Patrolling the Metaverse: Stopping Cybercrime, Training Forces
The global police agency Interpol is investigating how the organization could police crime in the metaverse and has also built its own virtual reality space where users can do training and attend virtual meetings.
As the metaverse advances and the difference between a cyber existence in the metaverse and current “real life” becomes less defined, the potential for malicious actors to perpetrate a range of criminal activity is likely to grow.
Currently, a growing issue concerns cyber-physical security, where digitally connected assets can be used to create physical acts of crime or terrorism -- think Colonial Pipeline, Stuxnet, and others.
In the metaverse, such crimes could be easier to perform and potentially acted out on a much larger scale.
As these threats grow more concrete, governments and international law enforcement agencies are working on plans to not only “police” the metaverse but use virtual worlds to train law enforcement agents.
The Role of Governments and Regulatory Bodies
“Because cybercrime has the potential to impact the population at large, there is clearly a role for governments and the public sector to police and set guidelines and policies,” says Bud Broomhead, CEO at Viakoo.
He points to efforts by the US Government in the past few years to establish mandates and provide information, including CISA’s Known Exploited Vulnerability catalog, as an indicator there will more involvement by governments in general to prevent cybercrime.
“International regulations should focus on the potential for the metaverse to be a venue to act out crime on a massive cross-border scale,” Broomhead says.
Gartner director analyst Tuong Nguyen says governments and regulatory bodies must understand the implications of an increasingly digital world to effectively regulate or put proper guidance in place.
“Outside of this, it’s mainly a political issue,” he says. “How is cybercrime handled today? If you committed a crime in country A, live in country B, while all the digital assets and transactions for the crime were hosted in country C, who has jurisdiction and why?”
From his perspective, this is an example of how the topic of crime in the metaverse still needs to be addressed.
“They are in fact issues that exist pre-metaverse and will only become more common and exacerbated with the metaverse era,” he says.
Metaverse Threats Run the Gamut
Nguyen says the risks of cybercrime in the metaverse are very similar to what we have today with the internet and digital spheres in general.
“The issue is perpetuated because we’ll be faced with an unprecedented amount and degree of exposure and interaction with digital content,” he says. “This includes crimes around fraud, data manipulation, and stalking.”
For example, currently, you may have an identity tied to your email account, but this is one of many accounts you have on the internet.
As we move toward the metaverse era, the idea is that many of these accounts (identities) are harmonized so you can manage them more effectively.
“The upside is having more personalized experiences, the downside is potential fraud that targets the ‘main’ account, or persona, or avatar, or whatever you call it,” Nguyen says.
He points out individual companies have similar responsibilities they do today, but due to the volume of personal data, the risk is proportionally higher. “All these organizations need to understand the roadmap that is the metaverse in order to adapt their strategies accordingly,” he says. “Just like they had to do with the internet.”
Andrew Barratt, vice president at Coalfire, says a major issue concerns what must be done to ensure that forensic evidence can be retained or obtained by law enforcement.
“It is well known that in-game voice chat has often been used by criminals to organize and communicate due to it not falling into any of the traditional communications windows,” he explains.
He says if someone is committing offenses in a metaverse, law enforcement must be able to ensure the evidence can be collected and the appropriate authorities can make use of it in the jurisdiction it applies.
“My suspicion is that cyber criminals will continue to operate as they do today, and the only targeting of metaverse uses will be if they can extract something of value,” Barratt says.
Using the Metaverse for Training
Broomhead points out the metaverse is already being used for training, including what to do in an active shooter situation -- and is proving to be more effective than other forms of training.
“Likewise, the metaverse has the potential to be used more extensively for cybersecurity awareness training,” he says. “With policing, it can potentially be a very powerful tool for simulating, modelling, and assessing potential threats at a much high speed and more thoroughly than current approaches allow.”
In that way it can significantly reduce the “black swan” type events by assessing and judging even very unlikely situations for their potential cybercrime impact.
Interpol secretary general Jurgen Stock recently said the global police agency is investigating how the organization could police crime in the metaverse -- an endeavor that would also include agent training within virtual worlds.
“This is a start,” Nguyen says. “I’d like to see more organizations consider the broader aspect of the metaverse -- not just VR. Most organizations are overly focused on VR and trying to force-fit value or a use case and missing on the broader potential benefit.”
For example, how would collaborative (multi-sourced) information help police do their job better.
“Maybe different sensor and sensing data in the environment, or near-real time video and content of an environment to help police make better informed decisions because they have a holistic view of the situation,” Nguyen says.
What to Read Next:
How to Tackle Cyberthreats in the Metaverse
About the Author
You May Also Like