There’s a post up at the Counterterrorism Blog about the possible use of virtual worlds by terrorists.
While the scenario they detail in the article is technically feasible, I do not think it is very plausible.
The article details a scenario where a terrorist organization uses Second Life to set up a virtual terrorist camp. At this camp they are able to stream bomb making videos into the virtual world to an audience of terrorists from across the globe. The instructor can answer questions from the students in avatar form. And the students can be in their individual countries in the comfort of their own homes (or caves) while learning these valuable destructive skills. It also uses the scenario of this fictional organization laundering money around the globe using the Linden Exchange in 5,000$US chunks.
While technically feasible, I cannot imagine any terrorist organization (or other Crime Organization) doing this for a number of reasons:
Second Life is hosted on Linden Lab servers (read: private company owned servers). There are log files, and an electronic bread crumb trail of users through the system.
While the videos may be hosted on other streaming servers, they are being linked in through objects in-world. In order for the video to stream from one of these other servers, it has to be open to the Internet (not password protected) and vulnerable to discovery.
There are trading limits imposed by Linden Lab on currency transactions. You have to have a legitimate account (use a credit card), and have been online trading for a period of time before you can reach the higher transaction limits. In other words you have to establish a pattern of transactions and stability of access (IP’s in the log files at Linden Lab and your ISP).
In order to conduct terrorist training activities you would have to own land if you wanted privacy. In order to own land you have to have business dealings with Linden Lab (ie: your identity is known).
If you did not own land, and instead used public spaces in-world, wandering avatars would likely stumble on the camp.
Assuming you purchase land on the main grid, or on a private island, you have to specifically add accounts to allow access. Again, building a virtual paper trail of bread crumbs in the Linden servers of who is involved with your private space.
The economic statistics of Second Life are published. The Counterterrorism blog uses 5,000$US transfers as an example for terrorists moving, or laundering, money internationally.
The exchange rate today is hovering at 277$L to 1$US. So 5,000$US exchanges into 1,385,000$L.
According to the posted statistics for the month of February, ONLY 571 residents had spending exceeding 1,000,000$L, and of those ONLY 149 residents had individual transactions of 500,000$L or more.
Terrorists would not be able to make single large transfers of funds, but would instead have to break them up into much smaller transactions to avoid drawing attention to themselves, and even then they would still end up in the select group of 571 residents spending over 1,000,000L$ in a single month (who knows, they might even get a BusinessWeek article pitched to them).
There are many different eavesdropping technologies across the Internet. Unless all discussions are in code, or at least encrypted, the keywords of the terrorist trade would be passed over the Internet in clear text. These are very likely to pass through at least a few listening appliances on the Internet that watch for just such packets. And all packets carry the source and destination IP addresses, again leaving little electronic bread crumbs.
In my opinion, this scenario is more SciFi than reality. Until Second Life reaches into many millions of subscribers (subscribers because they can link a credit card to their account), this is just not very feasible or likely. A mash-up of YouTube, PayPal and Blackboard are much more likely, and even those are far too public for this type of usage.
A much more realistic scenario would use industry standard server platforms. What if the terrorists were running their own Groove Enterprise Server from Microsoft. This could be done under a business or organizational cover (even a small college). There’s full support for file sharing and notification of users when files change. Full project management tools are at their disposal, and the system runs through a replication model that does not require concurrent connections. And all communications are encrypted. Money could be laundered through fake ebay auctions, or any number of other high volume Internet based “businesses” as cover. This is a much more likely and realistic use of the Internet for these types of activities.
It still baffles me as to why so many people are connecting so many negative uses to the Second Life platform. We need to spend more time focusing on the positive uses of Second Life (and other upcoming platforms like Multiverse), preparing for the negative, and then enacting measures to help ensure the technology is not abused for illegal activities. I’m sure we could have a whole other debate on privacy and identity in MMORPG’s, but that will be for another time.