Criminals 'follow the money' to where virtual and real-world economies converge

Crime against virtual communities could thrive in the economic downturn as the cyber underground looks for other ways to make money, experts say.

With the financial crisis, people are more likely to spend more time at home and, thus, online, security experts say. FBI supervisory special agent Darren Mott says online virtual communities may be the next frontier for cybercriminals, as users spend more time on these sites: "You may see [more] theft or fraud [there]," he says.

There have been a few publicized cases of theft in which the virtual and real worlds have blurred. In one case, Mott says, law enforcement officials received a call from a man reporting that some of his online virtual property had been stolen: "He was able to attach a number value to it," Mott says. "You see a lot more of the online economy becoming intertwined with the hard-money economy."

In another recently reported case, a 16-year-old boy in Japan was charged with stealing virtual currency valued at $360,000 in an interactive role-playing game. He allegedly stole another player's ID and password in order to steal items from the victim's portfolio.

The security and privacy risks of online gaming and Second Life-like virtual worlds are the topic of a newly released paper (PDF) by the European Network and Information Security Agency (ENISA), which points out the security risks here, including identity theft on an online persona, spam, denial-of-service attacks, and risk of corporate data leakage.

"Always quick to 'follow the money,' criminals are increasingly exploiting cross-over points between virtual and real-world economies. It is the failure to recognise the importance of protecting the real-world value locked up in this grey-zone of the economy, which is leading to the 'year of online world fraud,'" according to the ENISA report.

Kaspersky Lab earlier this year reported that online gaming fraud spiked last year, the ENISA report noted, with malware targeting online games and virtual communities jumping 145 percent and more than 30,000 new pieces of malicious code unleashed for stealing online gaming passwords. "Such malware is invariably aimed at the theft of virtual property accumulated in a user's account and its sale for real money," the ENISA report said. And sales of virtual objects hit about $2 billion worldwide last year, according to Kaspersky's data.

"The failure to recognise the importance of protecting the real-money value locked up in this grey-zone of the economy is leading to an exponential increase in attacks targeting online MMO/VWs," the report said, referring to Massively Multiplayer Online Role Playing Game/Virtual Worlds.

Bots can be sprinkled within the virtual worlds to spread spam or advertise products, for example, and these sites are vulnerable to DDoS attacks: "Scripted objects and avatar action in MMO/VWs provide novel variants of DoS attacks. MMO/VWs are especially vulnerable to DoS attacks because of their centralized architecture and poorly authenticated clients," the report says.

Aside from "virtual muggings" of a user's virtual money, property, or gaming powers/skills, participants are also susceptible to hacks on their private data via the virtual site, or the reverse, where avatars can scheme to block another player or avatar from a sector of the game or virtual community.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights