator was breaking the license and needs to comply before there is trouble for them. Now, depending on how high the chain of command this administrator is, you may get the "We were told we did not have to." excuse or "Ok, I will follow the license.".

There is no real way you can find out who told them it was ok, if they stick with the "We were told we did not have to." excuse, unless they tell you. If they do tell you and you find out it is a big lie, what can you do? Surely, arguring it with them could make a bad problem worse. Reporting it to the license holder is all you can and should do.

Now, If they decided to follow the license, then you did what you set out to do, all because you love the codebase. Perhaps, never again you will steal an identity no matter who or what it benefits.

However, as helpful as you were trying to be, you committed a crime the FBI (In the U.S.A.) loves to prosecute, be happy you did not go any further.

B. Identity Theft - Case 2

Ok, let us say that in case 1 did work out and you have started to like the respect you gained from the persona you have stolen.

You then find people emailing your fake email address as if you were the real person. They know you by the reputation you stole and because you gave your email out to a few people, they passed it on to others who could use your services.

You find yourself as your stolen persona on many muds. You are given high ranking staff positions you could never get before as yourself.

Then you are asked to help here and there. You eventually realize you could now start your own mud, but you could avoid doing any work if you plan it right.

Someone emails you asking that your coding knowledge would be very useful to them. You think to yourself, maybe this is the code I could use as my own mud. Maybe this is the thing I am looking for to help me get even further.

So you log into the mud where the owner presents to you the keys to the code that will be your new mud. They ask you to fix something simple and you may actually be able to fix it.

You log into shell and fix the bug, but then you decide to quickly wipe the object files and copy the entire mud. While you compile, you login to the shell again using another window and grab the copy of the mud which you had just made and download it. Then you purge the file you just made, finish compiling, logout and tell the owner, "I am all done.".

The owner, or shall we say victim, pats you on the back, shakes your hand, bows and you logout.

You rub your hands together in excitement of your new mud that you have just stolen. All you need to do now is remove the pfiles, logs, alter any additional files, compile and start it up.

The mud runs and you may have just gotten away with it. You altered the stolen code just enough where only the true owner would know it was thier code.

What can happen to you now? You got away with it free and clear.

Well, you broke the law in most countries when you stole the persona of another. You have now gone one step further and have become a hacker.

You ask, "Is not a hacker someone who accessed a server or account which they did not have permission to enter?". The answer is yes.

You just logged in as someone else, meaning you did not actually have permission to access the shell. The person whos' persona you stole was the only person who had a right to access that shell. Not to mention the fact you took files which you had no permission to take, even as the persona you stole.

Now however, the owner has found in the server logs the mud was copied by the persona you logged in as. So the owner now has no choice but to report to either the persona's employer or FBI of the offense.

You just committed the perfect crime, did you not? The person whos' persona you stole is being blamed. But then, you remember you forgot you left an ISP marker, the additional server and mud logs. The owner has the time you logged in and by simply contacting your ISP, you can be traced.

ISPs have the habit of directly reporting to the FBI, they will not even tell you that you have been fingered. However, you may find that the next day your internet access is gone and men in suits are at your door.

Think because you are a minor nothing can happen to you? Well, guess again! In the U.S.A. you can get atleast 3 months in a Detention Hall. As an adult, the time you spend in prison could be many years. Either way, after you get out, it will be hard to get another internet account with many companies.

C. Something to Think About

Did you know there is a blacklist of hackers available to ISP, cable and telephone services? All they need to do is cross-reference a name, address, social security number or other personal information and know if you have been naughty or nice.

In my state, it takes a minimum of 1 week to have a background check completed on you to see if you can be trusted or have past hacker complaints made against you. It only takes a few minutes to check to see if someone is a hacker on the blacklist.

The internet, cable and phone services are growing so fast that there are thousands of new accounts requested daily for each individual, centralized service local to you. This is the only reason some turn- around times are a week or more, requests are taken in the order they are recieved.

D. Detecting the True Identity Stealers

Unless a codebase designer has an autobiography written and an identity thief just happens to own a copy, there are ways to find out if the person is a fake. Ask questions which you know you have a 100% correct answer.

  1. The person would know thier own real name.

  2. The person would know where to download thier own codebase and where thier mud or website is located.

  3. They should be able to log in from the site or server they are most commonly known to be from.

  4. They will not log in and make it seem totally automated.

  5. Last and most important, they will answer quickly and accuratly without losing any patience. You can tell of alterior motives when someone loses patience and/or demands they are who they say they are without proving it first.

E. How to Report Hacking

Call your local FBI office if you are in the U.S.A. Otherwise, contact a local law enforcement office on a non-emergency line for the number or simply open a phonebook and look. If you have logs which entail times, DNS/ISP and other indentifying information, they FBI may request your harddrive. Make a backup before you hand it over, in many of the cases they will wipe it clean when finished. Before you even make a call, you need proof. Frankly, this even goes for viruses. How do you think many places know about any of them? The FBI is usually the first to be informed and passes the information to the proper places.

F. In Closing

This will be an ongoing editorial. I will add to it as more becomes available. It would be interesting to have admin submit to me ways to prove they are themselves if and when they visit your mud.