MetaSecurity

Consumer guide to virtual worlds - published by the Association of Virtual Worlds can be

downloaded here.

Senate report on the Internet and homegrown terrorist threat.

Can be downloaded here.

The excellent Dark Web project at Arizona Universities Artificial Intelligence Lab has recently completed research into the use of Web 2.0 media by International jihadi groups. While fascinating in some respects it also clearly demonstrates how traditional text-mining attempts to collect data can be applied to some Web 2.0 applications, but miss the mark with virtual worlds.

The leader of the lab Dr. Chen kindly forwarded their research paper to me and it can be linked to here (Cyber Extremism in Web 2.0: An Exploratory Study of International Jihadist Groups or here). In essence the Dark Web project’s methodology is to search for material with extremist or terrorist style language (but please read the paper for a better description of methodology). Interestingly, they concluded that sites such as Facebook and MySpace, which have been big components of the Web 2.0 milieu are not suited to the propagation of extremist views,

“We did not consider social networking sites, such as MySpace and Facebook, although they are a major component of Web 2.0. Based on our preliminary exploration, we found that the prevalent amount of personal data on these sites, the tight social linkages, and the potential issue of “guilt by association” (for site owners and “friends”) may have discouraged extremists from using such a medium.“

With regard to virtual worlds the Dark Web project found nuanced evidence of extremist ‘activity’ within Second Life, by using Second Life’s internal search system to look for text containing extremist language. More than anything this highlights the difficultly in researching extremist movements within virtual worlds as the worlds themselves do not easily allow themselves to be searched or data-mined in this fashion. The issue of search within virtual worlds has been grappled with by a number of commentators, the problem being what to search for, people, content, land, buildings, events, etc. But more importantly language used within virtual worlds doesn’t hold the same meaning when pulled out of its in-world context. For example the dark-web project cites a number of groups it discovered in Second Life using extremist language, one of who (Terrorists of SL) has a small virtual headquarters called ‘Taliban Towers’. An examination of this site and associated group would tend to suggest they are a role-playing collective with little real-world application. The same goes for other in-world organizations such as, Elite Jihadi Terrorist group.

Therefore, what this research does is point to something fundamental about how global intelligence and law-enforcement agencies need to approach the examination of virtual worlds, and that is that raw data-crunching is likely to prove unsatisfactory. Ironically, virtual worlds require a uniquely human approach. The only sure way to gather information on extremist or criminal groups operating in virtual worlds is to enter the environment and interact with the suspected groups. The United States Intelligence community is not short of computing power but what this new environment needs is the human touch or to put it in the language of the Beltway — layer Virtual-HUMINT over the SIGINT mission.

Good piece in the FT by David Wortley on business use of 3-D worlds. He specifically mentions the need for enhanced security as a prerequisite for wider adoption of virtual environments by business,

“For commercial operations to settle with confidence into virtual worlds, far more work is going to be needed on security. It is virtually impossible to find out the real identity of people behind the avatars - meaning they have no responsibility for what they do.

Web visitors to company sites are similarly anonymous, but they do not have the same opportunity to abuse staff, band together to organise protest raids, or generally upset other visitors.

Some form of digital signature will be needed to ensure avatars are held to account for their actions, just as they would be in the real world.

In many ways, the growth of virtual worlds is like the frontier towns of the Wild West, where new social forms were worked out messily and in public. In the same way, new codes of behaviour will eventually be adopted.”

Yesterday saw the release of Grand Theft Auto IV accompanied as usual by howls of protest from certain quarters of the media about declining moral standards. For the uninitiated Grand Theft Auto is a video game where the player takes on the guise of a criminal character in Liberty city, which is modeled to look like New York City. Whatever the protests the game is set to break opening week sales figures of over $400M, arguably making video games the most dominant of all media forms. This fact, rather than the predictable tut-tutting of assorted commentators is a trend, which is worth examining from a security and intelligence perspective.

There are a number of ideas flying around at the moment that don’t fall under a single banner but which taken as a whole can be thought of as suggesting a new way of considering terrorism or counter-terrorism, particularly through the lens of gaming and other immersive environments. The two categories that roughly coalesce are the application of gaming logic to real-life scenarios and the projects that have emerged from the ‘human terrain mapping’ initiated by the Pentagon. Putting these two modules together allows for a peek over the horizon at what might be next.

There is little doubt that gaming culture is becoming a powerful and pervasive part of society, especially the compelling nature of Massive Multiplayer games. The way these games are designed– the intricate procedural architecture of earning points for completing certain tasks in certain ways, is a template that can be applied to real-life; especially if one were to overlay a gaming template onto real-life activities. One group that has been active in this realm is 42 Entertainment that produce Alternative Reality Games (ARGs) in order to market products. The first such ARG was tied to the Steven Spielberg movie, ‘AI: Artificial Intelligence’ and was developed by Jordan Weisman, then a Microsoft executive before he founded 42 Entertainment. The ‘AI’ game involved millions of people across the planet collectively solving a series of puzzles both online and in the real world and became known as ‘the Beast‘. ARG game tasks are too complicated for any one person but the Internet allows for a collective intelligence to emerge and assemble the pieces and solve the puzzles.

Two authors have recently expertly explored these themes in two quite stunning books. The first and most far-reaching is Daemon by Leniad Zeraus (Daniel Suarez). The book explores the overlaying of a gaming system onto real-life by a deceased computer game designer. This book is as intellectually expansive as Snow Crash, which is widely credited with inspiring today’s virtual worlds. The books suggestion of a world controlled by techniques directly adapted from gaming procedures is provocative and compelling. The second and more focused book is Halting State by Charles Stross, which explores a robbery at a virtual bank and again the overlaying of gaming architecture onto real-life. This theme of applying gaming logic over real life doesn’t as yet have a snappy title, although ARG comes close (perhaps Daemon is better though). Whatever you call the system it does rely, at heart, on the fact that human behavior is becoming more predictable through the collection of data about our online lives. What is remarkable at The Daemon is how much the novel relies on human social engineering as well as advanced software to make its case.

The data being collected on users by technology companies, ISP’s and a host of other entities allows for the creation of models that with a built in level of error can somewhat predict future human behavior. One such researcher in this area is Paul Torrens who has programmed avatars to replicate certain human physical behaviors, and then by placing them in crowd situations predications can be made on the direction of the crowd. This is the fruit of the human terrain mapping projects coming out of DARPA. Nobody is quite clear as yet what the models can be used for other than obvious areas such as, the design of buildings or crowd control but this research could be combined with the gaming architectures to produce real-life gaming parameters where human responses are predictable within a range of options.

By now you may be wondering what has this all got to do with national security? Well these systems may be very good ways of organizing distributed groups to complete complex tasks — for good or ill. The first advantage is the built in level of security as participants would not be required to know who else was involved in the wider platform or what the end result was supposed to be. The best way to highlight this is to think about the 9/11 terrorist attacks in gaming terms. By considering the desired end result the terrorist-designer of the real-life game could work backwards to gather the necessary resources and skills. Entry level gamers would (in real life) score points for learning English, becoming familiar with airport security (again tested online), radicalization (their zeal could be ranked using online quizzes and interviews and scored accordingly) and of course their capability on flight simulator software. This ‘game’ could be offered to numerous people without any of them being aware of what the purpose was. Those who score the highest could be sent the actual funds to carryout the operation. This is of course looking backwards an ARG (or Daemon) system such as this could be constructed by any radical or even mainstream organization in order to develop recruits or conduct a wide variety of distributed small tasks that collectively add-up to a significant whole. What works for one side also works for the other. Intelligence agencies around the world are currently asking themselves what their response should be to virtual worlds and gaming in general. One answer is certainly to adapt the underlying systems of these games to conduct some national security functions - training agents and organizing individuals to act as part of a massively distributed project are two such possibilities. Drawing the larger lessons from gaming architecture is the strategic response to rise of gaming and virtual worlds.

The adoption of gaming culture and platforms into real-life is a realistic scenario and one with potential benefits as well as pitfalls. The lesson from Grand Theft Auto IV’s expected success isn’t that we should be worried about declining moral standards, it is that gaming culture is now pervasive and as with all technology innovations it can be adapted by anyone for fair means or foul.

Also posted over at the Counter-Terrorism Blog.

Apparently the Chinese virtual world HiPiHi has opened for public beta.

Clearly a significant shift in the world of virtual worlds!

Interesting profile — in which he discusses Second Life’s economy and the challenge of law enforcement (or not) in a globalized virtual word operating across legal jurisdictions. Worth a read:

Link here.

Announcement of new Linden Lab CEO, Mark Kingdon here.

Link here to Yaniv Berman’s article.

Ignore the silly avatar!

COUNTER-TERRORISM agents have launched an investigation into a multi-national terror threat made against an Australian using internet social networking website Facebook.

The first investigation of its kind was prompted by a death threat emanating from the Middle East against a Jewish woman and her family from an alleged member of the Iranian-backed terror outfit Hezbollah.

The woman received the death threat from the self-proclaimed terrorist through the website after she declined the man’s online “friendship request”.

The Weekend Australian understands the man - who described himself as Ibrahim Dirani and a member of a Lebanon-based Facebook group - was banned by the network after police launched their investigation this week. The victim - who lives in Melbourne and is a member of an Israeli-based Facebook group - told police the alleged Lebanon-based Hezbollah operative promised to kill her and her family.

According to police documents, the man wrote: “I am Hezbollah and I am going to kill you and all of your family - promise you.”

The investigation comes as security agencies question their ability to address serious online threats made against Australian citizens by foreign culprits.

“The international nature of the website makes it very hard for agencies to … physically track down those involved,” a security source said.

“People on those website often set up their pages under false details.”

Counter-terrorism expert Anthony Bergin yesterday warned Facebook users that terrorist networks might also be using the website to attract recruits, “inthe same way a pedophile might look at those sites to potentially groom would-be victims”.

Melbourne University’s information technology senior lecturer Shanton Chang said Facebook members often left themselves exposed to being targeted by terrorists and urged against indiscriminately inviting anyone to be an online friend. “The issue with having friends on Facebook, whether you know them or not, is once they’re your friend, they can access and have a look at anything about you listed on there,” Dr Chang said.

“And a lot of these people … they actually haven’t met in real life.

“And so it becomes easier, whether you’re a terrorist group, a marketing group, whether you’re spying on people, to actually look through people’s profile because there’s just a lack of understanding of who may be looking at your profile.”

Dr Chang’s comments follow reported warnings by the Canadian Defence Department in February that al-Qa’ida operatives were monitoring Facebook.

Dr Chang said Facebook and social networking sites users would over time become more savvy in identifying genuine members from troublemakers.

Link to original article here