A quick note on the upcoming speaker for the HTCIA Ottawa Chapter. Bruce Cowper of Microsoft Canada will be speaking on the Top Security Threats for 2010. The date for the presentation is February 9, 2010 and it is at Russell’s Lounge at the Ottawa Police Association.

Bruce is an excellent speaker and I would encourage anyone in the Ottawa area who is interested in technology security and investigations to join us at the event.

Last week I had the pleasure of representing Evince Services Inc. at the Miss J’s Cocktails for Cancer fundraiser held at the Aulde Dubliner and Pour House in downtown Ottawa. The venue was quite busy and those that attended had a great time.

All proceeds were donated to the Ottawa Regional Cancer Foundation. The funds raised from this event will not be used for medicine or for research but rather are used to improve the quality of life of the patients receiving treatment and providing support for their families.

Congratulations to Miss J. herself for holding such a successful first event. It was the “first annual” so I’m excited to watch this event grow in the future. The intent is to hold the event on the same day every year, the Thursday before the Easter long weekend so mark your calendars now for 2010!

The European Network and Information Security Agency (“ENISA”) released a position paper on some of the concerns associated with existing virtual worlds, mmorpgs and where these environments are headed.

Overall it is a good introductory paper and worth a read for anyone looking for a broad overview on some of the existing scenarios, as well as some of the “potential threats” that could occur involving these platforms.

I specifically liked how the paper tries to address both criminal and civil concerns. It also sheds light on issues relating to both individuals (i.e. privacy, identity theft) and entities (intellectual property issues, leak of confidential information).

In addition to its secondary source research the ENISA also conducted a survey of 1,500 users of VWs and MMORPGs to reach their findings.

Some highlights that the report mentions:

*Project Entropia, a MMO/VW where assets and property-rights are well-defined, claimed an annual in-world turnover of US$ 360 million in 2006.

*The largest segment of the MMO/VW economy takes place outside the allowed limits of the MMO/VW (much of it not officially sanctioned by the world’s EULA), ie, on the black market.

*Total global real money trades (RMT) in MMO/VWs were recently estimated at US$ 2 billion.

*An analyst referenced in a Wall Street Journal article predicted that “non-subscription revenues” from the volume of real-money trades (RMT) on the virtual items market will reach US$5 billion by 2007.

*The report estimates that there are nearly 1 billion registered users of MMO/VWs world wide.

*The most important security threat to MMO/VWs is the theft of virtual assets using identity theft. The ENISA survey (18) showed that 30% of all users had lost something of value and only 25% of those had recovered the items. The most common way of achieving this is to steal a character’s account credentials (username and password) and log into their account.

The report touches on money laundering in the context of credit cards (specifically charge backs) but mentions that the scenario is only a theoretical possibility as no actual cases have been reported.

Interestingly, the report does not mention the recent break up of a Korean money laundering ring. According to the article from the English version of donga.com the ring had laundered $38 million using a combination of virtual currency, virtual item brokerages and of course willing participants and their bank accounts.

I haven’t found a copy of the actual police report to the media or any kind of public finding identifying the charges. If any one that has access to any kind of “official” version verifying these reports I would greatly appreciate a copy.

It is likely that the ENISA report was drafted prior to the release of the South Korean case or alternatively because they have not been able to verify the information independently.

I would like to thank Susheel Gupta, a Federal Prosecutor with the Department of Justice of Canada for providing me with this paper. Sush is an expert on computer crime and a fellow member of the Ottawa Chapter of the HTCIA, among his many other endeavors.

I am happy to report that the Ottawa Chapter of the High Technology Crime Investigators Association is hosting its annual Fall Case Study again this year. This year’s case study is sure to be interesting to anyone involved in new technologies, social media, MMORPGs and Virtual Worlds.

Here is some of the information available from the summary on the HTCIA Ottawa Chapter’s website:

In this year’s case study we will learn how a highly sophisticated international organized crime is running a stealth operation in the black markets of virtual world & game crime. The operation acquires victims’ assets and identities through various schemes. It then uses the capabilities of virtual worlds and auction sites to launder funds and fence the stolen goods.

Although the case is fictional, it promises to be informative and very interesting. For a look at the rest of the case study summary, as well as speaker information and times please visit here.

The first of the three part series will be happening on Tuesday September 9, 2008 at the Ottawa Curling Club 440 O’Connor Street, Ottawa, ON.

For more information on the High Technology Crime Investigation Association, please visit the International Organization’s site. For more information on our local chapter, please visit the local chapter’s site .

Evince Services, Inc. is happy to announce that it has become a corporate member of The Canadian Centre for Ethics & Corporate Policy.

The organization’s mission is to champion the application of ethical values in the decision making process of businesses and other organizations. The Centre provides its members with a series of speakers, opportunities for education as well as other resources and initiatives to meet these goals of promoting ethical standards.

At Evince we understand that within today’s corporate environment, there is a technological evolution happening involving various social media platforms and Internet based technologies. This shift is altering the way that corporations interact with both internal and external stake holders.

We are happy to be able to contribute to the understanding of this new corporate environment; as well as how existing policies, procedures and systems can be modified to map to this evolution.

For further information on The Canadian Centre for Ethics & Corporate Policy please visit their website at www.ethicscentre.ca.