Virtual Worlds Riskier in Financial Crisis

Criminals 'follow the money' to where virtual and real-world economies converge
Crime against virtual communities could thrive in the economic downturn as the cyber underground looks for other ways to make money, experts say.

With the financial crisis, people are more likely to spend more time at home and, thus, online, security experts say. FBI supervisory special agent Darren Mott says online virtual communities may be the next frontier for cybercriminals, as users spend more time on these sites: "You may see [more] theft or fraud [there]," he says.

There have been a few publicized cases of theft in which the virtual and real worlds have blurred. In one case, Mott says, law enforcement officials received a call from a man reporting that some of his online virtual property had been stolen: "He was able to attach a number value to it," Mott says. "You see a lot more of the online economy becoming intertwined with the hard-money economy."

In another recently reported case, a 16-year-old boy in Japan was charged with stealing virtual currency valued at $360,000 in an interactive role-playing game. He allegedly stole another player's ID and password in order to steal items from the victim's portfolio.

The security and privacy risks of online gaming and Second Life-like virtual worlds are the topic of a newly released paper (PDF) by the European Network and Information Security Agency (ENISA), which points out the security risks here, including identity theft on an online persona, spam, denial-of-service attacks, and risk of corporate data leakage.

"Always quick to 'follow the money,' criminals are increasingly exploiting cross-over points between virtual and real-world economies. It is the failure to recognise the importance of protecting the real-world value locked up in this grey-zone of the economy, which is leading to the 'year of online world fraud,'" according to the ENISA report.

Kaspersky Lab earlier this year reported that online gaming fraud spiked last year, the ENISA report noted, with malware targeting online games and virtual communities jumping 145 percent and more than 30,000 new pieces of malicious code unleashed for stealing online gaming passwords. "Such malware is invariably aimed at the theft of virtual property accumulated in a user's account and its sale for real money," the ENISA report said. And sales of virtual objects hit about $2 billion worldwide last year, according to Kaspersky's data.

"The failure to recognise the importance of protecting the real-money value locked up in this grey-zone of the economy is leading to an exponential increase in attacks targeting online MMO/VWs," the report said, referring to Massively Multiplayer Online Role Playing Game/Virtual Worlds.

Bots can be sprinkled within the virtual worlds to spread spam or advertise products, for example, and these sites are vulnerable to DDoS attacks: "Scripted objects and avatar action in MMO/VWs provide novel variants of DoS attacks. MMO/VWs are especially vulnerable to DoS attacks because of their centralized architecture and poorly authenticated clients," the report says.

Aside from "virtual muggings" of a user's virtual money, property, or gaming powers/skills, participants are also susceptible to hacks on their private data via the virtual site, or the reverse, where avatars can scheme to block another player or avatar from a sector of the game or virtual community.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message