second life
Armed Avatar Cyber Weaponry
I was recently doing some work with everyone's favorite linux live distro, BackTrack, and had an amusing thought. Wouldn't it be interesting if cyber criminals (and even nation-states) began developing Armed Avatar Cyber Weaponry. What exactly do I mean by that? Today, many penetration testers take advantage of lightweight, live linux distros like BackTrack and Samurai for their testing. These live distros come with a number of prominent security tools for doing all sorts of things including information gathering, network mapping, vulnerability identification, privilege escalation, reverse engineering, forensics, etc. BackTrack, Sumarai, and other pen testing linux distros essentially act as a hacker's tool belt making it easy to store and use their favorite tools. Why not do the same for avatars?
In Second Life, a virtual environment with a rich client scripting language (LSL), users have the ability to create avatars that come with an inventory full of malicious scripts and tools. These armed avatars could be bought and sold in the same way identity info, credit card numbers, and zero days are marketed in today's cyber underground. Nation-states could create massive armies with these avatars to combat adversaries and disrupt their order of operations in the virtual environment.
The avatar's operator need not know a great deal concerning cyber security and coding. Instead, they would simply need to know how to effectively utilize their malicious tool set (ie: executing scripts, deploying inventory objects, etc). Also, these armed avatars would look and act just as any other avatar in the environment. Users would have no idea which avatars were armed with malicious tool sets in their inventory until it was too late.
We continue to see nation-states, terrorist organizations, and cyber criminals effectively utilize cyperspace as a platform to facilitate asymmetric warfare. Despite lacking financial and military resources, they are able to exploit cyberspace and level the playing field. They understand today's information age and society's dependence upon cyber technology and telecommunications. As three-dimensional virtual environments become more pervasive armed avatar armies may become a very real threat. Until then, it's fun to speculate.
Delicious
Digg
TechnoratiThe Power of Social Context; Altruism & Behavioral Confirmation
Dr. Nick Yee, of the Daedalus Project, is an American researcher who studies self-representation and social interaction in virtual environments. The Daeldulus Project is Dr. Yee’s research initiative into the psychology and sociology of MMORPGs. Yee, well respected by academia and extensively cited, has published a number of articles concerning the power of social context in virtual environments. One in particular, “The Proteus Effect: The Effect of Transformed Self-Representation on Behavior”, at a high level depicts how similarities in social interaction in the real world extend virtual environments. Malicious users, comprehending these social similarities can effectively instigate social actions as a means to expose expected social reactions. This understanding gives attackers a powerful platform to utilize contextually and socially relevant phishing and social engineering attacks not yet possible in today’s two-dimensional Web.
Yee’s “The Proteus Effect” discusses an idea known as the behavioral confirmation, which is the process, whereby the expectations of one person (typically referred to as the perceiver) cause another person (typically referred to as the target) to behave in ways that confirm the perceiver’s expectations (Snyder, Tanke, & Berscheid, 1977). For instance, a perceiver, using an attractive avatar to interact with a target will likely find the target to behave more friendly and in an altruistic manner. It is important to note that the source of behavioral change from the effects of behavioral confirmation stem from the perceiver rather than the target. It is the perceiver’s behavior that in turn causes a change in the target’s behavior (Yee 2007).
In virtual, three-dimensional social contexts, attackers will understand aspects of behavioral confirmation and initiate perceiver behavior that will help better facilitate phishing and social engineering attacks. Attackers will expose how individuals feel inclined to help others given certain social circumstance.
Lets say I am an attacker, in the perceiver’s social role, aware that how I look and act will influence my social target(s) to respond in a manner I can readily predict. Perhaps, my avatar is displayed as an attractive female mulling about at a chessboard in Second Life looking confused. Perhaps, my avatar sits down and stands up at the board multiple times. Maybe my avatar wonders around the board in circles. These signs taciturnly suggest that I am confused and in need of help. Without initiating conversation, there is an excellent chance another user’s avatar will approach me to see if I need help. At this point, as an attacker, I have an excellent chance of getting my overly altruistic target to interact with my malicious chessboard that perhaps runs a malicious script upon moving a piece (or something along those lines).
What is unequivocally powerful concerning this method of attack is that attackers no longer need to seek out victims. Attackers can manipulate social context and drive unsuspecting victims to the attackers themselves. Instead of baiting a hook and placing it in water hoping for fish to bite, fish are jumping out of water and directly into a fisherman’s clutches.
DDoS’ing Second Life Sims to fend off business competitors
A sim, or simulation server, is a Second Life architecture component that “simulates” a 256x256 meter region in Second Life’s metaverse. Sim servers handle most of the critical processing power necessary to maintain perpetually consistent object and terrain height-map state. They utilize an involved physics engine, Havok, which performs visibility calculations on both objects and map terrain. Upon completion, the sim server processes the results and transmits them to the client via UDP.
Second Life real estate consumers essentially purchase their own sim server, or island, hosted in the Linden Labs’ cloud. As we know, many Second Life land owners develop upon their islands and operate their own virtual businesses. Many such virtual businesses have been successful and seen significant profit gains. All such virtual undertakings rely heavily on Linden Lab’s infrastructure and require their sim servers to be fully operational at all times.
If I am a business owner in Second Life I am most likely looking for opportunities to gain the upper hand on my competitors. I could perhaps spend tedious amounts of time conducting market research, perform user poling and reviews, hire outside consulting, etc. All of which are costly, time-consuming, extremely boring and still do not ensure the right business decisions will be made to overtake my competitors.
Why not instead outsource my dirty work, contract cyber criminals to leverage a massive botnet, and DDoS my competitor’s sim servers back to the Stone Age?? This will render them unusable and perhaps even take them offline. Instead of hours and hours of market research and business study I’ll simply wipe them off the map. After taking down my competitors and monopolizing the market, consumers will be forced to seek out my virtual goods and services. My business’s name will become omnipresent and ubiquitously recognized throughout Second Life thus giving me a significant market advantage over my competitors once their sim servers come back online. That’s the vision anyway.
The obvious question is what can be done to combat these DDoS attacks? Currently, Second Life land owners are at the mercy of Linden Labs. They rely on Linden Labs to maintain and operate their individual sims securely. This is essentially the primary security issue concerning cloud computing. Consumers rely on cloud providers to secure their infrastructure.
From a Linden Labs infrastructure perspective, it would be interesting to see sim locations in the infrastructure dynamically rotate and still maintain a perpetual virtual state. The cluster representative server, or space server, would essentially orchestrate the dynamic changes while the data servers in parallel, perform the necessary corresponding data processing. This type of dynamically orchestrated architecture would give the various sim servers ephemeral IP addresses and make them more difficult to target with DDoS attacks. This dynamic architecture is conceptually similar to the way in which attackers use DNS fast flux to obfuscate phishing and malware delivery sites.
DDoS attacks against sim servers in the virtual context can be used in countless ways to make money just as they can in today’s two-dimensional web. As virtual worlds and a three-dimensional Web become more relevant it will become imperative for world providers to account for DDoS attacks and build their infrastructures accordingly.
