Research


Virtual Worlds - Real Money


Security and Privacy in Massively-Multiplayer Online Games and Social and Corporate Virtual Worlds

Online gaming fraud is an increasingly serious threat- according to a new ENISA report. The failure to recognise the importance of protecting real-money value locked up in this grey-zone of the economy has lead to a 'year of online-world fraud'. A survey in the report shows that 30% of users have recently lost some form of virtual property through fraud. In less than a year, more than 30,000 new malicious programs have been detected specifically targeting accounts and property in online games and virtual worlds - "this is a jump of 145%", says Kaspersky labs.

Such malware is invariably aimed at the theft of virtual property accumulated in a user’s account and its sale for real money. "While annual real-money sales of virtual goods is estimated at nearly 1.5 Bn Euro worldwide, users can do very little if their virtual property is stolen. They are a very soft target for cybercriminals," says Giles Hogben, editor of the report put together by a group of industry, academic and government experts. "There are 1 Bn registered players of online games worldwide and the malware targeting them affects everyone with a computer connected to the internet."

Another important area is the misuse of personal data. The survey of 1.500 respondents in the UK, Sweden and Germany shows that most people think their avatar cannot reveal anything about their real identity. But an avatar is no different from using any online persona, particularly in so-called 'social worlds', i.e. hybrids between online games and social networks. "People should take just as much care of their personal data in these environments as in any other online context," says Mr. Andrea Pirotti, Executive Director of the Agency. Bots can be sprinkled within virtual worlds to spread spam or advertise products, for example, and these sites are vulnerable to novel variants of denial of service attacks. "Multiplayer online games are especially vulnerable to denial of service attacks because of their centralized architecture and poorly authenticated clients," the report says. The report identifies 12 recommendations to tackle these problems, e.g.;
  • An industry-wide forum for service providers to share best-practice on security vulnerabilities
  • Clarification of virtual property rights for more adequate theft protection
  • A checklist of key technical issues for service providers/developers
  • Awareness-raising campaigns for users eg., on child-safety and privacy risks.
The report can be downloaded as a pdf under http://www.enisa.europa.eu/


Get more information from this website:
http://www.enisa.europa.eu


Available on the website since November 24, 2008
  •