Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label 3D Secure. Show all posts

INTERPOL Fights Virtual Crime in the Metaverse

 


Could the future of law enforcement lie in the virtual world? In a pioneering move, INTERPOL established the INTERPOL Metaverse Expert Group in October 2023, aiming to enhance security in the emerging digital world known as the Metaverse. This virtual space, described as a 3D online environment where users interact through avatars, has raised concerns about potential crimes like grooming, radicalization, and cyber-attacks on critical infrastructure.

The INTERPOL Metaverse Expert Group is a collaboration involving INTERPOL member countries, governments, the private sector, academia, and international organizations. Their goal is to make the Metaverse secure by design. While the Metaverse holds promise for transforming various aspects of our lives, it faces challenges such as inadequate infrastructure, privacy concerns, jurisdictional ambiguity, and cybersecurity threats.

One key recommendation from INTERPOL is the integration of artificial intelligence (AI) for predictive policing. However, there are concerns about the legal and ethical implications of relying too heavily on AI. Potential privacy violations and biases, particularly towards marginalized groups, raise red flags. The call for caution emphasises the need for checks and safeguards when using AI-based predictive policing.

Another legal dilemma in the Metaverse revolves around avatars – the digital representations of users. Questions arise about who controls AI-based avatars and their legal status. A recent case in South Korea, where a man was jailed for generating illicit content using AI, highlights the complexity of addressing legal issues tied to avatars.

The report also addresses the challenge of interoperability, emphasising the need for universal protocols to enable seamless interactions across different virtual spaces. Professor Subhajit Basu from the University of Leeds stresses the importance of collaboration between tech companies, governments, and international organizations to establish these protocols while respecting legal jurisdictions.

Basu points out that a significant aspect of the legal framework involves data protection and privacy. As users move their data within the Metaverse, comprehensive legal measures aligned with regulations like Europe's GDPR become crucial.

The INTERPOL report underscores the Metaverse's potential for immersive law enforcement training. However, it highlights complex governance issues and international laws. To bridge these gaps, the report suggests regular policy reviews to adapt to the evolving landscape of the Metaverse.

Recognizing the multi-jurisdictional nature of the Metaverse, the report emphasizes the need for a holistic approach involving collaboration between various stakeholders for an effective response to metacrime. This approach ensures engagement across borders and organizations, essential for navigating the intricate challenges posed by the Metaverse.

INTERPOL’s efforts to address Metaverse-related crimes mark a significant step towards ensuring a secure and responsible digital future. As the Metaverse continues to evolve, the call for collaboration and proactive policies becomes crucial for effective law enforcement and protection of users' rights and privacy.



Cybercriminals Finding Ways to Bypass 3D Secure

 


Security researchers with threat intelligence firm Gemini Advisory say that they have noticed dark web exercises identified with bypassing 3D Secure (3DS), which is intended to improve the security of online credit and debit card transactions. Designed as an additional protection layer for these transactions, 3DS has seen a few releases, with the recent one, namely version 2.0, likewise intended to accommodate cell phones, allowing for authentication using a fingerprint or facial recognition. 

In addition to different social engineering strategies that assailants can use to go around 3DS, phishing and scam pages permit them to fool victims into revealing their card details and payment verification information. Gemini's security researchers say that vulnerabilities in prior renditions of 3DS might have been abused to bypass security. The utilization of a password for the transaction was one of these issues, as this was sometimes a personal identification number (PIN) that cybercriminals had been able to acquire utilizing different methods. 

Utilizing different social engineering methods, for example, impersonating bank representatives, cybercriminals can collect a great deal of data from victims, including name, ID number, telephone number, physical and email address, mother's maiden name, driver's license numbers, and such. Armed with some personally identifiable information (PII), the assailant could fool the victim into sharing additional details. 

One technique suggested by some cybercriminals for bypassing 3DS includes calling up the victim from a telephone number that spoofs the number on the rear of the payment card and fooling them into verifying a transaction currently being made by the fraudster by claiming it is needed for identity verification purposes. The utilization of phishing sites that copy real online shops can likewise permit hackers to gather the victims' card data and trick them into approving a payment employing 3DS. Sometimes, the attackers may utilize malware to target clients' cell phones and recover 3DS verification codes.

“The older versions of 3DS, such as version 1.0 (which is still widely used around the world), are susceptible to hackers who find ways to bypass their security features. Gemini Advisory assesses with moderate confidence that cybercriminals will likely continue to rely on social engineering and phishing to bypass 3DS security measures,” Gemini concludes.