Virtual Worlds Are Soft Targets?
In an 80 page report released by ENISA (European Network and Information Security Agency) security risks surrounding Virtual Worlds and MMO's were highlighted, including the claim that, "Virtual worlds are a soft target for thieves because they fall outside many of the measures taken to protect other online assets." ENISA, according to their website, is an Agency created to give EU states advice and recommendations, data analysis, help with awareness raising and cooperation, while attempting to follow the development of standards, promote risk assessment activities by the Member States and interoperable risk management routines and produce studies on these issues. The list of contributors that make up this international panel include university professors and researchers, technology and online corporate representatives, recognizable names such as writer and MUD creator Richard Bartle, CCP (EvE Online) economist Eyj??lfur Guðmundsson, NCSoft's Adam Martin, and a host of individuals from across the industry. The group explains, "This paper provides an overview of the key risks to users of Massively Multiplayer Online Role-Playing Games and Virtual Worlds (MMO/VWs) and makes recommendations for actions and best-practices to address them. It is also aimed at raising awareness among political and corporate decision-makers of the legal and social implications of security issues in MMO/VWs." The report opens with statistics regarding a vast increase in virtual world related crime stating, "2007 was the year of online gaming fraud--with malicious programs that specifically target online games and virtual worlds increasing by 145% and the emergence of over 30,000 new programs aimed at stealing online game passwords. Such malware is invariably aimed at the theft of virtual property accumulated in a user's account and its sale for real money." Further, it goes on to profess the importance of recognizing the real value of virtual world economies saying, "With nearly 1 billion registered users of MMO/VWs (Massively Multiplayer Online Games and Virtual Worlds) and real-money sales of virtual objects estimated at nearly USD 2 billion worldwide at the end of 2007, this is a serious issue. The failure to recognise the importance of protecting the real-money value locked up in this grey-zone of the economy is leading to an exponential increase in attacks targeting online MMO/VWs." This introduction to the paper which they label the Executive Summary also describes, "Another important area of risk is the disclosure of private data. MMO/VWs are commonly perceived as being completely separate from the real lives of their users and therefore immune to privacy risks. In reality, representing yourself as an avatar is little different from using any other form of online persona. The inclusion of IRC and VOIP channels, along with the false sense of security created by MMO/VWs, leads to significantly increased disclosures of private data such as location and personal characteristics."
Following this abstract ENISA lays out quite a laundry list of specific risks. 14 areas including such issues as; Avatar identity theft and identity fraud, MMO/VW privacy risks, Cheating, Harassment, Trading and financial attacks, Risks to intellectual property, Information security related risks for minors, MMO/VW spam, Attacks on user's machine through game client, and Access and authorization problems in MMO/VWs.
Along with the detailed analysis of these security issues the group gave recommendations for the European Commission and National Governments, MMO/VW providers and towards Awareness raising and research. These risks along with the recommendations entail what the group felt are issues that deserve industry wide attention and discussion. If you are interested in reading about the specific risks and recommendations the paper cites, here is the full PDF. |