Social networking is the most profound issue affecting security professionals today, according to federal agent Kevin Zuccato, director of the Australian High Tech Crime Centre (AAHTCC).
Zuccato, who joined the Australian Federal Police in 1986 and has spent three years with the AHTCC, said massive social networking Internet sites, such as MySpace and Second Life, are problematic because they "extend the crimescene and areas where criminals can operate" beyond conventional organized and street crime.
"There are real sweat shops in Second Life that are designing swords and items for online gaming instead of wallets, and people who own online shops are getting mugged," Zuccato said at the Security 2007 Conference in Sydney today.
He said online currencies, such as Second Life's Linden dollars, open another channel for criminals to launder money because they can often be exchanged for real money through anonymous transactions.
"My crime scene just went to a three-bedroom house in Sydney to the entire globe - the challenges of obtaining information [on IP crimes] and [coordinating] it is enormous," Zuccato said.
And the popularity of these social networking sites is staggering; more than 6 million players have joined Second Life since October last year, while the total spend by users purchasing items in the virtual world's shops has risen from $US179,000 for the month of October to $US1.7 million a day. The site also produced its first online millionaire last year.
However there are very "real world" risks for online players and entrepreneurs, according to Zuccato who spoke of extortion of online gaming houses using denial of service (DoS) attacks, and their respective protection rackets demanding money for protection against such attacks.
So real is the threat, Zuccado said, that the Vancouver Police and the Internet Industry Association (IIA) have their own online "islands" on Second Life where they operate legitimate IP-related investigations.
"The increased user functionality and realism of social networking sites and massively multiplayer online games pose "serious issues to the ability to fight IP crime", according to Zuccato.
He said the replica weaponry and virtual environments found in online games allow terrorists to train online without leaving national borders, because the maps and equipment used are based on their physical equivalents.
"You could use Google Earth to find [The Sydney Convention Centre], generate blueprints of the building, and turn it into an online map to train on using an online game's map generator," Zuccato said, adding that an online map of Amsterdam was recently sold for $50,000 using the same methodology.
Zuccato requested delegates to help the AHTCCfight crime by providing information on how and why their business uses the Internet, what security measures they have implemented, and what risks they have encountered.
He said the private sector owns more than 95 percent of Australia's IT infrastructure, and said beefing-up regulation will not solve IP crime because of both the cat-and-mouse race of law enforcement versus changing technology and communication platforms, and the difficulty in policing cross-jurisdictional boundaries between countries due to differing laws.
"The Internet challenges the whole notion of identity; whether you are a hacker, a second lifer, or someone who doesn't go online, and we need a different strategy to tackle IP crime than what works for [real-world] crime."