Practical Attacks on Virtual Worlds

  • Graham Hili
  • Sheila Cobourne
  • Keith Mayes
  • Konstantinos Markantonakis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8924)

Abstract

Virtual Worlds (VWs) are immensely popular online environments, where users interact in real-time via digital beings (avatars). However, a number of security issues affect VWs, and they are vulnerable to a range of attacks on their infrastructure and communications channels. Their powerful architecture can also be used to mount attacks against live Real World servers, by using malicious VW objects. Researching these attacks in commercial VWs would not be acceptable, as it would be contrary to the terms of conditions which govern acceptable behaviour in a particular VW. So in this paper, attacks were conducted/analysed in a laboratory-based test bed VW implementation developed specifically for the research, with custom built attack and analysis tools: commercial VWs were used for data gathering only. Results of these experiments are presented, and appropriate countermeasures proposed which could reduce the likelihood of the attacks succeeding in live VWs.

References

  1. 1.
    Aurora-SIM: A new Vision of OpenSim (2014). http://aurora-sim.org
  2. 2.
    Cheat Engine (2014). http://www.cheatengine.org/
  3. 3.
    Kali linux (2014). http://www.kali.org/
  4. 4.
    LUA (2014). http://www.lua.org/
  5. 5.
    OllyDbg (2014). http://www.ollydbg.de/
  6. 6.
  7. 7.
  8. 8.
    Virtual Box (2014). https://www.virtualbox.org/
  9. 9.
  10. 10.
    Blizzard Entertainment Inc.: Battle.net authenticator (2014). https://www.eu.battle.net/support/en/article/battlenet-authenticator
  11. 11.
    Blizzard Entertainment Inc.: Warden (software) (2014). http://www.wowwiki.com/Warden_software
  12. 12.
    Blizzard Entertainment Inc.: World of Warcraft (2014). http://eu.battle.net/wow/en//
  13. 13.
    Combs, G.: Wireshark (2014). http://www.wireshark.org/
  14. 14.
    ENISA: Position Paper: Virtual Worlds, Real Money, November 2008. http://www.enisa.europa.eu/publications/archive/security-and-privacy-in-virtual-worlds-and-gaming
  15. 15.
    Even Balance Inc.: Punkbuster (2014). http://www.punkbuster.com/
  16. 16.
    Fernandes, S., Antonello, R., Moreira, J., Sadok, D., Kamienski, C.: Traffic analysis beyond this world: the case of second life. In: Proceedings of the 17th International Workshop on Network and Operating Systems Support for Digital Audio & Video (NOSSDAV) (2007)Google Scholar
  17. 17.
    Funkhouser, T.A.: Ring: a client-server system for multi-user virtual environments. In: Proceedings of the 1995 Symposium on Interactive 3D Graphics, I3D 1995, pp. 85–92. ACM, New York (1995)Google Scholar
  18. 18.
    Hoglund, G., McGraw, G.: Exploiting Online Games: Cheating Massively Distributed Systems. Addison-Wesley Professional, Reading (2007)Google Scholar
  19. 19.
    Katz, N., Cook, T., Smart, R.: Extending web browsers with a unity 3D-based virtual worlds viewer. IEEE Internet Comput. 15(5), 15–21 (2011)CrossRefGoogle Scholar
  20. 20.
    Kyrillidis, L., Hili, G., Cobourne, S., Mayes, K., Markantonakis, K.: Virtual world authentication using the smart card web server. In: Thampi, S.M., Atrey, P.K., Fan, C.-I., Perez, G.M. (eds.) SSCC 2013. CCIS, vol. 377, pp. 30–41. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  21. 21.
    Linden Research Inc.: Second Life (2014). http://secondlife.com/
  22. 22.
    Muttick, I.: Securing virtual worlds against real attacks -the challenges of online game development. Technical report, McAfee, Inc. (2008). https://www.info-point-security.com/open_downloads/2008/McAfee_wp_online_gaming_0808.pdf
  23. 23.
    OWASP: Top Ten Project (2013). https://www.owasp.org
  24. 24.
    Russinovich, M.: Process explorer (2014). http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx
  25. 25.
    Russinovich, M., Cogswell, B.: Process Monitor v3.1, March 2014. http://technet.microsoft.com/en-us/sysinternals/bb896645
  26. 26.
    Sweetscape Software Inc.: 010 Editor (2014). http://www.sweetscape.com/010editor/
  27. 27.
    Thumann, M.: Hacking SecondLife. In: Black Hat Briefings and Training (2008). https://www.blackhat.com/presentations/bh-europe-08/Thumann/Presentation/bh-eu-08-thumann.pdf

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Graham Hili
    • 1
  • Sheila Cobourne
    • 1
  • Keith Mayes
    • 1
  • Konstantinos Markantonakis
    • 1
  1. 1.Smart Card Centre, Information Security Group (SCC-ISG)Royal Holloway, University of LondonEghamUK

Personalised recommendations