Ready Raider One: Exploring the Misuse of Cloud Gaming Services

Cloud gaming has become an emerging computing paradigm in recent years, allowing computer games to offload complex graphics and logic computation to the cloud. To deliver a smooth and high-quality gaming experience, cloud gaming services have invested abundant computing resources in the cloud, including adequate CPUs, top-tier GPUs, and high-bandwidth Internet connections. Unfortunately, the abundant computing resources offered by cloud gaming are vulnerable to misuse and exploitation for malicious purposes. In this paper, we present an in-depth study on security vulnerabilities in cloud gaming services. Specifically, we reveal that adversaries can purposely inject malicious programs/URLs into the cloud gaming services via game mods. Using the provided features such as in-game subroutines, game launch options, and built-in browsers, adversaries are able to execute the injected malicious programs/URLs in cloud gaming services. To demonstrate that such vulnerabilities pose a serious threat, we conduct four proof-of-concept attacks on cloud gaming services. Two of them are to abuse the CPUs and GPUs in cloud gaming services to mine cryptocurrencies with attractive profits and train machine learning models at a trivial cost. The other two are to exploit the high-bandwidth connections provided by cloud gaming for malicious Command & Control and censorship circumvention. Finally, we present several countermeasures for cloud gaming services to protect their valuable assets from malicious exploitation

Cryptocurrencies and future financial crime.

Background: Cryptocurrency fraud has become a growing global concern, with various governments reporting an increase in the frequency of and losses from cryptocurrency scams. Despite increasing fraudulent activity involving cryptocurrencies, research on the potential of cryptocurrencies for fraud has not been examined in a systematic study. This review examines the current state of knowledge about what kinds of cryptocurrency fraud currently exist, or are expected to exist in the future, and provides comprehensive definitions of the frauds identified. Methods: The study involved a scoping review of academic research and grey literature on cryptocurrency fraud and a 1.5-day expert consensus exercise. The review followed the PRISMA-ScR protocol, with eligibility criteria based on language, publication type, relevance to cryptocurrency fraud, and evidence provided. Researchers screened 391 academic records, 106 of which went on to the eligibility phase, and 63 of which were ultimately analysed. We screened 394 grey literature sources, 128 of which passed on to the eligibility phase, and 53 of which were included in our review. The expert consensus exercise was attended by high-profile participants from the private sector, government, and academia. It involved problem planning and analysis activities and discussion about the future of cryptocurrency crime. Results: The academic literature identified 29 different types of cryptocurrency fraud; the grey literature discussed 32 types, 14 of which were not identified in the academic literature (i.e., 47 unique types in total). Ponzi schemes and (synonymous) high yield investment programmes were most discussed across all literature. Participants in the expert consensus exercise ranked pump-and-dump schemes and ransomware as the most profitable and feasible threats, though pump-and-dumps were, notably, perceived as the least harmful type of fraud. Conclusions: The findings of this scoping review suggest cryptocurrency fraud research is rapidly developing in volume and breadth, though we remain at an early stage of thinking about future problems and scenarios involving cryptocurrencies. The findings of this work emphasise the need for better collaboration across sectors and consensus on definitions surrounding cryptocurrency fraud to address the problems identified

Adversarial behaviours knowledge area

The technological advancements witnessed by our society in recent decades have brought improvements in our quality of life, but they have also created a number of opportunities for attackers to cause harm. Before the Internet revolution, most crime and malicious activity generally required a victim and a perpetrator to come into physical contact, and this limited the reach that malicious parties had. Technology has removed the need for physical contact to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio

Distributed Pool Mining and Digital Inequalities, From Cryptocurrency to Scientific Research

Purpose This paper aims to look at shifts in internet-related content and services economies, from audience labour economies to Web 2.0 user-generated content, and the emerging model of user computing power utilisation, powered by blockchain technologies. The authors look at and test three models of user computing power utilisation based on distributed computing (Coinhive, Cryptotab and Gridcoin) two of which use cryptocurrency mining through distributed pool mining techniques, while the third is based on distributed computing of calculations for scientific research. The three models promise benefits to their users, which the authors discuss throughout the paper, studying how they interplay with the three levels of the digital divide. Design/methodology/approach The goal of this article is twofold as follows: first to discuss how using the mining hype may reduce digital inequalities, and secondly to demonstrate how these services offer a new business model based on value rewarding in exchange for computational power, which would allow more online opportunities for people, and thus reduce digital inequalities. Finally, this contribution discusses and proposes a method for a fair revenue model for content and online service providers that uses user device computing resources or computational power, rather than their data and attention. The method is represented by a model that allows for consensual use of user computing resources in exchange for accessing content and using software tools and services, acting essentially as an alternative online business model. Findings Allowing users to convert their devices’ computational power into value, whether through access to services or content or receiving cryptocurrency and payments in return for providing services or content or direct computational powers, contributes to bridging digital divides, even at fairly small levels. Secondly, the advent of blockchain technologies is shifting power relations between end-users and content developers and service providers and is a necessity for the decentralisation of internet and internet services. Originality/value The article studies the effect of services that rely on distributed computing and mining on digital inequalities, by looking at three different case studies – Coinhive, Gridcoin and Cryptotab – that promise to provide value in return for using computing resources. The article discusses how these services may reduce digital inequalities by affecting the three levels of the digital divide, namely, access to information and communication technologies (ICTs) (first level), skills and motivations in using ICTs (second level) and capacities in using ICTs to get concrete benefits (third level)

DDoS Mitigation by Blockchain With Approach of Cost Model

Computer networks and internet services are increasingly threatened by attacks like Distributed Denial-of-Service (DDoS). DDoS attack mitigation techniques now in use are ineffective due to a lack of resources and a lack of adaptability. Using blockchains like Ethereum, DDoS attacks can be thwarted in innovative ways. With smart contracts, it is possible to track down the IP addresses of attackers without additional hardware. This study examines blockchain-based solutions to combat DDoS attacks for feasibility, effectiveness, as well as cost and performance. The cost model delves into economic aspects like gas, gas price, and Ether value. In it, the evaluation of various smart contracts for the signalization of DDoS attacks is documented and compared to assess three system variants, analyzing gas costs, deployment, speed, and accuracy. It also details Ethereum's ecosystem and how that affects smart contract design and it also acknowledges scalability challenges and suggests outsourcing data for a more scalable solution, advocating for specialized blockchains for DDoS signaling applications. The analysis provides insights into the gas costs associated with different variants, considering various scenarios and highlighting the trade-offs and efficiencies of each approach

What the History of Linux Says About the Future of Cryptocurrencies

Since Bitcoin’s meteoric rise, hundreds of cryptocurrencies that people now publicly trade have emerged. As such, the question naturally arises: how have cryptocurrencies evolved over time? Drawing on the theory of polycentric information commons and cryptocurrencies’ historical similarities with another popular information commons (namely, Linux), we make predictions regarding what cryptocurrencies may look like in the future. Specifically, we focus on four important historical similarities: 1) support from online hacker communities, 2) pursuit of freedom, 3) criticism about features and use, and 4) proliferation of forks. We then predict that: 1) cryptocurrencies will become more pragmatic rather than ideological, 2) cryptocurrencies will become more diverse in terms of not only the underlying technology but also the intended audience, and 3) the core technology behind cryptocurrencies, called blockchain, will be successfully used beyond cryptocurrencies

Financial Crimes in Web3-empowered Metaverse: Taxonomy, Countermeasures, and Opportunities

At present, the concept of metaverse has sparked widespread attention from the public to major industries. With the rapid development of blockchain and Web3 technologies, the decentralized metaverse ecology has attracted a large influx of users and capital. Due to the lack of industry standards and regulatory rules, the Web3-empowered metaverse ecosystem has witnessed a variety of financial crimes, such as scams, code exploit, wash trading, money laundering, and illegal services and shops. To this end, it is especially urgent and critical to summarize and classify the financial security threats on the Web3-empowered metaverse in order to maintain the long-term healthy development of its ecology. In this paper, we first outline the background, foundation, and applications of the Web3 metaverse. Then, we provide a comprehensive overview and taxonomy of the security risks and financial crimes that have emerged since the development of the decentralized metaverse. For each financial crime, we focus on three issues: a) existing definitions, b) relevant cases and analysis, and c) existing academic research on this type of crime. Next, from the perspective of academic research and government policy, we summarize the current anti-crime measurements and technologies in the metaverse. Finally, we discuss the opportunities and challenges in behavioral mining and the potential regulation of financial activities in the metaverse. The overview of this paper is expected to help readers better understand the potential security threats in this emerging ecology, and to provide insights and references for financial crime fighting.Comment: 24pages, 6 figures, 140 references, submitted to the Open Journal of the Computer Societ