Other

Industry View: Hidden Dangers of Virtual Worlds

Ryan Berg of Ounce Labs says cyber-criminals recognize new ways to exploit the real-world assets of virtual world residents

By Ryan Berg

January 02, 2008 — CSO — The barriers between virtual realities and the real world are beginning to blur as individuals and corporations establish identities and storefronts in virtual worlds like SecondLife and World of Warcraft. The growing use of these virtual networks is redefining how people interact with the Internet. While many virtual world inhabitants view the software as primarily a safe pastime, others seek to generate income – legally or otherwise. Many traditional security and privacy vulnerabilities exist within these virtual environments and organizations and individuals alike must consider the implications of their participation within these virtual spaces.

Identity theft, loss of privacy and threats to real-world accounts constitute the primary dangers in virtual worlds. Savvy cyber-criminals recognize that these developing worlds represent new ways to exploit the real-world assets of virtual world residents, and they are actively pursuing these dark avenues. The growing media buzz about the virtual world has already made Second Life a target for hackers trying to gain access to sensitive data to commit identity theft and for financial gain. Last September, hackers stole a Second Life database containing passwords and login information for approximately 650,000 players.
Virtual worlds may well be integrated into the future of global commerce, but the significant insecurities within these fledgling worlds warrants a full investigation to understand risk exposure before businesses set up shop to peddle their virtual wares. Participants need to start taking these communities seriously. Users, developers and regulators alike need to be educated about the dangers of allowing strangers to gain access to their online profiles and what they can do to help prevent exposure or exploitation. Web surfers know that visiting gambling or pornographic sites could harm their computers, but they also need to know that malicious code can be downloaded from almost anywhere, including in worlds or games that they presume to be safe environments.
The same methods used in traditional security education -- teaching users not to divulge passwords, keeping their systems patched, and having security software installed -- apply in this context as well. Users need to keep alert so they do not become a victim. They should also realize that while they might just be playing a game, someone else might view the stakes as much higher.

While the primary risks in virtual worlds revolve around money, there are other personal and business assets at risk. The software running most of these sites allows access to desktop systems, exposing IT assets and confidential, private and commercially sensitive information, whether they be on personal computers or computers within corporate firewalls. Software developers need to take these communities seriously, designing these programs safely from the beginning.

• Email
• Print
• Comments
• Digg This
• SlashDot