Security and privacy in massively-multiplayer online games and social and corporate virtual worlds

G. Hogben (Editor), D. Barosso, R. Bartle, C. Chazeran, M. de Zwart, J.M. Doumen, S. Gorniak, M. Kaźmierczak, M. Kaskenmaa, D. Benavente López, A. Martin, I. Naumann, R. Reynolds, J Richardson, C. Rossow, A. Rywczyoska, M. Thumann

Research output: Book/ReportReportProfessional

96 Downloads (Pure)

Abstract

2007 was the year of online gaming fraud - with malicious programs that specifically target online games and virtual worlds increasing by 145% and the emergence of over 30,000 new programs aimed at stealing online game passwords. Such malware is invariably aimed at the theft of virtual property accumulated in a user’s account and its sale for real money. With 217 million regular users of MMO/VWs (Massively Multiplayer Online Games and Virtual Worlds) and real-money sales of virtual objects estimated at nearly US\$ 2 billion worldwide at the end of 2007, this is a serious issue. The failure to recognise the importance of protecting the real-money value locked up in this grey-zone of the economy is leading to an exponential increase in attacks targeting online MMO/VWs. Another important area of risk is the disclosure of private data. MMO/VWs are commonly perceived as being completely separate from the real lives of their users and therefore immune to privacy risks. In reality, representing yourself as an avatar is little different from using any other form of online persona. The inclusion of IRC and VOIP channels, along with the false sense of security created by MMO/VWs, leads to significantly increased disclosures of private data such as location and personal characteristics. The main body of this report describes in detail these risks and others, including in-game access-control vulnerabilities, scripting vulnerabilities, denial of service, spam and threats to minors, before making a number of recommendations on how to remedy them.
Original languageUndefined
Place of PublicationCrete
PublisherENISA (European Network and Information Security Agency)
Number of pages66
Publication statusPublished - Nov 2008

Publication series

Name
PublisherENISA (European Network and Information Security Agency)
No.08332/1

Keywords

  • METIS-252114
  • IR-62545
  • EWI-14119
  • SCS-Cybersecurity

Cite this

Hogben, G. (Ed.), Barosso, D., Bartle, R., Chazeran, C., de Zwart, M., Doumen, J. M., ... Thumann, M. (2008). Security and privacy in massively-multiplayer online games and social and corporate virtual worlds. Crete: ENISA (European Network and Information Security Agency).
Hogben, G. (Editor) ; Barosso, D. ; Bartle, R. ; Chazeran, C. ; de Zwart, M. ; Doumen, J.M. ; Gorniak, S. ; Kaźmierczak, M. ; Kaskenmaa, M. ; Benavente López, D. ; Martin, A. ; Naumann, I. ; Reynolds, R. ; Richardson, J ; Rossow, C. ; Rywczyoska, A. ; Thumann, M. / Security and privacy in massively-multiplayer online games and social and corporate virtual worlds. Crete : ENISA (European Network and Information Security Agency), 2008. 66 p.
@book{52be0a9742124b3a81aa2e9b9c321d3e,
title = "Security and privacy in massively-multiplayer online games and social and corporate virtual worlds",
abstract = "2007 was the year of online gaming fraud - with malicious programs that specifically target online games and virtual worlds increasing by 145{\%} and the emergence of over 30,000 new programs aimed at stealing online game passwords. Such malware is invariably aimed at the theft of virtual property accumulated in a user’s account and its sale for real money. With 217 million regular users of MMO/VWs (Massively Multiplayer Online Games and Virtual Worlds) and real-money sales of virtual objects estimated at nearly US\$ 2 billion worldwide at the end of 2007, this is a serious issue. The failure to recognise the importance of protecting the real-money value locked up in this grey-zone of the economy is leading to an exponential increase in attacks targeting online MMO/VWs. Another important area of risk is the disclosure of private data. MMO/VWs are commonly perceived as being completely separate from the real lives of their users and therefore immune to privacy risks. In reality, representing yourself as an avatar is little different from using any other form of online persona. The inclusion of IRC and VOIP channels, along with the false sense of security created by MMO/VWs, leads to significantly increased disclosures of private data such as location and personal characteristics. The main body of this report describes in detail these risks and others, including in-game access-control vulnerabilities, scripting vulnerabilities, denial of service, spam and threats to minors, before making a number of recommendations on how to remedy them.",
keywords = "METIS-252114, IR-62545, EWI-14119, SCS-Cybersecurity",
author = "D. Barosso and R. Bartle and C. Chazeran and {de Zwart}, M. and J.M. Doumen and S. Gorniak and M. Kaźmierczak and M. Kaskenmaa and {Benavente L{\'o}pez}, D. and A. Martin and I. Naumann and R. Reynolds and J Richardson and C. Rossow and A. Rywczyoska and M. Thumann",
editor = "G. Hogben",
note = "http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_security_privacy_virtualworlds.pdf",
year = "2008",
month = "11",
language = "Undefined",
publisher = "ENISA (European Network and Information Security Agency)",
number = "08332/1",

}

Hogben, G (ed.), Barosso, D, Bartle, R, Chazeran, C, de Zwart, M, Doumen, JM, Gorniak, S, Kaźmierczak, M, Kaskenmaa, M, Benavente López, D, Martin, A, Naumann, I, Reynolds, R, Richardson, J, Rossow, C, Rywczyoska, A & Thumann, M 2008, Security and privacy in massively-multiplayer online games and social and corporate virtual worlds. ENISA (European Network and Information Security Agency), Crete.

Security and privacy in massively-multiplayer online games and social and corporate virtual worlds. / Hogben, G. (Editor); Barosso, D.; Bartle, R.; Chazeran, C.; de Zwart, M.; Doumen, J.M.; Gorniak, S.; Kaźmierczak, M.; Kaskenmaa, M.; Benavente López, D.; Martin, A.; Naumann, I.; Reynolds, R.; Richardson, J; Rossow, C.; Rywczyoska, A.; Thumann, M.

Crete : ENISA (European Network and Information Security Agency), 2008. 66 p.

Research output: Book/ReportReportProfessional

TY - BOOK

T1 - Security and privacy in massively-multiplayer online games and social and corporate virtual worlds

AU - Barosso, D.

AU - Bartle, R.

AU - Chazeran, C.

AU - de Zwart, M.

AU - Doumen, J.M.

AU - Gorniak, S.

AU - Kaźmierczak, M.

AU - Kaskenmaa, M.

AU - Benavente López, D.

AU - Martin, A.

AU - Naumann, I.

AU - Reynolds, R.

AU - Richardson, J

AU - Rossow, C.

AU - Rywczyoska, A.

AU - Thumann, M.

A2 - Hogben, G.

N1 - http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_security_privacy_virtualworlds.pdf

PY - 2008/11

Y1 - 2008/11

N2 - 2007 was the year of online gaming fraud - with malicious programs that specifically target online games and virtual worlds increasing by 145% and the emergence of over 30,000 new programs aimed at stealing online game passwords. Such malware is invariably aimed at the theft of virtual property accumulated in a user’s account and its sale for real money. With 217 million regular users of MMO/VWs (Massively Multiplayer Online Games and Virtual Worlds) and real-money sales of virtual objects estimated at nearly US\$ 2 billion worldwide at the end of 2007, this is a serious issue. The failure to recognise the importance of protecting the real-money value locked up in this grey-zone of the economy is leading to an exponential increase in attacks targeting online MMO/VWs. Another important area of risk is the disclosure of private data. MMO/VWs are commonly perceived as being completely separate from the real lives of their users and therefore immune to privacy risks. In reality, representing yourself as an avatar is little different from using any other form of online persona. The inclusion of IRC and VOIP channels, along with the false sense of security created by MMO/VWs, leads to significantly increased disclosures of private data such as location and personal characteristics. The main body of this report describes in detail these risks and others, including in-game access-control vulnerabilities, scripting vulnerabilities, denial of service, spam and threats to minors, before making a number of recommendations on how to remedy them.

AB - 2007 was the year of online gaming fraud - with malicious programs that specifically target online games and virtual worlds increasing by 145% and the emergence of over 30,000 new programs aimed at stealing online game passwords. Such malware is invariably aimed at the theft of virtual property accumulated in a user’s account and its sale for real money. With 217 million regular users of MMO/VWs (Massively Multiplayer Online Games and Virtual Worlds) and real-money sales of virtual objects estimated at nearly US\$ 2 billion worldwide at the end of 2007, this is a serious issue. The failure to recognise the importance of protecting the real-money value locked up in this grey-zone of the economy is leading to an exponential increase in attacks targeting online MMO/VWs. Another important area of risk is the disclosure of private data. MMO/VWs are commonly perceived as being completely separate from the real lives of their users and therefore immune to privacy risks. In reality, representing yourself as an avatar is little different from using any other form of online persona. The inclusion of IRC and VOIP channels, along with the false sense of security created by MMO/VWs, leads to significantly increased disclosures of private data such as location and personal characteristics. The main body of this report describes in detail these risks and others, including in-game access-control vulnerabilities, scripting vulnerabilities, denial of service, spam and threats to minors, before making a number of recommendations on how to remedy them.

KW - METIS-252114

KW - IR-62545

KW - EWI-14119

KW - SCS-Cybersecurity

M3 - Report

BT - Security and privacy in massively-multiplayer online games and social and corporate virtual worlds

PB - ENISA (European Network and Information Security Agency)

CY - Crete

ER -

Hogben G, (ed.), Barosso D, Bartle R, Chazeran C, de Zwart M, Doumen JM et al. Security and privacy in massively-multiplayer online games and social and corporate virtual worlds. Crete: ENISA (European Network and Information Security Agency), 2008. 66 p.