Now you should be very careful and aware of your surroundings not only when you walk at night on a dark street, but also when you walk onine in a computer game.

A Chinese exchange student was arrested in Japan last week for using
bots to run virtual stick-ups in the Lineage II: The Chaotic Chronicle
online game, stealing items from players then reselling them on eBay.

The Chinese student used online game bots to beat up and rob other players’ characters - all in an online world. The items, according to the Japanese police (in the real world, this time) included "Earring of Wisdom" or the "Shield of Nightmare" and were then resold over eBay (in the real world, again.) Sounds confusing? The line between virtual and real cash is almost all gone as players buy and sell virtual items on eBay, and at the same time crimes occurring in either world (real or virtual) have an implication in the other one.

I am not sure of how Japanese courts would consider their jurisdiction over crimes committed by a bot in a virtual world, but it certainly makes an interesting argument by both defense and prosecution. To make an analogy with US criminal procedure, how to you authenticate, for example,  the chain of evidence of the stolen items? It may be not that hard in this particular case but it does not require a stretch to imagine a situation where the lines between the virtual crime and real world prosecution will disappear.

Symantec may be on to something,

Computer hackers seeking financial gain rather than thrills or notoriety are increasingly flooding the Internet with malicious software code, according to a semi-annual report from security company Symantec. [Via ZDNet -]

Yes, there is a shift in who the virus/worm/trojan/spyware/etc writers are - no longer is impress a girl from high-school a motive to write a descrictive virus. The times are changing and more and more computer crimes are done by organized crime groups with increasingly sophisticated methods.

What should our response be? To start with, our perception of the hacker as a teenager with thick glasses sitting behind a green monitor should change to reflect reality - hackers are organized criminals, with malicious motives, sophisticated tools, and, sometimes, dangerous in the physical world. No longer is a slap on the wrist adequate punishment for releasing a worm, or for hacking into a government network. No longer can a government enact a domestic statute prohibiting and criminalizing an activity and hope that the result will follow - the anonymity of the Internet and the lack of uniform international criminal laws allows cyber criminals to launch attacks from a "safe country" many time zones away.

Not necessarily illegal under current laws, but highly annoying and potentially dangerous practice by online scammers is gaining speed and attention. Typosquatters are people who register a domain name which is just a slight variation (usually misspelling) of a famous domain name hoping to attract users inadvertently misspell the name of a large or popular domain name. After being shown a page full of sponsored links, often provided by Google AdSense, the user often clicks on one of the paid links and generates a profit for the typosquatter.

Typosquatters register hundreds or thousands of domain names with variations of popular domains hoping to attract a larger number of users and obtain a larger profit of misspelled domain names. While in most cases there is no damage to the user (who only has to make an extra click to go to the desired site,) a typosquatter can easily deliver a page that looks like the intended domain and then possibly phish the users to submit personal or financial information.

The individual companies and domain name owners have little recourse other than buy the domain names themselves (if they thought about this early enough) or fight the typosquatter under the domain registrar agreements (usually arbitration) for each domain name - a costly and time-consuming endeavor, considering the amount of typosquatted domain names that an organization might have.