Examining the threat of virtual worlds

February 15, 2008

Just when you thought that US Intelligence agencies had enough data to sift through to keep them busy for a few lifetimes, U.S. intelligence officials are now cautioning that popular Internet virtual worlds such as Second Life are opening novel ways for terrorists and criminals to move money, organize and conduct corporate espionage.1

Intelligence officials who have examined these systems say they're convinced that the qualities that many computer users find so attractive about virtual worlds - including anonymity, global access and the expanded ability to make financial transfers outside normal channels - have turned them into seedbeds for transnational threats.1

"Unfortunately, what started out as a benign environment where people would congregate to share information or explore fantasy worlds is now offering the opportunity for religious/political extremists to recruit, rehearse, transfer money, and ultimately engage in information warfare or worse with impunity" a recent paper by the government's new Intelligence Advanced Research Projects Activity said.1

"Virtual environments provide many opportunities to exchange messages in the clear without drawing unnecessary attention," the IARPA paper said. "Additionally, there are many private channels that can be employed to exchange secret messages."1

It is somewhat perplexing to try to understand why attention is being placed on virtual worlds when there are endless other possibilities for criminals and terrorists to use legitimate Internet services for malicious purposes. In fact the Federal Information Systems Security Educators' Association (FISSEA) - a department whose purpose is to assists federal agencies in meeting their computer security training responsibilities - expressed this point clearly by stating that "The Internet provides a practically infinite number of places where those who wish to communicate covertly can establish virtual dead drops."2

There are multiple methods that can be used by those who wish to hide their data or action from others. These include covert channels, steganography, anonymous services, and encryption. And within these methods are different approaches that can be taken. For example when considering steganography most people immediately think of secret messages hidden within JPEG images, MP3 audio, and HTML files. Other lesser-known methods include converting a message so that it looks like ordinary spam,3 or concealing messages in ASCII text by appending whitespace to the end of lines.4 However it is also possible to completely bypass the application layer and instead hide data inside the TCP/IP packet headers themselves (ToS, IP Flags, Fragment Offset, Sequence Numbers, Timestamps, etc.) or at any of the layers of the OSI model for that matter.5 Once you start thinking about it, almost anything can be used as a private channel.

In the security realm one can quickly find themselves growing suspicious of everything as almost any scenario can seem plausible. In a 2001 article about terror groups and cryptography, USA Today wrote that "Hidden in the X-rated pictures on several pornographic Web sites and the posted comments on sports chat rooms may lie the encrypted blueprints of the next terrorist attack against the United States or its allies."6 In the aftermath of 9/11 this statement was frequently quoted by the media even though there were no documented cases of the phenomenon.7

Although some have joked that this may simply be a clever scenario that's being pushed so that these same government agencies can get paid to "investigate" (i.e. play) computer games all day long, for now we'll have to wait and see how things turn out. However one intelligence official who spoke on condition of anonymity said he had no evidence of activity by terrorist cells or widespread organized crime in virtual worlds.1




1. "Spies' Battleground Turns Virtual", The Washington Post, February 6, 2008

2. "News and Views: The Perfect Dead Drop", FISSEA, March 2006

3. "Hide a message in spam", SpamMimic, February 15, 2008

4. "Whitespace steganography", The SNOW Home Page, February 15, 2008

5. "Covert channel vulnerabilities in anonymity systems", University of Cambridge, December 2007, pp. 46-53

6. "Terror groups hide behind Web encryption", USA Today, February 5, 2001

7. "Detecting Steganographic Content on the Internet", Niels Provos, November, 2001