Unclassified
Information & Behavior Exploitation in Virtual Worlds
An Overview
Dr. Rita Bush and Kenneth Kisiel IARPA/ DTO
Virtual worlds are the next great information frontiers. Today’s primitive environments will quickly be replaced with more realistic versions of the real world (i.e., 3D Internet) for an enhanced user experience and a virtual environment that is tightly integrated with the real world. As with any environment, users can exploit it in both a positive and negative way. As usual, the bad guys are figuring out ways to exploit the synthetic world for personal gain. If we hope to exploit the information in virtual worlds to defeat our adversaries then it is time for us to make the investment to understand and utilize this environment for our benefit. This paper describes this evolving disruptive technology and proposes research that will ultimately assist us in understanding and influencing this information rich world.
Introduction- A Scenario relayed this new information back to the The small team of soldiers moved in a Intelligence Analysis Center and requested somewhat uncoordinated fashion towards the background information on the new recruit. southeast gate. Their intention is clear – they are going to try to break into the military base As I watched the team approach the gate, the but their motivation is still a mystery. This requested information appeared in floating course of events began a few hours ago when billboards (that only I could see) next to each the Recruiter approached one of the soldiers soldier. The information was not good. I have in a local hangout and asked if they wanted to once again been investigating kids who have have some fun while sticking it to Big been trying unsuccessfully for many months Brother. I know because I was there – as a fly to get into this base when I should have been on the wall. You see, I am actually in a virtual looking for actual terrorists. There has to be a world where I can be any shape or size. better way of telling them apart. However, this is both an advantage and a challenge. The Problem The virtual world is the next great frontier and I had been following the Recruiter through in some respects is still very much a Wild this virtual world for several weeks now and West environment. Unfortunately, what was finally able to catch him in the act of started out as a benign environment where soliciting a new recruit. It took some quick people would congregate to share information thinking and shape shifting but I was able to or explore fantasy worlds is now offering the follow the new recruit to a primitive training opportunity for religious/political extremists island and watched while he was given some to recruit, rehearse, transfer money, and rudimentary instructions. In the meantime, I ultimately engage in information warfare or
11/29/2007 Unclassified 1 Unclassified worse with impunity. The challenge that we with real world rules such as gravity, face is to be able to distinguish the fanatics topography, locomotion, real-time actions, from the average person looking for some and communication, although in many virtual simple enjoyment. Before we can formulate a worlds the real-world rules can be broken. solution, we need a better understanding of Communication has, until recently, been in the environment and activities that we are the form of text chat, but now real-time voice likely to encounter as these worlds expand communication using VOIP is available. This and become ever more realistic. type of virtual world is now most common in massively multiplayer online games. Active Virtual Worlds Worlds, There, Second Life— are not games, A virtual world1 is a fairly vague and per se, but more like virtual environments that inclusive term but can generally be divided can include gaming. Other examples include along a spectrum ranging from: Entropia Universe, The Sims Online, Red Light Center, Kaneva, Weblo. Examples of • Massively multiplayer online role- massively multiplayer online role-playing playing games (MMORPG) where the games include EverQuest, Ultima Online, user playing a specific character is a Lineage, World of Warcraft, or Guild Wars. main feature of the game. • Massively multiplayer online real- One characteristic of virtual worlds is life/rogue-like games (MMORLG), persistence; it is active and available 24 hours the user can edit and alter their avatar a day, seven days a week. This persistent at will, allowing them to play a more nature of virtual worlds will provide our dynamic role, or multiple roles. greatest challenge in the future. Virtual • Social virtual worlds, where the user is worlds are still at a very early development not playing a “game”, but rather, using stage, both technically and culturally. The the world for entertainment, business, user experience will dramatically improve as or socializing. commercial pressure continues to push the evolution of the technologies and virtual The earliest virtual worlds were not games but world features. generic virtual reality simulators. The first virtual worlds presented on the Internet were In addition to persistence, future virtual communities and chat rooms, some of which environments will include economic and evolved into Multi-User Domains (MUDs) community-based activities. In worlds such as and Multi-User Shared Habitats (MUSHes). Second Life and World of Warcraft, the They attempted to create sets of avatars for spaces are no longer just a place for virtual interaction. Community virtual worlds individuals to interact through computer- allowed access to the environment and mediated reality, but instead become encouraged creating buildings, art, and significant structures and mechanisms of structures (many did not include avatars). social order and cooperation within the real- world. In fact, citizens of Second Life are The world being computer-simulated capable of protesting the virtual laws of their typically appears similar to the real world, space to enact positive change (in one case, allowing individuals to have virtual property rights). 1 Virtual World is the common term for the current group of immersive environments. Other terms sometimes used, but with slightly different meanings, include virtual reality, metaverse, or simulated worlds.
11/29/2007 Unclassified 2 Unclassified
We are now witnessing the evolution of • NASA World Wind, USGS fantasy virtual worlds into a virtual globe. A topographic maps and several satellite virtual globe is a 3D software model or and aerial image datasets, the first representation of the Earth or another world. popular virtual globe along with The first widely publicized Virtual Globe was Google Earth. Google Earth. A virtual globe provides the • Google Earth, satellite & aerial photos user with the ability to freely move around in dataset (including commercial the virtual environment by changing the DigitalGlobe images,) with viewing angle and position. Compared to a international road dataset, the first conventional globe, virtual globes have the popular virtual globe along with additional capability of representing many NASA World Wind. different views on the surface of the Earth. • Microsoft Windows Live Local These views may be of geographical features, Virtual Earth 3D, 3D interface to the man-made features such as roads and Windows Live Local maps and buildings or abstract representations of photos, runs inside Internet Explorer demographic quantities such as population. and Firefox. • ArcGIS Explorer a lightweight client Virtual globes may be used for study or for ArcGIS Server, supports WMS navigation (by connecting to a GPS device) and many other GIS file formats. and their design varies considerably according • Software MacKiev's 3D Weather to their purpose. Those wishing to portray a Globe & Atlas, 3D views based on the visually accurate representation of the Earth Blue Marble imagery, near-real-time often use satellite image servers and are cloud coverage and weather forecast capable not only of rotation but also zooming from CustomWeather, time zones, and sometimes horizon tilting. Very often day/night views. such virtual globes aim to provide as true a representation of the world as is possible with As well as the availability of satellite worldwide coverage up to a very detailed imagery, online public domain factual level. When this is the case the interface often databases such as the CIA World Factbook has the option of providing simplified have been incorporated into virtual globes. graphical overlays to highlight man-made Technical information, data and image features since these are not necessarily sources can also be overlayed for enhanced obvious from a photographic aerial view. The information content. other issue raised by such detail available is that of security with some governments The use of virtual globe software was widely having raised concerns about the ease of popularized by (and may have been first access to detailed views of sensitive locations described in) Neal Stephenson's 1992 science such as airports and military bases. fiction novel Snow Crash. In the metaverse in Snow Crash there is a piece of software called As more and more high-resolution satellite Earth (similar to Google's), made by the imagery and aerial photography become Central Intelligence Corporation. The CIC accessible for free, many of the latest online uses their virtual globe as a user interface for virtual globes are built to fetch and display keeping track of all their geospatial data, these images. Some commercial examples including maps, architectural plans, weather include: data, and data from real-time satellite surveillance. Fiction is truly becoming reality.
11/29/2007 Unclassified 3 Unclassified
Virtual People Virtual Activities What makes virtual worlds interesting is that Having a presence in a virtual world allows a the user can explore and take part in single or user to engage in a number of activities that group activities through an virtual extents and/or augments their activities in the representation called an avatar. Since the user real world. is controlling the avatar, virtual worlds allow not only for the full range of real world Collaboration/Learning. Scientists and behaviors and activities but also behaviors not researchers were among the first users to constrained by real world physics. For recognize the benefits of a virtual (in this case example, a user may take a first or third digital) world where they could gather to person view of their avatar to gain a better share information and solicit assistance in understanding of a situation. The user may solving problems. Though the exchanges also prefer to fly or teleport to a new location were text based, these early systems provided rather than walk in the conventional way, or the foundation for many of the collaboration change their shape and size to fit the situation. systems we see today. The important point here is that a user interacts with objects and other avatars by Closely associated with collaboration is manipulating the movement and behavior of training. In the classroom (at least in their avatar. principle), virtual worlds represent a powerful new media for instruction and education. Some of the avatars in a virtual world may be Persistence allows for continuing and growing automatons, philosophical zombies, or 'bots' social interactions, which themselves can added to the simulation to make it more serve as a basis for collaborative education. realistic, interesting, or challenging. Indeed, it Virtual world platforms can also provide a is conceivable that every avatar other than foundation for serious games, intended to oneself is a bot. Perhaps we will need a instruct and illuminate. Some virtual world Turing test to determine if the avatar we are platforms also provide support for simulation interacting with is controlled by a real world based instruction, increasingly recognized as person or is computer controlled. a powerful new computer enabled approach to learning. Finally, virtual worlds can provide The avatars in virtual worlds typically allow new methods for learning evaluation and the user to be anonymous. The name, teacher professional development, including appearance, possessions, and history of the embedded assessment and teacher training virtual world avatar may have little or no linked directly to student performance. similarity to the real-world person controlling it. This raises questions about how to A growing number of educational institutions determine the US Persons status of any are exploring existing general purpose virtual subject that may be monitored. In some world platforms as a means to extend and virtual worlds, such as HiPeHi (a new enhance their offerings to students. Typically, Chinese virtual world scheduled to be educators create an online presence where launched in late 2007), one can assume that students can interact, using their avatars to most users are non-US Persons. In Second learn about new assignments or create Life, where some reports peg the number of projects that are viewable within the virtual non-US users to be about 60% of the world. population, it will be more difficult to tell.
11/29/2007 Unclassified 4 Unclassified
Entertainment. Online games started in the developed countries, using the Internet to 1980s with MUDs, simple multiplayer text- allow hundreds of thousands of players to based games, often played on a Bulletin play the same game together. Board System (BBS) using a modem. These games were frequently based on fantasy Social Networking. A social network focuses settings, using rules similar to those in the on the building communities of people who role-playing game Dungeons & Dragons. share interests and activities, or who are Other styles of games, such as chess, Scrabble interested in exploring the interests and clones, and other board games were available. activities of others. Since continuous connectivity was often expensive as access was frequently charged Most web based social networks provide a on a per-minute basis, some games were set collection of various ways for users to up as play-by-email games. interact, such as chat, messaging, email, video, voice chat, file sharing, blogging, During the 1990s, online games started to discussion groups, and so on. move from a wide variety of LAN protocols (such as IPX) and onto the Internet using the Business networking sites have absorbed the TCP/IP protocol. Doom popularized the traditional face-to-face referral networking concept of deathmatch, where multiple practices of realtors and title companies, players battle each other head-to-head, as a attorneys and chiropractors, and businesses new form of online game. Since Doom, most networkers from a variety of fields. first-person shooter games contain online Businesses from all across the globe can come components to allow deathmatch/arena style together and share ideas, clients, and referrals play. in a mutually beneficial manner. Such sites allow users to network with one another As the World Wide Web developed and online, without ever having to meet someone browsers became more sophisticated, people face-to-face. started creating browser games that used a web browser as a client. Simple single player In addition to internet-based social games were made that could be played using networking, cell phone manufacturers are a web browser via HTML and HTML getting into the social networking business scripting technologies (most commonly with phones that allow users to create lists of JavaScript, ASP, PHP, and MySQL). More friends and associates, track their movements complicated games would contact a web even across countries, and create customized server to allow a multiplayer gaming maps and alerts that signal the user when a environment. desired person is within a predetermined range. With such GPS-enabled phones, users The development of web-based graphics are able to send out invitations or messages to technologies such as Flash and Java allowed groups of people based on customized browser games to become more complex. attributes, including location. These games, also known by their related technology as "Flash games" or "Java games", Users often try to "collect friends", or try to became increasingly popular. be linked to as many friends as possible. Massively multiplayer online games Therefore, it is not uncommon for users to (MMOGs) were made possible with the receive friend requests from people that they growth of broadband Internet access in many do not know. Some users will create
11/29/2007 Unclassified 5 Unclassified additional profiles that assume the identity of small player base, the enforcement of the someone else, such as celebrities, politicians, elimination of 'gold farming' appears less or even their pets. Some will create profiles often. Companies in this situation most likely for fictional characters, such as those from are concerned with their personal sales and video games or films (similar to role-playing), subscription revenue over the development of and some will even create profiles for their virtual economy, as they most likely inanimate objects, such as the Sun or the have a higher priority to the games viability dwarf planet Pluto. via adequate funding. Games with an enormous player base, and consequently Social network services are increasingly being much higher sales and subscription income, used in legal and criminal investigations. can take more drastic actions more often and Information posted on sites such as MySpace in much larger volumes. Blizzard and Facebook, has been used by police and Entertainment and their wildly successful university officials to prosecute users for World of Warcaft, have publicly announced criminal behavior. that tens of thousands of accounts that have been banned due to violations regarding Virtual worlds such as Second Life also allow currency selling. This account banning could for the establishment of social networks, as also serve as an economic gain for these large residents invite other residents to become part games, since it is highly likely that, due to of their “friends” list. This networking may demand, these 'gold farming' accounts will be also include invited access to Second Life recreated with freshly bought copies of the “islands” that are not open to the general user game. population. Behavioral and Social Norms. The Virtual Economies. Within a majority of the emergence of virtual worlds as a gathering MMOGs, there is virtual currency where the place for groups of individuals leads to many player can earn and accumulate money. The questions about what is “normal” behavior in- uses for such vitual currency are numerous world. Do the behavorial and social and vary from game to game. An in-world principles that govern individual and crowd economy is created from this development of actions in the real world also apply in a virtual virtual money. The virtual economies created world? Some scientists have begun to study within MMOGs often blur the lines between this question. It is quite likely that virtual real and virtual worlds. The result is often environments will produce new social and seen as an unwanted interaction between the behavioral norms that must be identified and real and virtual economies. This practice understood. (economy interaction) is mostly seen in this genre of games. The two seem to come hand in hand with even the earliest MMOGs such The Cyberterrorist Threat as Ultima Online having this kind of trade, The threat posed by cyberterrorism has real money for virtual things. grabbed the attention of the mass media, the security community, and the information The practice of acquiring large volumes of technology (IT) industry. Journalists, virtual currency for the purpose of selling to politicians, and experts in a variety of fields other individuals for tangible and real have popularized a scenario in which currency is called “gold farming”. In games sophisticated cyberterrorists electronically that are substantially less popular and have a break into computers that control dams or air
11/29/2007 Unclassified 6 Unclassified traffic control systems, wreaking havoc and website as an unidentified "guest endangering not only millions of lives but user," making it very hard for security national security itself. agencies and police forces to track down the terrorists' real identity. In Just how real is the threat that cyberterrorism cyberspace, there are no physical poses? Because most critical infrastructure in barriers such as checkpoints to Western societies is networked through navigate, no borders to cross, and no computers, the potential threat from customs agents to outsmart, although cyberterrorism is alarming. Hackers, although the network security checkpoints must not motivated by the same goals that inspire be breached. terrorists, have demonstrated that individuals can gain access to sensitive information and • Third, the variety and number of to the operation of crucial services. Terrorists, targets are enormous. The in theory, could thus follow the hackers' lead cyberterrorist could target the and then, having broken into government and computers and computer networks of private computer systems, cripple or disable governments, individuals, public the military, financial, and service sectors of utilities, private airlines, and so forth. advanced economies. The growing The sheer number and complexity of dependence of our societies on information potential targets guarantee that technology has created a new form of terrorists can find weaknesses and vulnerability, giving terrorists the chance to vulnerabilities to exploit. Several approach targets that would otherwise be studies have shown that critical utterly unassailable, such as national defense infrastructures, such as electric power systems and air traffic control systems. The grids and emergency services, are more technologically developed a country is, vulnerable to a cyberterrorist attack the more vulnerable it becomes to because the infrastructures and the cyberattacks against its infrastructure. computer systems that run them are highly complex, making it effectively Cyberterrorism is an attractive option for impossible to eliminate all modern terrorists for several reasons. weaknesses.
• First, it is cheaper than traditional • Fourth, cyberterrorism can be terrorist methods. All that the terrorist conducted remotely, a feature that is needs is a personal computer and an especially appealing to terrorists. online connection. Terrorists do not Cyberterrorism requires less physical need to buy weapons such as guns and training, psychological investment, explosives; instead, they can create risk of mortality, and travel than and deliver computer viruses through conventional forms of terrorism, a telephone line, a cable, or a wireless making it easier for terrorist connection. organizations to recruit and retain followers. • Second, cyberterrorism is more anonymous than traditional terrorist • Fifth, as the I LOVE YOU virus methods. Like many Internet surfers, showed, cyberterrorism has the terrorists use online nicknames— potential to affect directly a larger "screen names"—or log on to a number of people than traditional
11/29/2007 Unclassified 7 Unclassified
terrorist methods, thereby generating or service from functioning efficiently or at greater media coverage, which is all, temporarily or indefinitely. ultimately what terrorists want. Perpetrators of DOS attacks typically — but Operating in the cyberworld also affords a not exclusively — target sites or services number of other advantages to the terrorist. hosted on high-profile web servers; a pair of DNS Backbone DOS Attacks, on October 22, Covert Communication. Communication is 2002 and February 6, 2007, targeted DNS the key to coordinating attacks. Keeping these root servers, in an apparent attempt to communications private is key to not being "disable the Internet" itself by taking away an caught. Virutal environments provide many option of addressing Internet servers by their opportunities to exchange messages in the human-friendly names. clear without drawing unnecessary attention. Additionally, there are many private channels Information warfare. Information warfare is that can be employed to exchange secret the use and management of information in messages. pursuit of a competitive advantage over an opponent. Information warfare may involve Training/Rehearsal. What was once the collection of tactical information, assurance exclusive domain of the military and law that one's own information is valid, spreading enforcement, the virtual world now provides a of propaganda or disinformation to high fidelity near-real environment for demoralize the enemy and the public, mission rehearsal for amateurs and undermining the quality of opposing force professional alike. information and denial of information collection opportunities to opposing forces. Money transfer/laundering. Money launderers can now move illicit cash through These threats are just the ones we know the growing number of virtual reality role- about. What additional things are possible in playing games, and convert that cash into real the virtual world that cannot be done in the currency before withdrawing it. This is now a real world? The IC needs to “red team” some potential money laundering problem, as one possible scenarios of use. can set up an account, send in identification, such as a bogus drivers' license and Challenges/Opportunities altered utility receipts, fund the account The virtual world is rapidly evolving into a with the proceeds of crime, and have an close representation of the real world with all associate on the other side of the world the opportunities and consequences of the real withdraw funds as profits, or even as working world. However, there may be many things capital for a criminal enterprise. One even has possible in the virtual world that can’t be the option of withdrawing the funds from a done in the real world. Our challenge is to financial institution. figure out what these actions are before our adversaries. To do this, we need to be able to Denial of Service (DOS). A denial-of-service recognize the behavior of a real threat and attack is an attempt to make a computer exploit the information that is available to us resource unavailable to its intended users. in the virtual world. Although the means to, motives for and targets of a DOS attack may vary, it generally comprises the concerted, malevolent efforts of a person or persons to prevent an Internet site
11/29/2007 Unclassified 8 Unclassified
Benefit to the IC 7/07/12/alarm-bells-ring-again-about- The virtual environments of the Internet offer virtual-terrorism/> todays’ analyst a huge untapped source of open information that would be impossible to Reuters, Adam, “UK panel urges real-life collect in the real world. The reasons that treatment for virtual cash”, 14 May 2007 make this environment an attractive option for
As our adversaries continue to expand their Schalch, Kathleen, “Virtual Recruiting for presence and use of virtual environments, we Real-World Jobs”, NPR, 22 August 2007 need to keep pace and possibly leapfrog their
472. References “Internet Jihad – A World Wide Web of “Virtual Games is a Disease Model: An Terror”, The Economist, 12 July 2007 outbreak of a deadly disease in a virtual 11/29/2007 Unclassified 9