logging in or signing up TRMG EU Commission March 2007 Petronilla Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 129 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: March 19, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript European Commission Directorate-General Enlargement JHA 24111 Communications & Virtual Commerce Risks: European Commission Directorate-General Enlargement JHA 24111 Communications & Virtual Commerce RisksAgenda: Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergenceAgenda: Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Part 3: Current commercial and security risks in virtual online communities Part 4: From Cybercrime to Cyber-terrorismPart 1 The Evolution of Communications Fraud: Part 1 The Evolution of Communications FraudFraud Defined: Fraud Defined Theft through deception Financial incentive Not ‘Security’ Not ‘Credit Control’ Not ‘Revenue Assurance’ A criminal act…The Original Business Case: The Original Business Case 10 active lines (no intention to pay) 24 hours traffic per line, per day 10p per minute to expensive IDD Revenue: 10x24x60x0.1 = £1,440 per day Or £43,200 per month Or £518,400 per year In cash, tax freeThe estimated cost: The estimated cost Up to 5% of revenue Typically 30% of bad debt Does not include: Out-payment costs Opportunity costs Infrastructure costs Image and PR Cost of investigations and securityKey root causes of fraud: Key root causes of fraud Migration & demographics Penetration of new technology Staff dissatisfaction The ‘challenge factor’ Operational weaknesses Poor business models Criminal greed Money laundering Political & ideological factorsFraud Evolution: Fraud Evolution 1900 2004 1950 1970 1980 1990 Operator Services Teeing in Payphone ‘tapping’ Meter tampering Black Box Red Box 3rd party billing Calling card Tumbling ESN Cloning Ghosting PBX DISA Subscription Roaming IMEI cloning Free phone Call forward Pre-paid PRS CDR suppression Magic phones Social engineering Voicemail hacking PRS Fraud: PRS Fraud Operator PRS SP 3. Out payment 2. Fraudulent traffic – no revenue 1. PRS service provider takes out fraudulent subscriptions IDD Call Selling: IDD Call Selling Operator 2. Fraudulent traffic – no revenue for operator 1. Fraudulent subscriptions based in call selling ‘shop’ 3. International traffic triggers a settlement out payment to the carrierPABX DISA Fraud: PABX DISA Fraud Hacker DISA Port 1. Hacker cracks the DISA code 2. Multiple high value outbound calls from the PABX 3. The bill goes to the PABX owner $Retail, Wholesale, IP Security: ‘Wholesale’ Fraud ‘Retail’ Fraud IP Security Retail, Wholesale, IP SecurityVoIP Bypass via SIM Gateway: VoIP Bypass via SIM Gateway Facilitates VoIP Bypass Fraud – a ‘wholesale’ category of fraud Country A The cost of fraud: The cost of fraud Bill write- offs Out- payments Infra- structure Congest- ion Litigation Image & PR Fraud Countermeasures: Fraud Countermeasures Call data analysis Customer vetting Credit control Information pooling Secure services Secure technology AwarenessCall Data Tracking: Call Data Tracking Handset SIM MSISDN IMSI IMEI Calling MSISDN; IMSI; IMEI; Called Number; Cell Site; Duration; Cost Call Record: Mobile Device:Cross-border Issues: Cross-border Issues Handset SIM Pre-paid bal Post-paid bill payments Large top-ups, high spend, heavy VAS usage, roaming patterns Transportable anywhere: SIM as a Credit CardSubscriber Data ‘Fingerprinting’: Subscriber Data ‘Fingerprinting’Part 2 Online Threats & 3G Convergence: Part 2 Online Threats & 3G ConvergenceTechnical Convergence: Technical Convergence Fixed Mobile Internet One AccountService Convergence: Service Convergence Voice & data Info- tainment Banking One Account e.g. A1 Bank in AustriaThe Evolutionary Threat Model: The Evolutionary Threat Model New Technology Service offerings Business models Threats From traditional voice telephony to convergent online communications & Info-tainmentTypical Online Issues: Typical Online Issues Identity theft True name takeover Account takeover Hacking & Database Theft Phishing, pharming & social engineering Fake websites Key loggers & password stealersTypical Online Issues: Typical Online Issues Virus attacks Trojans System reconfiguration attacks Session hijacking Man-in-the-middle attacks BlackmailNGN Maturity: NGN Maturity Today Comment: There is a direct correlation between service complexity and the number of fraud opportunities. More complex services also imply more complex detection and investigation techniques.A simple example: A simple example An SMS is sent to a vending machine. The machine dispenses a can. Cost of the drink is charged to caller’s account. If no payment is made, the main loss is the value of the drink, not the value of the SMS message.The growing value of content: The growing value of content Value of the content transaction Cost of the connection Time $ ValueNGN Services: NGN Services Communication SMS E-MAIL FAX Productivity AGENDA ADDRESS ALBUM Entertainment MUSIC VIDEO GAMES Information NEWS LOCATION EVENTS CHAT OTHER TOOLS DATING BUY & SELL The SIM Card as a Credit Card. The Operator as a BankFramework 2006 to 2010…: Framework 2006 to 2010… Subscribers NetworkFramework 2006 to 2010…: Framework 2006 to 2010… Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize moneyFocus 2006 to 2010…: Focus 2006 to 2010… Service Provider Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Smarter handsets Internet access device: Viruses Trojans Pin & CC# capture More handset theftFocus 2006 to 2010…: Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money Redistribution Copyright Focus 2006 to 2010…Focus 2006 to 2010…: Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money PRS-type frauds Unlawful content QoS exploits Focus 2006 to 2010…Focus 2006 to 2010…: Service Provider Artists DRM Royalties Fees Delivery Content provider Gaming ASP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money SP manipulation of results Player fraud Staff/developer fraud PRS-type fraud Payment fraud Focus 2006 to 2010…Focus 2006 to 2010…: Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money LBS abuse Premium MMS Denial of Service Focus 2006 to 2010…Focus 2006 to 2010…: Focus 2006 to 2010… Service Provider Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network More identity theft Real identity Synthetic identity Org. crime TerrorismRelated Issues 2010: Related Issues 2010 Service Provider Artists DRM Royalties Fees Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Social engineering Hacking Mal-ware Identity & payment Lawful intercept Virtual communities Unlawful content Money laundering DoS: ‘state’ sponsored Voting fraudSummary of NGN Risks: Summary of NGN Risks Attacks on the ‘electronic wallet’ Frauds by subscribers - On operators - On third party service providers Staff frauds Third party SP frauds Denial of service type attacksImpact on Operators: Impact on Operators Increasingly complex FM roles Digital rights management issues Banking compliance & regulation Handset-based anti-virus provision Implications for pre-paid customer vettingKey Online Countermeasures: Key Online Countermeasures Awareness - paramount Firewalls and other security software Virus detection Secure website development IP Penetration Testing IPDR tracking URL FingerprintingAgenda: Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Agenda: Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Part 3: Current commercial and security risks in virtual online communities Part 4: From Cybercrime to Cyber-terrorismPart 3 Risks in Virtual Online Communities: Part 3 Risks in Virtual Online Communities What is a Digital Virtual Community?: What is a Digital Virtual Community? A Chat Room A Meeting Place An Online Game A Marketplace A Lecture Room A Training Centre An Art Form A Parallel Universe (From www.secondlife.com) A Virtual Seminar in progress: A Virtual Seminar in progressThe Second Life example: The Second Life example 3,700,000+ members Evolved from online fantasy games Contains its own commercial model Operates its own currency (Linden$) Ability to buy & develop real estate Ability to sell ‘land’, goods & services USD 450,000 in trades per day Just the first of many…Users can be who they want to be…: Users can be who they want to be…Is he a ‘he’? Is she really a ‘she’?: Is he a ‘he’? Is she really a ‘she’?It’s not for everyone, but don’t be fooled:: It’s not for everyone, but don’t be fooled: Big Business is taking this seriously.More virtual players…: More virtual players… Adidas Reebok 20th Century Fox BBC Radio Disney IBM Intel Starwood Hotels Dept of Homeland SecurityRecent New Sites: Recent New Sites Entropia: 500,000 users There.com Active Worlds Gaia Online Kaneva (beta testing)Commerce in ‘Second Life’: Commerce in ‘Second Life’ Currency exchange: Buy ‘Linden$’ with your credit card (E-money) Buy and sell land, goods and services Transfer profits back out to the real world: By PayPal By CheckProfit is a primary difference: Profit is a primary difference In the E-money model, money transfers are the sole motive. In the virtual money model, both movement and trade for profit are primary motives.Examples of 2nd Life trades: Examples of 2nd Life trades Digital clothing Gambling Escort services Virtual land Property development Artistic projects Architectural services And more…Statement: Statement “This has the look of a killer application that is being replicated, with adaptations, many times over”. Real Life 2nd Life 3rd Life 4th LifeGeneral Issues: General Issues Virtual economic trends already seen: Inflation Property market downturns Exchange rate fluctuations Virtual stocks and shares? Insider trading? By staff of the Host By the Virtual ‘Elite’ Who protects the consumer?Due Diligence Issues: Due Diligence Issues Regulation Is a virtual currency a real currency? Isn’t a Virtual Life account really a ‘bank account’? Taxation Income Tax Sales Tax Book-keeping and audits Are virtual holdings ‘assets’? Are virtual debts ‘liabilities’?More Issues…: More Issues… Fraud Social engineering Harassment, coercion, solicitation & begging Hacking, database exposure & identity theft Plain old credit card fraud Copyright theft & resale of content Illegal content Unlawful sale of content to minors21 or only 12?: 21 or only 12? Teen Second Life has now launchedEven More Issues…: Even More Issues… Avoidance of surveillance Fictional identities Virtual phone traffic Dedicated instant messaging Closed user groups (‘www.the_jihadist_site.org’?) Lawful intercept JurisdictionIssues, Issues, Issues…: Issues, Issues, Issues… Online gambling: Virtual money is not real money? Gambling wins & losses occur within the virtual economy Wins transferred out to real world accounts may not be identified as gambling-related Money laundering Credit card payment in from one identity PayPal payment out to another identityFar out issues: Far out issues ‘Grey Goo’ attacks Virtual Gang raids In Korea in 2004, Police reported that over 50% of alleged Cyber Crime occurred on virtual world gaming and commerce sites. Theft of digital designs was a leading problem.Possible Triggers for Growth: Possible Triggers for Growth Corporate interest/investment Brand awareness Product placement Click-through Political interest Economic recession leading to cost cutting Increasing international tensions leading to business travel restrictionsHow might this evolve?: How might this evolve? New economic models will emerge Corporates will start marketing to the virtual community: Digital product offerings Click-through to real websites Product placement Advertising Telecom operators are already getting on boardEvolution 2: Evolution 2 M-Life as a feature of WIMAX Apple’s i-phone = convergence of voice, data, multi-media and M-Life The Nintendo Wiii Put them all together…Part 4 From Cyber crime to Cyber terrorism: Part 4 From Cyber crime to Cyber terrorism Future Threats: Future Threats VOCs could rapidly become both a tool and a target for terrorist organisations There is a low technical barrier to entry for existing terrorist organisations and affiliates There is a low ‘ethical’ barrier to entry for individuals who have previously never committed a criminal actTerrorist Profile: The Loner: Terrorist Profile: The Loner Educated, middle class Technically skilled Economically unsuccessful Targets; corporate brands and business operations online, other users, government sites and news agency sites for PR purposes Objective; ideological/personal gainTerrorist Profile: The Group: Terrorist Profile: The Group Probably trans-national Already known, so fears surveillance Technically proficient Targets; Primarily corporate/governmental Main Objectives; Avoidance of surveillance Virtual Planning & Recon (e.g. Virtual Congress) Virtual training/practice sessions Money launderingSpecific Techniques: Specific Techniques Mutation of existing techniques Viruses & Virtual Trojans Other virtual Malware Password hacking Virtual identity theft and account takeover Emergence of new techniques Virtual Grey Goo attacks Virtual ‘nuclear’ attacksThe Impact of Virtual Terrorism: The Impact of Virtual Terrorism Financial gain for terrorist cells Public relations: Victimless Focused on brands and governments Lawful intercept issues Political concerns Expression of unlawful views Hijacking of virtual institutionsVirtual Terror Countermeasures: Virtual Terror Countermeasures Education & awareness: Policy makers Law enforcement Virtual site hosts Virtual currency regulation & compliance Cooperation with hosts for Intercept Conventional virtual intelligence collection Tracking & surveillance of behaviourConclusions: Conclusions This is an ultra-modern technology which: Combined with new forms of commerce; With questionable oversight & regulation; And no clear audit or policing mechanisms; Constitutes a risk management issue that: May expose consumers; May also expose investors, and; Could potentially create many new opportunities for criminals of all descriptionsHow to respond?: How to respond?The Key first steps: The Key first steps An international effort at governmental level Classify ‘virtual’ currencies as real currency Classify virtual accounts as bank accounts Enforce banking standards for reporting and customer identification Employ tax assessments as a primary mechanism for collections Make virtual hosts legally liable for all activity on their sitesAgenda: Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Part 3: Current commercial and security risks in virtual online communities Part 4: From Cybercrime to Cyber-terrorismQuestions and comments: Questions and comments You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
TRMG EU Commission March 2007 Petronilla Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 129 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: March 19, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript European Commission Directorate-General Enlargement JHA 24111 Communications & Virtual Commerce Risks: European Commission Directorate-General Enlargement JHA 24111 Communications & Virtual Commerce RisksAgenda: Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergenceAgenda: Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Part 3: Current commercial and security risks in virtual online communities Part 4: From Cybercrime to Cyber-terrorismPart 1 The Evolution of Communications Fraud: Part 1 The Evolution of Communications FraudFraud Defined: Fraud Defined Theft through deception Financial incentive Not ‘Security’ Not ‘Credit Control’ Not ‘Revenue Assurance’ A criminal act…The Original Business Case: The Original Business Case 10 active lines (no intention to pay) 24 hours traffic per line, per day 10p per minute to expensive IDD Revenue: 10x24x60x0.1 = £1,440 per day Or £43,200 per month Or £518,400 per year In cash, tax freeThe estimated cost: The estimated cost Up to 5% of revenue Typically 30% of bad debt Does not include: Out-payment costs Opportunity costs Infrastructure costs Image and PR Cost of investigations and securityKey root causes of fraud: Key root causes of fraud Migration & demographics Penetration of new technology Staff dissatisfaction The ‘challenge factor’ Operational weaknesses Poor business models Criminal greed Money laundering Political & ideological factorsFraud Evolution: Fraud Evolution 1900 2004 1950 1970 1980 1990 Operator Services Teeing in Payphone ‘tapping’ Meter tampering Black Box Red Box 3rd party billing Calling card Tumbling ESN Cloning Ghosting PBX DISA Subscription Roaming IMEI cloning Free phone Call forward Pre-paid PRS CDR suppression Magic phones Social engineering Voicemail hacking PRS Fraud: PRS Fraud Operator PRS SP 3. Out payment 2. Fraudulent traffic – no revenue 1. PRS service provider takes out fraudulent subscriptions IDD Call Selling: IDD Call Selling Operator 2. Fraudulent traffic – no revenue for operator 1. Fraudulent subscriptions based in call selling ‘shop’ 3. International traffic triggers a settlement out payment to the carrierPABX DISA Fraud: PABX DISA Fraud Hacker DISA Port 1. Hacker cracks the DISA code 2. Multiple high value outbound calls from the PABX 3. The bill goes to the PABX owner $Retail, Wholesale, IP Security: ‘Wholesale’ Fraud ‘Retail’ Fraud IP Security Retail, Wholesale, IP SecurityVoIP Bypass via SIM Gateway: VoIP Bypass via SIM Gateway Facilitates VoIP Bypass Fraud – a ‘wholesale’ category of fraud Country A The cost of fraud: The cost of fraud Bill write- offs Out- payments Infra- structure Congest- ion Litigation Image & PR Fraud Countermeasures: Fraud Countermeasures Call data analysis Customer vetting Credit control Information pooling Secure services Secure technology AwarenessCall Data Tracking: Call Data Tracking Handset SIM MSISDN IMSI IMEI Calling MSISDN; IMSI; IMEI; Called Number; Cell Site; Duration; Cost Call Record: Mobile Device:Cross-border Issues: Cross-border Issues Handset SIM Pre-paid bal Post-paid bill payments Large top-ups, high spend, heavy VAS usage, roaming patterns Transportable anywhere: SIM as a Credit CardSubscriber Data ‘Fingerprinting’: Subscriber Data ‘Fingerprinting’Part 2 Online Threats & 3G Convergence: Part 2 Online Threats & 3G ConvergenceTechnical Convergence: Technical Convergence Fixed Mobile Internet One AccountService Convergence: Service Convergence Voice & data Info- tainment Banking One Account e.g. A1 Bank in AustriaThe Evolutionary Threat Model: The Evolutionary Threat Model New Technology Service offerings Business models Threats From traditional voice telephony to convergent online communications & Info-tainmentTypical Online Issues: Typical Online Issues Identity theft True name takeover Account takeover Hacking & Database Theft Phishing, pharming & social engineering Fake websites Key loggers & password stealersTypical Online Issues: Typical Online Issues Virus attacks Trojans System reconfiguration attacks Session hijacking Man-in-the-middle attacks BlackmailNGN Maturity: NGN Maturity Today Comment: There is a direct correlation between service complexity and the number of fraud opportunities. More complex services also imply more complex detection and investigation techniques.A simple example: A simple example An SMS is sent to a vending machine. The machine dispenses a can. Cost of the drink is charged to caller’s account. If no payment is made, the main loss is the value of the drink, not the value of the SMS message.The growing value of content: The growing value of content Value of the content transaction Cost of the connection Time $ ValueNGN Services: NGN Services Communication SMS E-MAIL FAX Productivity AGENDA ADDRESS ALBUM Entertainment MUSIC VIDEO GAMES Information NEWS LOCATION EVENTS CHAT OTHER TOOLS DATING BUY & SELL The SIM Card as a Credit Card. The Operator as a BankFramework 2006 to 2010…: Framework 2006 to 2010… Subscribers NetworkFramework 2006 to 2010…: Framework 2006 to 2010… Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize moneyFocus 2006 to 2010…: Focus 2006 to 2010… Service Provider Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Smarter handsets Internet access device: Viruses Trojans Pin & CC# capture More handset theftFocus 2006 to 2010…: Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money Redistribution Copyright Focus 2006 to 2010…Focus 2006 to 2010…: Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money PRS-type frauds Unlawful content QoS exploits Focus 2006 to 2010…Focus 2006 to 2010…: Service Provider Artists DRM Royalties Fees Delivery Content provider Gaming ASP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money SP manipulation of results Player fraud Staff/developer fraud PRS-type fraud Payment fraud Focus 2006 to 2010…Focus 2006 to 2010…: Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money LBS abuse Premium MMS Denial of Service Focus 2006 to 2010…Focus 2006 to 2010…: Focus 2006 to 2010… Service Provider Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network More identity theft Real identity Synthetic identity Org. crime TerrorismRelated Issues 2010: Related Issues 2010 Service Provider Artists DRM Royalties Fees Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Social engineering Hacking Mal-ware Identity & payment Lawful intercept Virtual communities Unlawful content Money laundering DoS: ‘state’ sponsored Voting fraudSummary of NGN Risks: Summary of NGN Risks Attacks on the ‘electronic wallet’ Frauds by subscribers - On operators - On third party service providers Staff frauds Third party SP frauds Denial of service type attacksImpact on Operators: Impact on Operators Increasingly complex FM roles Digital rights management issues Banking compliance & regulation Handset-based anti-virus provision Implications for pre-paid customer vettingKey Online Countermeasures: Key Online Countermeasures Awareness - paramount Firewalls and other security software Virus detection Secure website development IP Penetration Testing IPDR tracking URL FingerprintingAgenda: Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Agenda: Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Part 3: Current commercial and security risks in virtual online communities Part 4: From Cybercrime to Cyber-terrorismPart 3 Risks in Virtual Online Communities: Part 3 Risks in Virtual Online Communities What is a Digital Virtual Community?: What is a Digital Virtual Community? A Chat Room A Meeting Place An Online Game A Marketplace A Lecture Room A Training Centre An Art Form A Parallel Universe (From www.secondlife.com) A Virtual Seminar in progress: A Virtual Seminar in progressThe Second Life example: The Second Life example 3,700,000+ members Evolved from online fantasy games Contains its own commercial model Operates its own currency (Linden$) Ability to buy & develop real estate Ability to sell ‘land’, goods & services USD 450,000 in trades per day Just the first of many…Users can be who they want to be…: Users can be who they want to be…Is he a ‘he’? Is she really a ‘she’?: Is he a ‘he’? Is she really a ‘she’?It’s not for everyone, but don’t be fooled:: It’s not for everyone, but don’t be fooled: Big Business is taking this seriously.More virtual players…: More virtual players… Adidas Reebok 20th Century Fox BBC Radio Disney IBM Intel Starwood Hotels Dept of Homeland SecurityRecent New Sites: Recent New Sites Entropia: 500,000 users There.com Active Worlds Gaia Online Kaneva (beta testing)Commerce in ‘Second Life’: Commerce in ‘Second Life’ Currency exchange: Buy ‘Linden$’ with your credit card (E-money) Buy and sell land, goods and services Transfer profits back out to the real world: By PayPal By CheckProfit is a primary difference: Profit is a primary difference In the E-money model, money transfers are the sole motive. In the virtual money model, both movement and trade for profit are primary motives.Examples of 2nd Life trades: Examples of 2nd Life trades Digital clothing Gambling Escort services Virtual land Property development Artistic projects Architectural services And more…Statement: Statement “This has the look of a killer application that is being replicated, with adaptations, many times over”. Real Life 2nd Life 3rd Life 4th LifeGeneral Issues: General Issues Virtual economic trends already seen: Inflation Property market downturns Exchange rate fluctuations Virtual stocks and shares? Insider trading? By staff of the Host By the Virtual ‘Elite’ Who protects the consumer?Due Diligence Issues: Due Diligence Issues Regulation Is a virtual currency a real currency? Isn’t a Virtual Life account really a ‘bank account’? Taxation Income Tax Sales Tax Book-keeping and audits Are virtual holdings ‘assets’? Are virtual debts ‘liabilities’?More Issues…: More Issues… Fraud Social engineering Harassment, coercion, solicitation & begging Hacking, database exposure & identity theft Plain old credit card fraud Copyright theft & resale of content Illegal content Unlawful sale of content to minors21 or only 12?: 21 or only 12? Teen Second Life has now launchedEven More Issues…: Even More Issues… Avoidance of surveillance Fictional identities Virtual phone traffic Dedicated instant messaging Closed user groups (‘www.the_jihadist_site.org’?) Lawful intercept JurisdictionIssues, Issues, Issues…: Issues, Issues, Issues… Online gambling: Virtual money is not real money? Gambling wins & losses occur within the virtual economy Wins transferred out to real world accounts may not be identified as gambling-related Money laundering Credit card payment in from one identity PayPal payment out to another identityFar out issues: Far out issues ‘Grey Goo’ attacks Virtual Gang raids In Korea in 2004, Police reported that over 50% of alleged Cyber Crime occurred on virtual world gaming and commerce sites. Theft of digital designs was a leading problem.Possible Triggers for Growth: Possible Triggers for Growth Corporate interest/investment Brand awareness Product placement Click-through Political interest Economic recession leading to cost cutting Increasing international tensions leading to business travel restrictionsHow might this evolve?: How might this evolve? New economic models will emerge Corporates will start marketing to the virtual community: Digital product offerings Click-through to real websites Product placement Advertising Telecom operators are already getting on boardEvolution 2: Evolution 2 M-Life as a feature of WIMAX Apple’s i-phone = convergence of voice, data, multi-media and M-Life The Nintendo Wiii Put them all together…Part 4 From Cyber crime to Cyber terrorism: Part 4 From Cyber crime to Cyber terrorism Future Threats: Future Threats VOCs could rapidly become both a tool and a target for terrorist organisations There is a low technical barrier to entry for existing terrorist organisations and affiliates There is a low ‘ethical’ barrier to entry for individuals who have previously never committed a criminal actTerrorist Profile: The Loner: Terrorist Profile: The Loner Educated, middle class Technically skilled Economically unsuccessful Targets; corporate brands and business operations online, other users, government sites and news agency sites for PR purposes Objective; ideological/personal gainTerrorist Profile: The Group: Terrorist Profile: The Group Probably trans-national Already known, so fears surveillance Technically proficient Targets; Primarily corporate/governmental Main Objectives; Avoidance of surveillance Virtual Planning & Recon (e.g. Virtual Congress) Virtual training/practice sessions Money launderingSpecific Techniques: Specific Techniques Mutation of existing techniques Viruses & Virtual Trojans Other virtual Malware Password hacking Virtual identity theft and account takeover Emergence of new techniques Virtual Grey Goo attacks Virtual ‘nuclear’ attacksThe Impact of Virtual Terrorism: The Impact of Virtual Terrorism Financial gain for terrorist cells Public relations: Victimless Focused on brands and governments Lawful intercept issues Political concerns Expression of unlawful views Hijacking of virtual institutionsVirtual Terror Countermeasures: Virtual Terror Countermeasures Education & awareness: Policy makers Law enforcement Virtual site hosts Virtual currency regulation & compliance Cooperation with hosts for Intercept Conventional virtual intelligence collection Tracking & surveillance of behaviourConclusions: Conclusions This is an ultra-modern technology which: Combined with new forms of commerce; With questionable oversight & regulation; And no clear audit or policing mechanisms; Constitutes a risk management issue that: May expose consumers; May also expose investors, and; Could potentially create many new opportunities for criminals of all descriptionsHow to respond?: How to respond?The Key first steps: The Key first steps An international effort at governmental level Classify ‘virtual’ currencies as real currency Classify virtual accounts as bank accounts Enforce banking standards for reporting and customer identification Employ tax assessments as a primary mechanism for collections Make virtual hosts legally liable for all activity on their sitesAgenda: Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Part 3: Current commercial and security risks in virtual online communities Part 4: From Cybercrime to Cyber-terrorismQuestions and comments: Questions and comments