Printer Friendly

Second life operators fights to keep fraud out of growing virtual world.

EVERY decade or so comes a technology that is so new, comprehensive, interesting, and damn useful, that it completely changes the way that we have fun and do business. Think commercial air travel, the mobile phone and the Internet ... these were all, what management experts like to call "disruptive technologies", because they forced established businesses to change the way they operated. Now, another of these technologies-come-zeitgeists is on the way--virtual worlds such as Second Life, Whyville and ActiveWorlds. The most popular of these--Second World--said celebrated hi tech guru Mitch Kapor, who founded Lotus 1-2-3, in a recent speech "is a disruptive technology on the level of the personal computer or the Internet."

In future, he and other specialists have predicted, fortunes will be made on such virtual worlds, and as a result, fraudsters and other sophisticated criminals will be looking for ways to exploit these complex systems. After all, Second Life already has more than seven million residents who can conduct business just as they do in real life via an Internet connection. Members can trade services to other members, which are bought and sold with 'Linden dollars', the virtual world's currency, named after its creator and online host San Francisco-based Linden Lab, whose company name is Linden Research Inc. Its dollars can be bought for US$ via the system's online exchange at a rate of around LL$265 for US$1. Services available include selling customized digital clothing for avatars, setting up and furnishing virtual buildings, selling programmes enabling an avatar to dance, drive or even have sex. The most profitable of these is usually virtual property development, which has been the source of some serious earnings, for instance by Anshe Chung an avatar created by German user Ailin Graef, who became SL's first US dollar millionaire last year, making money from several virtual shopping malls, virtual store chains, virtual brands and investments in Second Life's virtual stock market investment. Other virtual world development companies doing well on Second Life include US-based The Electric Sheep Company and UK-based Rivers Run Red Ltd.

As a result, it is no surprise that fraudsters and other IT criminals are already lurking on such virtual worlds, warned internet security company Symantec. It said virtual worlds, including Second Life, and mass-gaming platforms such as World of Warcraft, are being targeted by organised criminals to launder money and spread key loggers and ID harvesters. As regards laundering money, Symantec warned that criminals could pose as legitimate Second Life or other virtual world participants. They would then purchase their online currencies, and then switch them back into normal currency (generally US$), maybe after buying services or stock on a system's virtual stock exchange.

Looking at mass role-playing games Symantec said: "a criminal enterprise could open several thousand ... accounts. Each could be used to trade with other players in the purchase or sale of in-game assets, the funds from which would ultimately be withdrawn from the accounts. Since thousands of accounts may engage in millions of transactions, each with small profits or losses, it would be difficult to trace the true source of the funds when they are withdrawn. These transactions can be conducted worldwide without the oversight that typically accompanies international bank remittances."

This indeed could be a problem, for although Second Life has rules preventing new members buying and selling cast amounts of Linden dollars, small transactions are allowed almost immediately.

Another issue is malicious software being offered to as a way of improving computer functions within the virtual worlds. As with downloading e mail attachments from unknown senders, this can be dangerous, giving cybercriminals an chance to secrete malicious programmes such as keystroke loggers and password and information phishing recorders.

Asked about both fraud issues a, Linden spokesman said: "With respect to the concerns raised by the Symantec Internet Security Threat Report, Linden Lab always advises Second Life Residents to exercise caution when installing downloaded software on their computer, especially if that software purports to improve the Second Life experience in some way. As a general rule of thumb, if the software comes from an unnamed or unknown source, [Second Life] residents should be wary of downloading it." However, Linden would not offer any spokesman for interview with Fraud Intelligence and did not directly provide any further information.

That said, (and this being a virtual environment, some credit has to be given here), Linden Lab does post various anti-fraud warnings and advice on its Second Life website. On the Linden Exchange, where users buy and sell US dollars with Second Life Linden dollars (exchange rate L$265 to US$1)--a banner proclaims that all credit card fraud involved in making such purchases will be reported to the US Federal Bureau of Investigation (FBI). In its terms of service with users, Linden Lab says that should it terminate anyone's Second Life account "due to suspicions of fraud", no money will be returned to the user. It also says it will if necessary divulge personal information it stores "to law enforcement or other appropriate third parties in connection with criminal investigations and other investigations of fraud."

Such concerns have indeed been acted upon. A good example was a now-resolved dispute between Linden and a Second Life resident called Marc Bragg, whose online avatar is called Marc Woebegone. In a counterclaim to legal action brought against Linden by Mr Bragg, a licensed US attorney, the Second Life operator claimed he and some associates acted fraudulently by obtaining, altering and using without Linden's permission, computer software to gain unauthorised access to Linden's server. This, claimed the virtual world operator was to subvert its 'virtual land' auction system, which is how Second Life members buy digital plots on which they can build virtual houses, shops, gardens, bars and so on." Bragg wanted to "obtain access to 'virtual land' that was scheduled to be auctioned by Linden ... before it was available to any other users, and to acquire it for as little as one US dollar rather than whatever winning bid (in excess of the minimum opening bid of U.S. $1,000) might have resulted from a legitimate auction", claimed Linden. "After acquiring the 'virtual land' through this fraudulent scheme, Bragg intended to subdivide it, sell it to other Second Life users, and potentially obtain thousands of dollars in US funds in ill-gotten profit," it continued. Bragg opposed these claims and sued Linden and its CEO Philip Rosedale to recover "virtual land, property and items that were in his account" when it was suspended by Linden Lab, and for money damages and other relief. This month (October), however, Linden announced that the dispute had been resolved, and that there had been "unfortunate disagreements and miscommunications regarding the conduct and behaviour by both sides", and restored Mr Bragg's account.

Meanwhile, Linden has been advising all users about the risks of being Phished on Second Life, with users being asked for passwords by other avatars or service providers in the virtual world, such as virtual clothes vendors, or animation software providers that can make an avatar move in a certain way. "Do not give your password to ANYONE...a friend, a partner or a Linden" employee, says a strongly worded piece of advice from the operator, which has also suggested users devise strange passwords, which are not used for other Internet purchases, email accounts or other web purposes.

Last year, there was a breach of Linden's systems, which led to a review of security within the company. At the time, the Second Life operator said "it looks like the attacker who accessed the SL database was after source code and L$ (Linden dollars)." The hacker manufactured some L$, and "got at least part of the website source". In this case, the attacker was not after customer data, but Linden said later: "We're going to reduce the amount of customer data we store (do we really need your billing address?), and will move the remaining sensitive bits (passwords, hashed card numbers, L$ balances, etc) into [digital] vaults." It added that "raw credit card numbers were never exposed because they're kept in a secure back-end 'vault' with extremely limited access." As well as its real world anti-fraud specialists and litigators, Linden's Second Life has its own volunteer virtual police force, based at a virtual police headquarters. It passes on reports of fraudulent practice, such as sales of computer services that do not work, or perform inadequately. They would also be ideally placed to blow the whistle on any hidden malicious software, if tipped off by an angry avatar. They can also help uses tip off Second Life authorities about any problems through its Abuse Report system. Fraud Intelligence sent Second Life reporter avatar Belinda Blessed to the SL cop shop, where she 'spoke' with Police Chief Justice Heron. He said: "If someone came to us stating an issue that clearly was a fraud we'd help place them in contact with Linden Labs via the Abuse Report feature or by directing them to the Second Life website. We'd also help them ensure they had all the proper information needed to support their claim." He added his virtual officers would also make inquiries talking to SL members and "do our best to ensure our Abuse Reports that due get filed are valid", although he stressed "we do not work for Linden so we have no real authority. We just try to ensure everyone has a good time here on SL".
COPYRIGHT 2009: A global news agency serving specialist publications with global articles. See
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2007 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Nuthall, Keith
Publication:International News
Article Type:Company overview
Date:Sep 1, 2007
Previous Article:EU ministers back dairy market liberalisation and simplification reforms.
Next Article:EU Council approves crime fighting data transfer deal.

Terms of use | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters