With the growth of the Metaverse, a new arena for crime is emerging – Metacrime. Companies can be affected in different ways. In collaboration, attackers can intercept, manipulate, delete, or inject data undetected through man-in-the-middle attacks by eavesdropping and spying. They can use deepfake technologies to imitate real people and use fake avatars for illegal activities. By stealing virtual identities, they can gain unauthorized access to virtual assets, conduct criminal transactions, or use token systems for fraud. Intellectual property involves the misuse of protected trademarks, designs, or copyrights in the virtual space. There is hardly any illegal activity in the real economy that could not be transferred to the virtual economic space.
How to investigate Metacrime? To identify, analyze, and prove legal violations in the Metaverse, companies should also consider measures from the real and digital economy. This includes undercover participation by investigators in virtual sessions (e.g., sales events) or setting up a virtual sham business. Numerous tools are available for recording virtual interactions, such as the integrated recording functions of VR systems and platforms, PC-based recording software, external recording devices, or software for recording interactions that capture motion data, controller inputs, and other metrics. To make evidence from the virtual space legally binding, it must be notarized, with the different legal systems of the involved countries playing a role. The location of the server is decisive.
Metacrime investigators should try to retrieve data from VR headsets and haptic devices, obtain it from VR service providers, or recover it from the infrastructure of the Metaverse. Virtual forensics, in the form of platform and server forensics, focuses on the collection, recovery, and analysis of data available in devices such as computers, servers, routers, and networks. This includes control data from avatars as well as audio and video data, which fall under the respective national data protection laws, such as the Chinese Personal Information Protection Law (PIPL).
Common methods of evidence collection include analyzing operating systems through the examination of system logs, file systems, memory images, or other system components, as well as examining network traffic and protocols. This can identify unauthorized access or anomalies. We recommend focused investigation of activities within specific applications, such as virtual shops or VR collaborations in product development. It is important to comply with the prescribed legal procedures when requesting data from Metaverse service providers.
Image from KI
China Intellectual Property Blog 