Electronic Jihad – new phase

The article below from the Jamestown Foundation illustrates a new and more organized version of electronic jihad.  Given the growing sophistication of the genre it can’t be long before this leaks over into virtual worlds.

Forum Users Improve Electronic Jihad Technology

By Abdul Hameed Bakier

A previous issue of Terrorism Focus exposed a jihadi website dedicated solely to cyber attacks against websites deemed anti-Islamic (Terrorism Focus, October 3, 2006). The members of http://al-jinan.org have targeted websites critical of Islam and Islamic rituals. They have labeled themselves electronic jihadis and believe that they are engaging in an online form of the jihad. The website distributes a program called Electronic Jihad that assists in overwhelming the servers of certain websites, thereby taking the websites offline, at least temporarily.

To encourage more participation in cyber attacks, the website recently offered more information on their objectives. One section redefines the electronic jihad by saying, “The electronic jihad is the method and the means to inflict maximum human, financial and morale damage on the enemy by using the internet.” The website reiterates the importance of organizing synchronized mass attacks on anti-Islamic websites and calls on fellow jihadis to sign up for the list of targets and to study the techniques and programs used in electronic jihad.

Unlike the first campaign of electronic jihad where participants did not have prior knowledge of the websites that they were attacking until they activated the Electronic Jihad software, the updated main page of al-jinan.org carries domain names of websites to be targeted in coming cyber attacks. Also, the Electronic Jihad software program 1.5 (silver version) has been updated to version 2.0. The new version of the software is easier to use than the old version because, after a few seconds of activation, it updates the targets automatically and is compatible with different internet connection speeds and capable of using different proxies to override government website blocking technology. The new version of Electronic Jihad sets up an account name and password with al-jinan.org for every user. The account registers the number of hours the user spends attacking targets and every two weeks to a month the names of those who scored the highest are posted. Currently, the highest score is claimed by a user nicknamed “George Bush” who spent 4,211.50 hours, or 70 full days, hacking anti-Islamic websites. Other users spent hundreds of hours running the program.

The cyber attack technique operates by sending bundles of data to the target website that require responsive action from the latter, which consequently overloads the website’s server with requests. A successful attack means that the website responds less effectively than it had at the beginning of the attack. The number of hits on the target website appears in a “successful attacks” counter. A failed attack means that the website did not respond to the data requests made by the Electronic Jihad program. One page in al-jinan.org lists the names, current status and links to previously attacked websites. Currently, they claim that they have launched successful attacks against more than 14 websites, labeling them as anti-Islamic and pro-Zionist. They then announced the following websites as targets for the next round of attacks: http://www.islameyat.com, http://www.rapsaweyat.com, http://www.investigateislam.com, http://www.meca-me.org and http://www.ladeeni.net. Further, the jihadis have claimed that several host servers acquiesced to their threats and shut down the anti-Islamic website hosted on their servers before any attacks had occurred. They do not provide examples of these instances.

In the past, different jihadi groups practiced cyber attacks on anti-Islamic websites, but they were never able to sustain a long, organized campaign. The new electronic jihad website, al-jinan.org, is not only operating continuously, but it is developing new techniques to enhance the technology and methods of promoting electronic jihad. With the spreading use of the internet in the Arab and Islamic world, the number of users engaged in some form of electronic jihad is likely to increase substantially.

Read Full Post »

Enter the Console…

(Opinion/Comment)

Classically MMORPG’s and Virtual Worlds did not, or could not, be translated very well into a games console environment. A number of pressures existed regarding the technology, the need for updates and compatibility issues with PC users. This (classically) would seem to be a bit of a shame considering the size of the market share that the console market (a good, but a little dated now discussion can be found here, and makes for interesting reading. With another excellent paper on the general industry by the Entertainment Software Association being found here)

Things change, if anything has been learn in the past 20 years about the way the computer industry moves, it is that (apart from of course the fact that Windows keeps not working on my PC… That never seems to change…). A market once seen as the domain of the PC has opened out, mainly due to a concurrent number of factors like broadband usage uptake across countries, the increase in the technology used in high end consoles, and, of course, the financial sucesses which have been seen in these virtual worlds. As a friend was saying to me the other day, why sell a normal computer game which you only sell once when you can sell the equivilent of computer gaming cocaine, and the users will come back again and again.

(As I recently closed my World Of Warcraft Account which had over 3,000 hours logged on it and 5 high level characters, and my personal experience of 2 and a half years of gaming recently lost , that comment stuck a little too close to home… but, I digress)

Over the next few years we will be able to see a host of new virtual worlds in this console market. Sony’s recently demo-ed Home for example makes Second Life graphically look like an aging dinosaur , and with MMO-games like LittleBigPlanet breaking the mould of what can and can’t be done in the genre. With the XBox 360 also with a number of highly engaging games both currently and waiting in the wings (and Xbox Live having run for many years) I believe it is fair to comment that the giants of the computer gaming industry, the console games makers, are not asleep to the huge potential of the highly lucrative MMO/Virtual Worlds games segment.

And the point of all this on Metasecurity? Well… the stage is set for a number of things in the next few years if the console markets enter the Virtual worlds market in a big way. Especially if any of them use a virtual currency business model or indeed, even if they don’t, if secondary markets develop for in-game goods as they have in many current MMO games.

Firstly, volume of trade, the Console market is over half of the total video games market. If Virtual Worlds on consoles prove to be as popular as their PC counterparts then similarly we would logically see an increase in both the ability of these worlds to be used as Alternative Remittence System (something I dismiss here mainly due to a lack of size). Next, the increase in size/volume leading also logically to an increase in already existing fraudulent sales (as discussed here). And indeed, the increased possibility of Trade Based ML occuring (which I keep mentioning and will indeed be writing something on this soon)

Then we have the matter of the age demographics. Roderick has already posted here a number of stories regarding current worries over virtual worlds and issues such as child protection and Crime. With the drop in average age that the console market gives us if they enter the Virtual Worlds market, are we simply going to see again a logical increase in the worries over these issues?

Certainly the future looks bright for Virtual Worlds and MMO-games in general from a business point of view in the next few years with the potential for the biggest sector of the market now being able to play in their little sand-box. This doesn’t though seem to solve any of the issues which these worlds already currently have. Indeed, it probably just projects them onto a slightly wider stage.

That said… with the games which seem to be coming… that larger stage looks very nice indeed.

David Grundy

Read Full Post »

Virtual Fraud making news at Virtual Goods Summit

McAfee now sees more malware programmed to steal passwords for World of Warcraft now than trojans aiming for banking information, said Craig Schumager of the McAfee research labs. In talks with Erik Larkin at PCWorld.com, he outlined why fake game gold is more attractive than real money. Primarily, there’s less risk of getting caught and easier punishments for hacking World of Warcraft than Bank of America, but the gold is still easily commutable to real-world dollars and cents.

At the Virtual Goods Summit last Friday, there was a fair amount of talk around virtual gold fraud.  Organized crime is involved with virtual gold as a money laundering tool. It’s a simple matter to buy the gold on a gray market for illegal money and then resell it in a legitimate market for funds that can be declared. The entire conversation is worth a read, but here are the highlights.

As Brock Pierce of  Affinity Media (formerly  IGE), put it “Fraud in the secondary market is rampant. On eBay, secondary sales were resulting in 10 percent fraud at one point I think. Someone in Russia could login through a proxy to a server in the US and make a purchase with a stolen card, turn around and resell it on the secondary market, and sell it for 75 percent in a matter of minutes. Organized crime is involved, and it’s anonymous.”

Or as Raph Koster put it: “I described this years ago at a social policy conference. And they [the government representatives] said, ‘Well it’s not drug money, but it is terrorist money.’ The government will get interested.”

Post from Virtual World News

Read Full Post »

Virtual Worlds as a possible Alternate Remittance System (ARS)

They have many generic names; underground banking, parallel banking and so forth. Indeed, specific remittance systems many be known to you as Hawala, Hundi or  Da shu gong si. The Financial Action Task Force groups all of these together under one generic name: an Alternate Remittance System (ARS). A system of transferring monies from one place to another which bypasses the important checks and balances in the normal banking system, and one which is worryingly used by both Money Launderers (ML) and Terrorist Financing (TF). 

So where do Virtual Worlds come in?

 

Well, a number of virtual worlds have set themselves up, as part of their business model, as places where players can invest their monies into virtual game world cash units, trade in these said units to gain in-world goods, and then extract these units in the form of cash again. The worry being, as communicated by a number of different, and prominent, individuals and organisations, that this set of transactions, these mechanisms of transfer if you like, many possibly facilitate ML or TF activities and operations.

 

How?

 

Generically what we are talking about is the interaction of the transfer of value. To give you a (generic) example:

 

Bob lives in a country with an extremely highly regulated banking sector.

Bill lives in a country who’s banking sector has been recently removed from the Financial Action Task Forces NCCT “watch-list” of countries who have poor banking regulation.

 

Bill plays a highly popular MMO-Virtual World in which you can buy virtual cash and extract this virtual cash from the game world at a later date. Bob does the same.

 

Bill transfers about $100 worth of his money from his bank in this low regulation regime and buy’s virtual cash with it.

 

Bill’s avatar in the game now has this virtual cash.

 

In the game, Bill’s avatar goes upto Bob and gives Bob’s avatar this virtual currency.

 

Bob then transfers this virtual currency from this virtual cash which exists on his avatar back into real world cash in his bank account.

 

So what do we have in this example? We have a simplistic transfer of value from a low regulation banking regime to a high regulation regime which has bypassed the active regulators, in effect, the checks and balances. Bob could then go on to move this money (probably through back to back transfers) onwards to a further destination.

 

Still not see the issue? To take (quite literally) the most extreme example I can think of; lets suppose Bob was a terrorist in North America, and Bill was financing his terrorist cell from (for example) Egypt… Now you start to see why so many people are so very worried about this.

 

Mechanisms

 

Though the example is simplistic, the mechanisms which allowed this possible transfer to occur are:

 

Relative ease of setting up an account in a low regulation countries

Ability to buy in-game currency from bank accounts created in low regulation countries

The ability to transfer funds in-game between avatars (i.e. players, users)

Lack of transparency over why transactions occur in-game

Lack of an audit trail of transactions conducted in-game

Ability to transfer out of the game virtual assets for real currency

 

Of these mechanisms (of which this is not an exhaustive list by any measure) these are a number of areas for further examination.

 

Can this be tested? And how?

 

Indeed. Testing is possible. And Legally too.

 

Next time you’re in a country with which has recently been taken off the NCCT banking list remember to take all the details needed to set up a bank account (you might be surprised how few you need in some places…) and legally set one up, paying in $100. Next set up a Virtual World account and transfer in the monies from this account (all hunky-dory legal-like as they say)

 

Next, get your wife or partner to set up a virtual world account (indeed, of all the difficult bits to do, this could be the most pressing, I highly recommend promising her the $100 for a dinner out) and then have her avatar meet with your’s in game and make the transfer. She can then extract the cash and you’ll be able to go on a dinner date…presumably at least slightly worried as you eat your food at how easily you’ve transferred the money over.

 

The real deal?

 

No. I don’t think so, quite honestly, not yet. Not as an ARS anyway at the moment.

 

There is a significant difference between highlighting it can be done, and saying it is. The main issue being for the most part being volumes. Quite simply, despite what I’ve highlighted, the volumes of trade conducted in Virtual Worlds at the moment do not see to support the volumes needed for large scale Money Laundering or Terrorist Financing.

 

I see this as a threat, something that games designers, games publishers, legislators and enforcement agencies should be aware of, and as these virtual worlds increase in size, and the volumes do increase to the point where them being used as an ARS becomes an issue, let us hope that the structures are in place to deal with this because these people where forewarned.

 

My personal view is that Trade Based Money Laundering using Virtual Worlds is much more worrying a possibility than them being used as ARS. Though many will disagree with that view I’m sure.

 

What is needed?

 

My personal view is quite simple.

 

If it acts like a bank, it feels like a bank, and it operates like a bank….. Then it needs to be treated like one by regulators. Though it might be a virtual world game, any virtual world game which operates a real world money transfer system which allows players to transact within the game economy should be operating within a more stringent set of rules.

 

This isn’t however down to one company. As singling out a single company or indeed game world in entirely and wholly unfair. This needs to be something tackled by the computer games industry, hopefully in conjunction with the Banking Sector, so that appropriate rules and regulations may be put in place to prevent abuse of these game worlds.

 

 

David Grundy

        

(I’m aware I’m using a lot of acronyms here, my apologies, I’ve tried my best to explain each on I have used, but if you’re not following one, don’t be shy, and leave a comment below.)

Read Full Post »

Virtual Law

For more commentary on legal issues relating to virtual worlds see the blog Virtually Blind.

Read Full Post »

MetaSecurity on the BBC

Many thanks to Chris Valance over at the BBC for highlighting MetaSecurity on the BBC Pods & Blogs section here. As a frequent listener to many BBC Radio 5 Live shows (Which you can download from the BBC archive) I can highly recommend his show (and a number of others, their football coverage in particular also being great).

Read Full Post »

Jailing griefers

The excellent commentator on Second Life — Gwyneth Llewelyn recently published a piece in her blog entitled: From Welfare State to Laissez-Faire Capitalism.  The blog itself is always worth reading for the insight it provides relating to the history and future of Second Life.  Of interest to MetaSecurity was the section of the article relating to Second Life griefers (aka cyberbullies) :

“A side-effect of this laissez-faire attitude is the very high tolerance of griefers. Griefers are just cyberbullies, an illegal activity in several countries, and even the US National Crime Prevention Council advertises strongly against them. However, in SL, they’re rampant, and there is almost nothing that can be done to prevent them, beyond a temporary parcel ban. Private islands fare a little better, if they’re able to deal with 24/7 supervision by an Estate Manager. But this is just prevention, not dealing with the issue. Linden Lab’s Abuse Report system is totally unable to deal with this kind of situation, since it requires effective policing, which they’re not doing. After all, who cares if your account gets banned?… you can get a new one in 3 minutes, get a friend to deliver you the “griefer pack”, unpack it, and attack the next victim again. It’s so easy tha a child can do it — and that’s why childs do it at all.

Is there a way to prevent it? Well, adult validation will in a way minimise things, but some people, fearing a loss of customers, will allow unvalidated avatars. The only effective way to deal with this kind of crime and vandalism is making an example: get the FBI to arrest a few cyberbullies and make a huge press release as an example. Getting ten years in jail for attacking a live concert with live penises floating around until a sim crashes is sure to make a point — “remember, you can be the next one”. Right now, you can only temporarily remove a single alt here and there, which just has the cyberbullies laughing at LL’s backs and prepare the next big attack. ”

In world  crime such as cyberbulling of this kind will have to be regulated if virtual worlds are to grow.  State law enforcement agencies are not yet equipped to investigate virtual crimes.  However, virtual game companies such as Linden Lab could take a lead by making it clear that they would pursue legal means against user in cases of serious inworld crime ( economic damage, hate speech, stalking, bullying).  This would go beyond being banned and start a regulatory process, which would enable virtual worlds to grow.  The July issue of  Forbes reportsthat certain companies are pulling out of Second Life because it was like a, “virtual Iraq” – while this is hyperbole it is clealry in all users interest to have somemeaningful intervention against griefers damaging the environment – this doens’t have to wait for the FBI.

Read Full Post »

Outside View: Terror, crime go digital @ UPI News

From UPI News here

Outside View: Terror, crime go digital
By RACHEL EHRENFELD and JOHN WOOD
UPI Outside View Commentators
NEW YORK, May 23 (UPI) — Emerging digital technologies to move money instantaneously and anonymously open up new possibilities for criminals and terrorists, while regulatory and law-enforcement agencies are limping far behind.

On May 3, at the release of the 2007 Money Laundering Strategy, the U.S. Treasury spokesperson was pleased to note: “Focusing on well-established money laundering methods and emerging trends identified in the Assessment, we have created a robust strategy for combating money laundering, deterring criminals, and addressing areas vulnerable to exploitation.”

Yet the latest digital advances open to criminals and terrorists — mobile phones or other mobile devices to secretly transfer money globally, or M-payments; gambling; and transfer of virtual money through online role-playing games, or RPGs — are missing from this long-awaited government strategy.

The fast-growing pace and value of the virtual economy led the Congressional Joint Economic Committee to study the possibility of taxing virtual assets generated by online role-playing games, thus raising a myriad of issues: What method of valuation will apply? How will fair market value be determined? Where does the tax instance arise in cyberspace? What part of the goods and services are subject to state tax? How does one levy and enforce the tax in cyberspace? What tax provisions will apply for international transactions?

While the United States banned online gambling in October 2006, it has no regulations whatsoever to control specifically the use of mobile phones for gambling online. And no country, including the United States, regulates online role-playing games, which in 2006 had more than 14 million subscribers, generating more than $1 billion in revenues ($576 million in North America and $299 million in Europe).

This virtual world of role-playing games presents a number of challenges to U.S. law enforcement. First and foremost, no specific laws apply to it. Second, by virtue of its anonymous and virtual nature, it is nearly impossible to track real money deposited into and cashed out of the game. Third, the challenge of identification is compounded by the fact that neither players nor recipients are subject to any rigorous due diligence beyond the disclosure of an e-mail address, and even that can be spoofed. Fourth, there are no limits on the amount of money — real or virtual — that may be used in the game. Furthermore, since there are no clear jurisdictions, violations of laws are hard to prosecute.

Moving funds from one criminal/terrorist to another can work like this: A criminal/terrorist using fake IDs opens a virtual account in an online game. He then deposits real money via an ATM into his virtual account. With his virtual currency he buys virtual real estate from his co-conspirator and transfers virtual payment for the property to the seller’s virtual account. The seller then converts the virtual currency into real money and withdraws it from an ATM.

Already in 2001, the Financial Action Task Force noted that “Internet-based gambling operations can also act as a haven for illegal cash-washing operations.” Indeed, a few criminal cases have been prosecuted by the Justice Department for laundering hundreds of million of dollars worth of Internet gambling wagers. But the new mobile technology now allows criminals and terrorists operating through remote gambling accounts to store funds until they can be safely transferred into legitimate accounts of businesses or charities.

Asked about the lack of appropriate measures to counter this problem, U.S. Financial Crimes Enforcement Network spokeswoman Anne Marie Kelly told Brett Wolf, an anti-money laundering consultant with Complinet Inc., on May 7, “The bureau is aware of the laundering and terror finance risks posed by emerging payment technologies … (and have) an ongoing dialogue with the industries involved … to study and work with (them) in order to provide the law enforcement community with guidance on how these systems operate and the money laundering challenges they may present.” However, she did not say how long this “study” will take, or what FinCEN will do in the meantime to control this problem.

Director of National Intelligence Michael McConnell’s call to include future technological advances within the scope of the updated 1978 Foreign Intelligence Surveillance Act is crucial for our national security. Congress and/or Treasury should also initiate a law requiring the communications industry to design adequate real-time tracking and blocking mechanisms in each and every cellular phone or mobile device to prevent criminals and terrorists from transferring funds freely and anonymously.

Read Full Post »

Light Reading

In my crawlings around the internet, I often come across a number of interesting documents which are related to my research, both into virtual worlds in general and sometimes into potential crimimal activities in them. And with the idea in mind that there is far too little interaction between the research community and professionals sometimes, I thought I’d highlight some of the more relevent (and interesting) work going on out there.

Today I’m going to turn my focus on a very interesting research community called FIDIS, (which stands for “Future of Identity in the Information Society”) this is a community who are examining the implications surrounding the very nature of identity in this information age, with highly relevent (to this blog) examinations of the nature and threats of identity theft and so forth.

A main overview of the (wholly online) outputs of the project can be found here. However I would like to drawn your attention to the following articles : Tracing at Identity of a Money Launderer & Tracing the Identity of a Terrorist Financer, which make for interesting reading, though I think the entire document itself deserves a good once over, and indeed, considering the inter-related nature of online criminal activities and false identity usage, a reading of a number of these papers may be quite enlightening.

In addition to that “light reading” a few other good gateways for information include The Centre of Terrorism Studies website which, while not related to Virtual worlds wholely, does provide a very good portal of links to relevent papers regarding terrorism financing here.

Read Full Post »

Offshore banking Centers & Second Life

An interesting piece in New World Notes relating to Second Life usage figures.  Using Linden Lab user stats the blog of Millions of Us was able to show where the most active Second Life users are based – quote from the Millions of Us blog:

Here are the first ten countries where Second Life Residents are most active, based on the average number of minutes they spend in-world per day, per user:

• 161 – Cayman Islands
• 132 – Indonesia
• 130 – Netherlands
• 128 – Canada
• 122 – United States
• 122 – Korea, Republic of
• 116 – Russian Federation
• 109 – French Southern Territories
• 104 – Antigua and Barbuda
• 103 – Martinique

The Cayman is a leading offshore banking center so it is clearly of interest that it leads this usage chart.  Moving capital through the use of the linden dollar is one explanation for these figures. Offshore banking centers tend to innovate ahead of other sectors so it seems likely that Cayman based finance is looking closely at how to exploit virtual currencies for the benefit of its clients. 

Moving capital through virtual currencies is easily done and avoids a lot of regulatory control as there are no guidelines governing the use of virtual currencies (if anyone has an idea for some or has seen a blue-print please send).  Virtual game makes could develop their own regulatory controls but governments will likely start moving into this area soon.

Finally, Cayman’s banking system was assessed by the IMF as having comprehensive regulatory and compliance frameworks, especially with regard to money-laundering. 

Read Full Post »