Archive for the ‘Virtual Worlds’ Category

Woo doggie. Man I feel refreshed! I guess a year-long blogcation will do that to you. Well, anyway – I won’t say much about my prolonged absence other than to say that it was a long time, I realize that it was a long time, and probably anybody who used to read this blog has since went away. Well, that’s OK – we’ll think of it like an experiment. If there’s anything of use over here, than folks might come back. Otherwise, I should probably shut up.

Moving on. I saw today an article from last month about Security Policy Considerations for Virtual Worlds by Jeff Surat over on HelpNet. Now, maybe you remember (from back in the day), that both I and a colleague did some research on this a year or so ago. Now, I like where Jeff is going with his discussion. He mentions the grey goo infestation, which I thought at the time was fascinating as hell, and he alludes to security (and business) risks that you can open yourself up to by participating in these communities. All interesting stuff.

The only thing I was disappointed by with Jeff’s article was that he didn’t go into some of the broader fraud impact of these communities. Consider, for example, the following scenario:

Goal: Someone wants to bring 10,000 dollars into the US without filling out any nasty paperwork, alerting the authorities, or having to answer any uncomfortable questions. Can they use SecondLife to do it? Sure… check it out:

Step 1: They sign up for Second Life and get an account.
Step 2: They use the Lindex monetary exchange to exchange their native currency into Linden Dollars.
Step 3: They trade that currency to their associate “in game”
Step 4: They withdraw that currency in the US as USD

Sweet, huh? What if they wanted to launder drug money? Do you think legions of semi-anonymous virtual transactions like a Second Life nightclub might be a good strategy to launder that money. Hmmm… Jeez, ya’ think?! I seriously doubt that Linden Labs is keeping meticulous records of currency exchange in game unless somebody in authority (hey Secret Service and OCC, you listening?) requires them to. It’d sure be nice for someone to notice this completely unregulated, borderless, and anonymous monetary exchange.

Oh well. Anyway, interesting stuff over there at HelpNet.

Hey, Happy Post-Thanksgiving Monday! Apologies to those of you who noticed the dearth of posts on this blog in the past week due to the holidays.

Anyway, in case you (like me) were out of commission for the past week (or hiding under a rock), there was an interesting case of a malware event in the virtual community Second Life. In case you’re not interested in following the link, the short story is this: Second Life (an online 3d virtual world) was recently bombarded by a large number of little gold rings (think “sonic the hedgehog”) that had the property of self-replicating when users interacted with them. If you’re interested in analysis and back-story, I personally think that the best take on this comes from Kurt Wismer over at the Anti-Virus Rants blog; he’s been posting on it all along and followed on that with an interesting follow up.

Anyway, this thing has been getting quite a bit of attention. There are folks who are interested in this from the denial-of-service angle and others who are interested from the worm angle; now, sure enough those things are interesting, but the thing I find really fascinating about not the fact that worms can hit a virtual community (after all, it’s happened before) or the fact that a DoS is possible against these types of worlds (after all, most of us probably suspected this was the case.) And, interesting though it is to speculate about, I’m not really even all that interested about what this kind of event implies about the emergent properties of online communities… No, what I find really fascinating about this is the economic ramifications – particularly with Second Life.

You see, I think there’s a richly textured world of fraud that we have yet to see latent within these online communities. Did you know, for example, that Second Life maintains a currency exchange? It’s true – for a small fee (I think it’s .30 cents per transaction), you can convert “real” money to Linden dollars (L$) – and for another small fee, you can go the other way (L$ to US Dollars, for example.) Or did you know that there are individuals on Second Life who are engaging in virtual prostitution as a way of earning actual legal tender? It’s true. So, riddle me this… what is the profit potential of fraud within a virtual world? Is it worth a criminal’s time? Well, currently the money supply within Second Life is 1,077,311,730; assuming October’s exchange rate of 288/1, that means that the total money supply is just over $3,740,665 USD… and quickly growing. Not bad; a piece of that could be worth somebody’s time. I wonder how long it will be before the bad guys figure out how to turn this to their advantage.

In the real world, “baddies” (thieves, extortionists, skull-breakers, muggers, etc.) are limited by the tangible nature of goods (meaning they can’t produce stuff on the fly), they’re limited by the relative inflexibility of institutions like banks and brokerages, and if they pull off a heist, they’re governed by well-understood and agreed-upon laws. But in this new frontier… Who knows what’s possible?