| From: Glenn Petersen | 2/5/2024 6:59:41 PM | | | | | | Attacks in the metaverse are booming. Police are starting to pay attention.
A growing cohort of activists are urging police forces to grapple with sexual attacks in virtual reality, but prosecuting digital abuse could be tricky
By Naomi Nix
The Washington Post
Updated February 4, 2024 at 11:31 a.m. EST
Published February 4, 2024 at 7:00 a.m. EST
Though the attack took place in virtual reality, Nina Jane Patel was surprised to feel her real heart racing in her chest.
Three male figures surrounded her avatar in Horizon Venues, a virtual live events program created by Meta. They touched her avatar’s breasts and pressed their torsos rhythmically against her, telling her that she wanted it. A fourth took photos of the incident in the app.
“My physical body was responding,” said Patel, 45, a virtual reality researcher and consultant with the Zero Abuse Project, describing the 2021 attack. “I was very uncomfortable. Fight or flight mode kicked in.”
Meta declined to comment on the incident.
As virtual reality programs are booming, so are reports of attacks, harassment and sexual assault. Some activists argue these incidents should be treated as serious — even criminal — acts. And authorities are starting to pay attention.
This spring, under a grant from the U.S. Justice Department, the Zero Abuse Project will hold workshops to explain the metaverse and its dangers to state and local police. And last month, the international law enforcement group Interpol called on global police forces to develop protocols to address crimes committed in VR, including sexual assault.
“With its increasing use and the number of participants,” Interpol wrote in a report , “there is a need to define what constitutes crimes and harms in the Metaverse.”
Emerging science suggests that harassment in digital worlds can have a profound psychological impact similar to real-life attacks. But prosecuting virtual crimes would require a dramatic rewriting of legal precedent. Laws governing rape and sexual assault require evidence that a physical incident occurred. And while harassment statutes might technically apply, they often require multiple offenses and are tricky to prove.
Some urge caution in declaring these real crimes, despite genuine harms.
“People kill each other all the time in video games but we don’t call them murderers,” said Aya Gruber, a law professor at the University of Southern California who has studied rape laws and called jail a “blunt tool” for addressing online behavior.
Others say the situation is urgent and demands immediate protocols. Dan Barry, an investigations specialist at the Zero Abuse Project, set up a test profile mimicking a 13-year old girl on VRChat, a virtual reality program. Almost immediately, the girl’s avatar was greeted by male avatars, who made sexual comments and asked her to chat privately.
“That child could be [sexually] assaulted by [an] adult,” he said. “There are not a lot of controls in these spaces.”
These challenges arise as major technology companies are investing billions of dollars into virtual reality programs, aiming to transform them into a new computing platform. Meta CEO Mark Zuckerberg has said virtual and augmented reality powered devices will eventually replace mobile phones and some in-person communication. Apple’s virtual reality headset, Vision Pro, went on sale Friday.
Many of the earliest adopters of virtual reality came from the video game industry — a sector that has struggled with racism, sexism and harassment. These issues exploded into the public in the 2014 phenomenon known as “gamergate,” when internet trolls organized to harass women in gaming circles.
Experts say these issues have migrated to social VR apps, where users interact with each other in virtual bars, concerts and event spaces. One 2018 study found that 49 percent of women who regularly used VR reported experiencing at least one instance of sexual harassment.
For people who use VR harassment “is a growing concern,” said Clemson University professor Guo Freeman, author of a forthcoming study on harassment in the metaverse. “Some people actually told us they would quit” because of the abuse.
Experts say the immersive nature of virtual reality can make online attacks feel real. Researchers use the phrase “embodiment” to describe the intimate connection people feel with their digital avatar. Headsets from Apple and Meta with advanced audio and “eye-tracking” enhance this feeling, by making virtual experiences seem real.
“This type of immersive and embodied experience [makes] harassing behavior feel as realistic as in the physical world,” Freeman said. “It’s like my offline body is attacked because it feels so real. It’s like someone is touching me.”
Patel said that she logically knows her attack happened to a digital avatar, hearing the voices of her attackers in her ear made it feel like it was happening to her body.
While victims might suffer profound emotional impacts, it’s unlikely that law enforcement and courts will interpret these experiences similarly. Most legal definitions of rape require a physical sexual act to have occurred in order for prosecutors to pursue a case, said John Bandler, a lawyer specializing in cybersecurity and former assistant district attorney at the New York County District Attorney’s Office.
“It’s not a rape as defined in the criminal law,” Bandler said of attacks in virtual reality. “It’s not an act in the physical world.”
Experts said it might be possible to prosecute offenders under a lesser harassment charge. But those charges are often made when the perpetrator has committed multiple offenses over time, said Mary Anne Franks, a George Washington Law School professor.
“To rise to the level of something criminal, [a perpetrator] would have to have done something repeatedly — that is follow this person home or they show up at work the next day,” Franks said. “And online too, there would need to be more than just one incident, where someone has been aggressive.”
Franks added that law enforcement agencies have historically not always prioritized harassment cases in the physical world and might be even more reluctant to devote extensive resources to investigate virtual incidents.
“There’s a long standing view that these kinds of assaults — this kind of abuse — isn’t as real and not as serious,” she said.
Many caution that more research is needed to understand the impact of criminal or unethical behavior in VR before it’s criminalized.
Soon after her attack, Patel wrote about her experience on Medium and she was bombarded with emails telling her she was “stupid” and “ridiculous” to call her experience an assault.
“I had no intentions of being the woman who was sexually assaulted in the metaverse,” she said. “What my intention is is to share my story — this story, the story of many, in order to raise the alarm bells.”
Why Metaverse sexual assaults could be difficult to prosecute - The Washington Post |
| | Binary Hodgepodge | Stock Discussion ForumsShare | RecommendKeepReplyMark as Last Read |
|
| To: Ron who wrote (6754) | 2/10/2024 2:59:59 PM | | From: Ron | | | | Turns out the hacked toothbrush story was false, an urban legend: An update from Wired:
How 3 Million Hacked Toothbrushes Became a Cyber Urban Legend
Hackers have, in the real world, caused blackouts, set fire to a steel mill, and released worms that took down medical record systems in hospitals across the US and the UK. So it hardly seems necessary to invent new nightmares about them taking over our toothbrushes.
Yet, when the Swiss newspaper Aargauer Zeitung published a story that cybercriminals had infected 3 million internet-connected toothbrushes with malware, then used them to launch a cyberattack that downed a website for four hours and caused millions of dollars in damage, the tale was somehow irresistible. This week, news outlets around the world picked up the story, which quoted the cybersecurity firm Fortinet as its source, spinning it out as the perfect illustration of how hackers can exploit the most mundane technology for epic malevolence. “This example, which seems like a Hollywood scenario, actually happened,” the Swiss newspaper wrote.
Except, of course, it didn’t. Cybersecurity professionals quickly started to point out that the story was unsupported by any evidence—and was somewhat absurd on its face. (Even the Mirai botnet, which knocked out its targets with record-breaking tsunamis of junk traffic and eventually broke a large fraction of the internet, infected only 650,000 internet-connected devices at its peak.)
Fortinet belatedly sought to correct the record, writing in public statements that “it appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred.” But the Aargauer Zeitung pointed the finger back at Fortinet, noting in a follow-up story that Fortinet provided exact details of the dental doomsday it described as real, and that the company even reviewed the text of the article prior to publication. Regardless of who’s to blame, at least this cyber urban legend has inspired some solid meme content.
wired.com |
| | Binary Hodgepodge | Stock Discussion ForumsShare | RecommendKeepReplyMark as Last Read |
|
| From: Ron | 3/5/2024 8:56:46 AM | | | | | | The ransomware attack targeting medical firm Change Healthcare has been one of the most disruptive in years, crippling pharmacies across the US—including those in hospitals—and leading to serious snags in the delivery of prescription drugs nationwide for 10 days and counting. Now, a dispute within the criminal underground has revealed a new development in that unfolding debacle: One of the partners of the hackers behind the attack points out that those hackers, a group known as AlphV or BlackCat, received a $22 million transaction that looks very much like a large ransom payment.
On March 1, a Bitcoin address connected to AlphV received 350 bitcoins in a single transaction, or close to $22 million based on exchange rates at the time. Then, two days later, someone describing themselves as an affiliate of AlphV—one of the hackers who work with the group to penetrate victim networks—posted to the cybercriminal underground forum RAMP that AlphV had cheated them out of their share of the Change Healthcare ransom, pointing to the publicly visible $22 million transaction on Bitcoin's blockchain as proof.
That suggests, according to Dmitry Smilyanets, the researcher for security firm Recorded Future who first spotted the post, that Change Healthcare has likely paid AlphV's ransom. “You can see the number of coins that landed there. You don’t see that kind of transaction so often,” Smilyanets says. “There’s proof of a large amount landing in the AlphV-controlled Bitcoin wallet. And this affiliate connects this address to the attack on Change Healthcare. So it’s likely that the victim paid the ransom.”
A spokesperson for Change Healthcare, which is owned by UnitedHealth Group, declined to answer whether it had paid a ransom to AlphV, telling WIRED only that “we are focused on the investigation right now.”
Both Recorded Future and TRM Labs, a blockchain analysis firm, connect the Bitcoin address that received the $22 million payment to the AlphV hackers. TRM Labs says it can link the address to payments from two other AlphV victims in January.
If Change Healthcare did pay a $22 million ransom, it would not only represent a huge payday for AlphV, but also a dangerous precedent for the health care industry, argues Brett Callow, a ransomware-focused researcher with security firm Emsisoft. Every ransomware payment, he says, both funds future attacks by the group responsible and suggests to other ransomware predators that they should try the same playbook—in this case, attacking health care services that patients depend on.
wired.com |
| | Binary Hodgepodge | Stock Discussion ForumsShare | RecommendKeepReplyMark as Last Read |
|
| From: Ron | 5/29/2024 10:54:28 PM | | | | | | FBI Takes Down Massive Global Army of Zombie Computer Devices
The botnet, which was spread across more than 190 countries, enabled financial fraud, identity theft and access to child exploitation materials around the world, according to a statement issued on Wednesday by FBI Director Christopher Wray. Other violations tied to the botnet included bomb threats and cyberattacks, likely leading to billions of dollars in victim losses, according to a statement from the Department of Justice.
The botnet was tied to more than 613,000 IP addresses located in the US, authorities said.
finance.yahoo.com |
| | Binary Hodgepodge | Stock Discussion ForumsShare | RecommendKeepReplyMark as Last Read |
|
| |
