Social Networks, Virtual Worlds, and the Shadow Internet : the Explosion of Virtual Identity and the Anonymous Economy

Social Networks, Virtual Worlds, and the Shadow Internet : The Explosion of Virtual Identity and the Anonymous Economy

Scott Dueweke

0 The Comprehensive National Cybersecurity Initiative (CNCI)

Goals:

To establish a front line of defense against today ’s immediate threats by creating or enhancing shared situational awareness of network vulnerabilities, threats, and events within the Federal Government—and ultimately with state, local, and tribal governments and private sector partners—and the ability to act qu ickly to red uce o ur c urrent vulnerabilities and prev ent intru sions. To defend against the full spectrum of threats by enhancing U.S. counterintelligence capabilities and increasing the security of the supply chain for keyyg information technologies. To strengthen the future cybersecurity environment by expanding cyber education; coordinating and redirecting research and development efforts across the Federal Government; and working to define and develop strategies to deter hostile or malicious activity in cyberspace.

1 CyberCyber--environmentsenvironments are changing rapidly

Yesterday Today yy chnolog ee T

Mainframe PCs Computers Web 1.0 Web 2.0 Mobile  Government scientists  Business u sers of  Pre-teens all industries  Trained technicians  Seniors  Educators and  Machine language  Non-expert users administration People developers  Casual users  Researchers

Expert Users Business, Education, The World Research Users Spectators Participants

2 These environments depend on Virtual Identities

Social Networks Virtual Worlds Games (MMOGs)

•Profiles •Profiles •AIs and Bots •Searches •Searches •GlGoals •Friends •Friends •Rules •Groups/Communities •Groups/Communities •Groups/Communities •User Generated Content •User Generated Content •Characters •Posts/Blogs •Characters •Advancement measure •Chat/I ns tan t Messages •3-D Worlds •VOIP •Chat/Instant Messages •3-D Worlds •VOIP •Economy •Few Rules

3 What is a Virtual Identity?

 A Virtual Identity (VI) is the manifestation of one’s self in the digital world of e-commerce, e-mail, social networking, and virtual worlds.

– A virtual identity is composed of the aggregate of identity elements found online tied to a persona – These identity elements can be intentionally or unintentionally propagated – VI elements could include your: • GilYhGmail, Yahoo, or corpora te ema ilddil address • Your Classmates.com login ID, old classmates, etc.. • Your Second Life avatar’s name • Your Facebook friends list • Personal information yypou posted , then deleted, from your personal website in 1996 • Your PayPal account information • Your credit card number • Your online banking login and password • Reviews of a toaster that you posted on Amazon. com • Etc…..

You leave a trail of information about who you are, what/who you like, and where y ou ’v e been all ov er the Internet

4 But there is a dark side……….

Video courtesy of the ACLU

5 Virtual worlds blur the lines of identity.

6 Tying Virtual Identity to True Identity can be Difficult

Physical Person’s Attributes Virtual Identity Attributes

Location IP address Biometric Visual Representation Finger prints Avatar Height/ weight Pictures Financial Financial Credit cards Credit cards Bank accounts Bank accounts Transaction History Transaction History Social Social Personality Personality Habits Reputation/Credibility Network Contacts Biographic Biographic Name Pseudonym Race Type of virtual identit y Gender Gender Age Age Hobbies Interests

Virtual communities across the Internet are redefining “identity”

Filename/RPS Number 7 Identifying the physical identity behind online virtual identities is a major problem with the web and online social networks

•Username: John Doe •DoB: 2/29/1970 •First Name: John •Last Name: Doe •Email: johndoe@hotmail .com

•Username: DownWithAmerica123 •DoB: 7/9/1965 •First Name: Evil •Last Name: Man •Email: [email protected]

REAL WORLD •Username: MiamiVixen •Username: Joe Criminal •DoB: 6/2/1984 •DoB: 5/5/1980 •First Name : Janet •First Name: Joe •Last Name: Smith •Last Name: Criminal •Email: [email protected] •Email: [email protected]

Online identityyy characteristics do not necessarily correlate with real-world identity characteristics

Filename/RPS Number 8 And all are not friends….

Video courtesy of the Government of British Columbia 9 Virtual identities, combined with anonymous services and networks, provide fertile ground in which a variety of threats can grow

 Most fraud involves falsely portraying virtual identity, or stealing true identities – Fraudsters Target Facebook With Phishing Scam

"A lot of phishing is moving out of financial services and going to online web sites that have not installed stronger authentication, sites that are not as close to the money“ ‐ Marc Gaffan, RSA's Identity and Access Assurance Group Product Marketing Lead

 Internet users cloaked in apparent anony mity are u sing many pu blicly av ailable serv ices to commit, coordinate, and brag about crimes

Filename/RPS Number 10 What is Second Life?

• Second Life is the first major Virtual World, launched by US-base d Lin den La b in 2003.

• Not a game in the traditional sense (no points and levels, no winners or losers).

• A virtual 3-D world entirely created by its users, with little regulation.

11 In Second Life, residents own their creations

• Residents retain the intellectual property rights to their creations.

• Property is bought and sold, buildings erected, construction outsourced, and millionaire realtors are made.

• Clo thes (s kins ), furn iture, bo dy par ts, and other accessories are created and sold by users.

12 Anshe Chung – Second Life Entrepreneur

13 Countries, companies and other organizations have established a presence

Embassy of Sweden Embassy of Estonia Al Andalus Caliphate

French National Front

14 Second Life has its own currency, the Linden

 Lindens are created by converting USD through credit cards, account transfer, and PayPal.

 The Lindex,,yg, the Second Life currency exchange, manages conversion of USD to Lindens. – Representative of the new generation of micropayments, built on the ashes of Digicash, Cybercoin, Millicent and others – E-Gold, CashU and other instruments can be converted to Lindens through various online currency exchanges – Current size of the Second Life economy is @ $275m/yr

US $ Exchanged on the LindeX™ Exchange (in Millions)

15 Money can made inin--world,world, and exchanged or transferred, sometimes for real $$

Real currency is transferred out of game; game currency is transferred in game. An equal transaction.

Gold farmers generate in world gold to transfer to players for real money.

16 Alternative Internet Currencies are Flourishing

These currencies are:

• Unregulated and uncontrolled systems • Anonymous and record- less • Allows anonymous interaction with traditional financial systems • International anonymous transfers • Leverages anonymity provided by the Internet

17 Instead of a Second Life, there will be solar systems of virtual worlds

Interconnected, with the ability to transfer funds and avatars

18 There are easier, more anonymous ways to covertly communicate and send funds

 The Onion Router (TOR) Network – The Shadow Internet – A network of virtual tunnels (onions) that allows people and groups to improve their privacy and security on the Internet – Enables the use of highly anonymous services for communications and payment. (web, IRC, other TCP-based communication) – Allows users to visit internet websites anonymously, but also allows users to publish ‘hidden services’

 How does it work?

IPRTS Hop C Hop B Hop A

*Source: http://torproject.org

19 TOR nodes are found Worldwide

20 The Shadow Internet (TOR) Usage Example: .onion Weed

http://624eb2rznzhtq2cz.onion

21 Money laundering and virtual economies

Criminals are abusing the inherent anonymity of transactions services to carry out illegal activities

Current online services allow for large scale anonymous money transfer: – 2% of the world’s GDP lddlaundered every year – Minimum of $500 billion/year online

Transactions can take place online such that miiinimal personally identifiable information is transferred or collected

22 Money laundering and virtual economies: Across multiple virtual and real currencies

$$$

£££

…………

23 Money laundering and virtual economies: Developing tools to understand and mitigate the risk

PATH ANALYSIS TOOL

24 Examples of virtual currency being used in criminal activities

Facebook social gaming currency (used in various games such as Farmville) being used to persuade political campaigning concerning health care reform. (Source: http://www.businessinsider.com/health-insures-caught-paying-facebook-users-virtual-currency-to- send-letters-to-congress-opposing-reform-bill-2009-12)

A Japanese investor ran a pyramid scheme in which he promised more than 30% return to investors. However, after collecting initial investments, he announced that he would be converting the money to a virtual currency called Enten (translated as “divine yen”). He was arrested in February 2009. (Source: http://blog.foreignpolicy.com/posts/2009/02/05/japans_bernie_madoff, and http://www. timesonline. co. uk/tol/uk/tol/news/world/asia/article5665281news/world/asia/article5665281. ece)

An embezzlement event in Eve Online took place last year involving the virtual currency called ISK (think of it as WoW gold). There are various sites that sell ISK for USD much like WoW gold. (Source: http://www.virtualgoodsnews.com/2009/06/virtual-currency-embezzling-scandal-rocks-eve-online- .html)

An interesting story about how a teenager stole virtual currency by using loopholes in online games. It also suggests that experts believe this happens frequently. (Source: http://www.asianewsnet.net/news.php?idhttp://www.asianewsnet.net/news.php?id=7637&sec =7 )

A Danish was sentenced in Feb 2010 for using WoW Gold to pay 12-16 year old boys to send him illegal pictures and video clips. (Source: http://www.cphpost.dk/news/crime/48177-man-grooms-boys- to-send-naked-pics.html)

25 Notable Social Networks

Adult FriendFinder Elftown Habbo MocoSpace Plurk Vox Advogato Epernicus hi5 MOG Present.ly Wakoopa Amie Street Eons.com Hospitality Club Multiply quarterlife Wasabi ANobii Experience Project Hyves Muxlim Ravelry WAYN aSmallWorld Exploroo imeem MyAnimeList ResearchGATE WebBiographies Athlinks Facebook Indaba Music MyChurch Reverbnation Windows Live Spaces Avatars United Faceparty IRC-Galleria MyHeritage Ryze Wis.dm Badoo Faces.com italki.com MyLife scispace.net WiserEarth Bahu Fetlife InterNations MyLOL Shelfari Xanga Bebo Filmaffinity itsmy MySpace Skyrock Xiaonei Bigadda FledgeWing iWiW myYearbook SocialGO XING Biip Flixs ter JikJaiku Nasza-klasa.p l Soci a lVibe Xt3 BlackPlanet Flickr Jammer Direct Netlog Sonico.com Yammer Broadcaster.com Fotolog kaioo Nettby Soundpedia Yelp, Inc. Buzznet Friends Reunited Kaixin001 Nexopia Stickam Youmeo CafeMom Friendster Kiwibox Ning StudiVZ Zoo.gr Cake Financial Frühstückstreff Last. fm Odnoklassniki Tagged. com Care2 Fubar LibraryThing OkCupid Talkbiznow Classmates.com Gaia Online lifeknot OneClimate Taltopia Cloob GamerDNA LinkedIn OneWorldTV TravBuddy.com College Tonight Gather.com LiveJournal Open Diary Travellerspoint CouchSurfing Geni.com Livemocha Orkut Trombi.com DailyStrength Gogoyoko LunarStorm OUTeverywhere Tuenti.com DeviantART Goodreads MEETin Passportstamp Tumblr Disaboom Gossipreport.com Meetup.com Pingsta Twitter dol2day Grono.net Meettheboss Plaxo V Kontakte DontStayIn Govloop Mixi Playahead Vampirefreaks DilDraugiem.lv GtitGovtwit mobika de Play boy U Via deo

26 Notable Massively Multiplayer Online Notable Virtual Worlds Games (MMOs)

Activeworlds OfficeTowers Adventure Quest Worlds Phantasy Star Universe Big World OpenSim Age of Conan Ragnarok Blink 3D Playstation Home Aion Rappelz Blue Mars Project Wonderland Anarchy Online Regnum Caligari Prototerra Armies of Gielnor Runes of Magic Club Penguin Qwaq Forums Asda Story RuneScape Cobalt realXtend City of Heroes/ Villains Saga Cyworld Second Life Conquer Online 2.0 Secret of the Solstice Disney's Toontown sMeet Dark Age of Camelot Shadowtale Entropia The Multiverse Platform Dofus Shaiya ExitteatyReality The Ogogli o Pl atf orm Dragon Sk y SoSodeldier Fr on t Forterra's OLIVE There Dungeons & Dragons Online Star Wars Galaxies Gaia Online Twinity Eve Online The Sims Online Habbo UOneNet Everquest Universe Tibia HiPiHi VastPark Final Fantasy XI ToonTown Icarus View22 Scenecaster Flyff Twelve Sky 2 IMVU Virtual Heroes Free Realms Ultima Online Kaneva Webkinz Galaxy Online Urban Rivals Metaplace Wells Fargo Stagecoach Island Guild Wars Vanguard: Saga of Heroes Millsberry WHYVILLE Last Chaos Warhammer Online Mixm8 Lineage World of Warcraft Mokitown Lineage II Moondus Lord of the Rings Online Moove Mabinogi MTV Virtual Worlds Maple Story Mycosm Megaten NovoKing Perfect World

27 Thank you

FiftilttFor more information please contact:

Scott Dueweke Senior Associate

Booz Allen & Hamilton Inc. 13200 Woodland Park Rd. Herndon, VA 20171 Mobile 540-671-0400 [email protected]