Internet gaming - new opportunities for the (shady) visionary

A relevant definition

Money

is defined as

a commodity accepted by general consent as a medium of economic exchange. It is the medium in which prices and values are expressed; as currency, it circulates anonymously from person to person and country to country, thus facilitating trade, and it is the principal measure of wealth.
(Encyclopaedia Britannica)

and

anything that is generally accepted as payment for goods and services and repayment of debts. The main uses of money are as a medium of exchange, a unit of account, and a store of value.
(Wikipedia)

The use of money involved in online gaming has traditionally been only as an entrance fee to buy the game itself (if it is not free). In this article, however, we shall show that this no longer holds true. We will also examine some of the implications of the new "underground" economy that is growing.

A few facts

Most multi-player online role-playing games, which are the most popular - are based on the fact that the gamers aim to win the game or be in the group which has the best performers. The techniques used to accomplish this vary immensely. The player collects points, and/or paraphernalia of all kinds (weapons, objects of magic, character skills), acquires skills  to accomplish certain tasks, etc. When the player (or the character that represents the player) has got enough of these "commodities", several games allow the player to rise to a new level in the game. [Interestingly, this has even resulted in a new meaning of the word "to level".) Traditionally the gamers had to use time and effort to reach the higher levels in the game, and gaming addiction has been defined and discussed as a new illness of our time. Gaming addiction however, will not be the topic of this discussion.

It should probably not come as a surprise that avoiding to use lots of time and effort to reach a higher level (quicker), is seen as a commodity by some. And as we saw from the definition above - money is used to transfer goods and services from one person to another. Several web sites exist where one can buy and sell useful "commodities" to use in on-line computer games - a Google search using the name of one of the most popular games coupled with the words "level" and "buy" results in more than half a million hits.

There are different options available to enable your game character to "get more power". One is to allow another person or persons to play your character for some time - thus allowing you to sleep during the night - and a separate industry has emerged in low-wage countries that offer this service.

Note that although some may argue that buying skills and paraphernalia is unethical and even cheating, it is not seen as illegal.

When one checks the prices involved in buying extra skills, it is not minor amounts involved, as one might expect. Those involved in the gaming community obviously have money to spend among themselves. The fact that several million players use the most popular games, shows that there is lots of money involved in this activity.

Unsurprisingly, however - when there is money involved, illegal activity lurks around the nearest corner!

A closer look at criminal activity involved in online gaming

There are various criminal activities associated with online role-player gaming. Such activity could be used to spreading "innocent" malware, but as we have seen in later years, malware is now mainly used as a tool for economic gain, thus not innocent at all. We will examine some techniques that are and might be used.

1. Hacking another user's character

Since the "goods" belonging to a character in a role-playing game can be sold for real money, identity theft of a game character is another twist of that type of criminal activity - we can call it "virtual identity theft". The same techniques apply to steal a person's virtual identity as the real-life identity - social engineering techniques, phishing (suggested neologism: "viphishing"?), email attachments with malicious software etc.

When a game character has been stolen, it can be used to sell its abilities and its "goods" to other players as we have seen above. It is quite difficult to find the person who has stolen your character, as she will have logged into the game legitimately. Presumably the game provider will have to be involved in the investigation in many cases.

2. Using the communication devices in the game as a vehicle for spreading malware

In earlier articles we have discussed the fact that any new communication method is susceptible to spreading malware, as the users' defenses are not as alert as they are using common communication devices. This also applies for the communication techniques that are available in online games. These games rely on chatting systems that may be used to post e.g. URLs to malicious web sites and/or applications. Some have special emailing systems, which thereby inherit the commonly known dangers involved in using email - malicious attachments, malicious links in the email body and so on.

One mitigating factor may be that the average user of online games is probably more computer savvy that most, and thereby may not be tricked by the most obvious attempts to fool him into downloading malware.

3. Infection of the game servers

The most severe danger would of course be if a malicious person managed to infect the game itself by malware that infects all users (e.g. when performing a particular action in the game). As far as we know, no malware has succeeded in using this as a spreading mechanism so far.

A money laundering alternative?

It is a known fact that some of the on-line poker games have been accused of being used for money laundering. The money involved in these sites are far beyond what is discussed in this article's content. However, when/if the (real) economy associated with online gaming increases this is an area where the authorities are advised to start monitoring for money laundering activity.