On Saturday, February 27, 2010, a very interesting article in the San Francisco Chronicle called, Real threat in virtual battleground: hackers” by Alejandro Martínez-Cabrera, Chronicle Staff Writer (http://xrl.in/4pe1), discussed the virtual world called World of Warcraft (WoW). For those folks that don’t know what WoW is, haven’t played on line, or haven’t seen the excellent South Park episode that spoofs WoW, the simple explanation is to say that it’s a virtual medieval world where you can adopt a character, buy stuff with virtual currency, go on quests, and pick fights with other characters in the game.
What I was unaware of until this article came out was the following: “Experts say the underground secondary market where hackers buy and sell stolen online gaming accounts, items and in-game currency has become a billion-dollar criminal industry. In hacker forums, a WoW character account can sell for as much as four times the value of a stolen credit card, said Steven Davis, chief executive officer of game security firm SecurePlay.”
If this sounds like a case of ‘art mirroring life’, it hit me that way too. In real-life, identity theft occurs and for a time these stolen identities were bought and sold in a sort of hacker market place. The interesting difference for me is that every action in the virtual world leaves digital footprints in log data where in real-life this isn’t always the case. This points to a need for a very highly scalable solution that can provide for monitoring of user actions while looking for patterns of account activity that could mean identity theft or fraud in the game.
Because the types of fraud/threats to players are constantly evolving, this isn’t a situation where a filtered SIEM style view of the games logs will work. Detective work can’t be limited or filtered to only what you expect to find. If the fraudsters limited their fraud attempts to what was expected – my guess is that we’d have stamped out fraud a long time ago. No, what’s interesting is what you don’t expect to find. Imagine a CSI episode where the hero limits the investigation only to what they expect to find. This would be bad detective work and boring television.
With over 10 million players in the game (that’s the total population of New York City and Chicago combined), the bad part of art mirroring life will continue given the amount of opportunity. Policing a virtual world can’t be easy and with all the players thinking that everyone in the virtual world is there just for an innocent bit of fun, thieves are likely much more emboldened and opportunities too huge to resist. Massively scalable search against all the data for patterns is Splunk’s forte.