WINDING DOWN
An idiosyncratic look at, and comment on, the week's net and technology news
by Alan Lenton
Phew! Back on track with Winding Down after a few very hectic weeks at real life work. It never rains, but it pours. A cascade of problems resulted in a number of late nights for the company's programming team, perhaps compounded by the fact that we all felt in need of a drink after we knocked off for the night...
In the mean time, the summer is definitely over here in the UK. The rain has turned cold, a portent of things to come. No wonder Victorians talked about building an empire as getting 'a place in the sun'.
Since some of the problems I've been dealing with at work relate to online fraud, I thought I'd tell you a bit about fraud on the internet. Although I'm using digital games distribution as an example, it's the same for any online digital distribution, and in the main for any business that takes orders online...
Analysis: Online fraud
The company I work for - and virtually all others in the computer games digital download business - have recently been hit by a wave of fraudulent payments for game activation keys. Since everyone reading this newsletter by definition uses the internet, often to make payments, and have probably had their card or PayPal account refused for no apparent reason, or have suffered from a fraudster using their card, I though it would be worth telling you a little about fraud on the internet.
When people find their card has been used by a fraudster they often ask us to provide information about the people who used their credit cards to fraudulently buy activation keys from our site. Sadly, it's not as simple as it appears at first sight.
The first thing you need to understand is different countries have different laws governing what information people and companies holding personal data can give out. This is a two edged sword that protects you from having your private information dished out to anyone who claims to have a good reason to know that information. Unfortunately, it also protects the bad guys. For instance in the UK, where the company I work for is based, our data protection legislation is drawn up in a way that makes it illegal for us to give out any information without a UK court authorization. This is not a happy situation, but resolving it in a way which protects innocent people's privacy, but not criminal activity, is not easy, and is not likely to not happen any time soon. Other countries have greater or lesser protections, according to their local culture of privacy, and the political policies of their governments.
That said, the situation wouldn't be very much better if we were allowed to hand out the addresses from which cards were used.
The problem is that the fraudster is almost certainly using someone else's computer to cover his or her tracks, and a free internet e-mail account for which there is no ID checking to receive the keys (usually the activation keys for a Steam based, or online, game). There exist on the internet a number of large networks of compromised computers, known as botnets. Some of the bigger ones have millions of computers, all under the control of a small number of central servers.
The days are long past when people who illegally gain access to your computer use that access to delete data or put funny messages up on the screen. Control of someone's computer is much too valuable to be wasted like that. These networks are made up of computers owned by companies and individuals with programs installed which allow the botnet owner to control and use them whenever they are switched on.
The computer's owner is completely unaware of the fact that their computer is being used for criminal activities in this way. The owners of botnets rent out the use of their botnets to people like the fraudsters to use for their criminal activities. For instance if you have access to a million computers and you want to send out 10 million spam e-mails, you only need to send ten from each of the botnet computers, making it far less likely to be noticed by the owner of the computer, or the owner's ISP.
Of course, this would be of little use to those who would like to defraud us, if they didn't have other people's card details. Unfortunately, they do have other people's card details. They get these from people who specialize in obtaining the details of other people's cards (Adam Smith had a thing or two to say about the advantages of a division of labor). There are two ways of getting the details. The first is to use a virus to steal the card details as you type them in - this is called a keylogger. This is the problem that the banks and card issuers are all banging on about, but it's not the real reason why it's so easy for crooks to get their hands on other people's card information.
The second, and more important way to get card information is to break into retailers' computers that hold all their customer credit card details. There have recently been a number of high profile break-ins of the latter sort and as a result the internet is awash with stolen credit card information. Note that this is not the fault of the card owners - it's the fault of the people they have shopped with - and that shopping doesn't even have to be online shopping. Even bricks and mortar retailers keep their customers' credit card info in computers. Because of this, it's currently relatively easy to buy other people's credit card details by the thousand very cheaply on the internet.
Companies like my own, Green Man Gaming, are at the sharp end when it comes to this sort of fraud, especially when we are selling activation keys for online games and games using Steam's facilities. We do our best, but we are faced with people coming from effectively untraceable computers, using 100% accurate credit card information, and with access to hundreds, if not thousands of cards to try out.
Different companies have different strategies for handling these problems. Some may have limits on what you can buy in one purchase or time period. Others limit the way in which you can use a card. Others have even more innovative, and esoteric strategies (and, no, I'm not going to tell you what they are...). No retailer likes doing this - we'd all much rather you spent lots of money with us! Realistically, though, I can't think of many situations where you'd want to buy two triple-A rated games at the same time, or even two versions (say the deluxe and the regular version) of the same game!
So, what should you do if you get hit by fraud?
TELL YOUR BANK/CARD ISSUER/PAYPAL IMMEDIATELY - whichever is appropriate. Do this first, even before you tell the retailer. Your bank will take what ever steps are necessary and normally issue a chargeback notice. This means you will get your money back (subject to whatever are the bank's rules) when the chargeback goes through - which can take anything up to a month, so you may need to be patient.
The fight against fraudsters is ongoing. Every time they find a way around our measures we have to spend time blocking that avenue. It's frustrating, and we'd much rather spend the time making our software more robust and useful, getting new games, brokering new deals so we can give you better prices, and smoothing out the wrinkles in our support system.
Ultimately, the customers are the ones who pay for fraud in the form of higher prices, degraded services and lack of new facilities. If you are defrauded you may be able to get your money back from the bank, but the bank gets its money back from the retailer, who either takes the hit, or who may get it back from the publisher, who in turn may be able to get it back from the studio that developed the game. Whoever pays in this chain, the end result is higher retail prices. I suspect, though, if the buck stopped at the banks (so to speak) things would be somewhat different!
And what of the third and last link in this chain - the person who buys the activation key very cheaply from the fraudster? They are handling stolen goods - the fact that it's a handful of electrons makes no difference. If no one bought stolen keys then there would be no incentive for the fraudsters to steal them in the first place. I suppose you could run a big moral campaign to dissuade people from buying obviously stolen keys.
Frankly though, I think you've got more chance of achieving world peace and thin thighs for everyone...
Shorts:
There was an interesting piece of research on the cell phone carriers published at the end of last month. It seems that the policies being pursued are causing major slowdowns in the transmission of data - up to 50% loss of speed in the case of one major US carrier - and draining phone batteries up to 10% faster than necessary. The reasons for this activity are not clear, and may have been perfectly legitimate.
You also have to also look at this problem in the context of the big boys on the net pushing to store your data online (in the cloud, to use the vernacular) and just use your computer's hard drive as sort of local cache. While on the face of it this seems useful, especially in the light of the growing need for more and more storage, it makes the assumption that ISPs and carriers are going to continue to allow their customers unlimited bandwidth.
We know this isn't the case - virtually all the major, and many of the smaller ISPs are putting in bandwidth caps on their customers' accounts, and as the report indicates the network is killing your not so 'smart' phone. Online storage implies frequent and heavy access to the online storage. Even if the storage is free (and that won't last for ever, either), are ordinary people going to flock to use the cloud as their primary storage if they have to pay significant amounts for cash to use it?
Somehow I don't think online, cloud, storage is going to work in its present form!
http://www.technologyreview.com/communications/38435/page1/
Homework:
I'd like to draw readers' attention to the Stellarium. It's a superb piece of work which shows you the sky at night from anywhere on Earth. Unlike most similar applications you can feed in your own location and time and it will show you an annotated picture of the sky as you see it. Apart from a standard catalog of 600,000 stars, the planets and their satellites, the Milky Way, sunrise and sunset, and optional catalogs with more that 210 million stars, it also has facilities to overlay the constellations from twelve different cultures! I think whoever invented the constellations must have had very vivid imaginations.
This really is a humdinger of a planetarium program, and, as the icing on the cake it's available for Windows, Mac, and as source for Linux. Go take a look!
http://stellarium.org/
Geek Toys:
As you probably know, you can get pizza on the International Space Station. Pizza Hut cracked that one in 2001 when they delivered a pizza to astronauts orbiting the Earth. Now pizza chain Domino's Japanese wing is planning to go one further - a branch on the Moon! This little baby is estimated to cost a cool US$20 billion, and the housing for it has already been designed by an engineering company. I'm not sure who they will deliver to, given the current glacial rate of planning to put people back on the Moon. Still, they won't have any difficulty delivering their pizzas vacuum packed!
http://www.telegraph.co.uk/comment/4262403/Pizza-to-go.html
http://www.telegraph.co.uk/science/space/8734456/Dominos-plans-pizza-on-the-Moon.html
Scanner:
Man sentenced to 14 years for mass credit card theft - $3 million in losses
http://www.theregister.co.uk/2011/09/09/carder_sentenced/
NASA photo: North western Europe at night
http://earthobservatory.nasa.gov/IOTD/view.php?id=51892&src=eoa-iotd
NASA satellite image: Hurrcane Irene's sediment in New York harbor
http://earthobservatory.nasa.gov/IOTD/view.php?id=51975&src=eoa-iotd
What's new Pussycat? iPad apps for cats
http://www.gizmag.com/ipad-cat-apps/19656/
Eating chocolate linked to reduced heart disease risk
http://www.gizmag.com/eating-chocolate-reduce-heart-disease-risk/19711/
Acknowledgements
Thanks to readers Barb, Fi, and to Slashdot's daily newsletter for drawing my attention to material used in this issue.
Please send suggestions for stories to alan@ibgames.com and include the words Winding Down in the subject line, unless you want your deathless prose gobbled up by my voracious Spamato spam filter...
Alan Lenton
alan@ibgames.com
18 September, 2011
Alan Lenton is an on-line games designer, programmer and sociologist, the order of which depends on what he is currently working on! His web site is at http://www.ibgames.net/alan.
Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html.
| 
