Posted on Leave a comment

VI6: Network Investigations

Network Investigations

Eoghan Casey, ... Terrance Maguire, in Handbook of Digital Forensics and Investigation, 2010

Publisher Summary

In order to conduct an investigation involving computer networks, practitioners need to understand network architecture, be familiar with network devices and protocols, and have the ability to interpret the various network-level logs. Practitioners must also be able to search and combine large volumes of log data using search tools like Splunk or custom scripts. Digital forensic analysts must be able to slice and dice network traffic using a variety of tools to extract the maximum information out of this valuable source of network-related digital evidence. This chapter provides an overview of network protocols, references to more in-depth materials, and discusses how forensic science is applied to networks. To help investigators interpret and utilize this information in a network-related investigation, this chapter focuses on the most common kinds of digital evidence found on networks, and provides information that can be generalized to other situations. This chapter assumes a basic understanding of network topology and associated technologies. Digital investigators must be sufficiently familiar with network components found in a typical organization to identify, preserve, and interpret the key sources of digital evidence in an Enterprise. This chapter concentrates on digital evidence associated with routers, firewalls, authentication servers, network sniffers, Virtual Private Networks (VPNs), and Intrusion Detection Systems (IDS).

Overview of Enterprise Networks

Digital investigators must be sufficiently familiar with network components found in a typical organization to identify, preserve, and interpret the key sources of digital evidence in an Enterprise. This chapter concentrates on digital evidence associated with routers, firewalls, authentication servers, network sniffers, Virtual Private Networks (VPNs), and Intrusion Detection Systems (IDS). This section provides an overview of how logs from these various components of an Enterprise network can be useful in an investigation. Consider the simplified scenario in Figure 9.1 involving a secure server that is being misused in some way.

Logs generated by network security devices like firewalls and IDSs can be a valuable source of data in a network investigation. Access attempts blocked by a firewall or malicious activities detected by an IDS may be the first indication of a problem, alarming system administrators enough to report the activity to digital investigators. As discussed in Chapter 4, “Intrusion Investigation,” configuring firewalls to record successful access as well as denied connection attempts gives digital investigators more information about how the system was accessed and possibly misused. By design, IDS devices only record events of interest, including known attack signatures like buffer overflows and potentially malicious activities like shell code execution. However, some IDSs can be configured to capture the full contents of network traffic associated with a particular event, enabling digital forensic analysts to recover valuable details like the commands that were executed, files that were taken, and the malicious payload that was uploaded as demonstrated later in this chapter.

Routers form the core of any large network, directing packets to their destinations. As discussed in the NetFlow section later in this chapter, routers can be configured to log summary information about every network connection that passes through them, providing a bird's eye view of activities on a network. For example, suppose you find a keylogger on a Windows server and you can determine when the program was installed. Examining the NetFlow logs relating to the compromised server for the time of interest can reveal the remote IP address used to download the keylogger. Furthermore, NetFlow logs could be searched for that remote IP address to determine which other systems in the Enterprise were accessed and may also contain the keylogger. As more organizations and ISPs collect NetFlow records from internal routers as well as those at their Internet borders, digital investigators will find it easier to reconstruct what occurred in a particular case.

Digital investigators may be able to obtain full network traffic captures, which are sometimes referred to as logging or packet capture, but are less like a log of activities than like a complete videotape of them—recorded network traffic is live, complete, and compelling. Replaying an individual's online activities as recorded in a full packet capture can give an otherwise intangible sequence of events a very tangible feel.

Authentication servers form the heart of most enterprise environments, associating activities with particular virtual identities. Logs from RADIUS and TACACS servers, as well as Windows Security Event logs on Domain Controllers, can help digital investigators attribute activities to a particular user account, which may lead us to the person responsible.

Practitioner's Tip: Virtual Identities

Because user accounts may be shared or stolen, it is not safe to assume that the owner of the user account is the culprit. Therefore, you are never going to identify a physical, flesh-and-blood individual from information logs. The universe of digital forensics deals with virtual identities only. You can never truly say that John Smith logged in at 9:00 am, only that John Smith's account was authenticated at 9:00 am. It is common, when pursuing an investigation, to conflate the physical people with the virtual identities in your mind and in casual speech with colleagues. Be careful. When you are presenting your findings or even when evaluating them for your own purposes, remember that your evidence trail will stop and start at the keyboard, not at the fingers on the keys. Even if you have digital images from a camera, the image may be consistent with the appearance of a particular individual, but as a digital investigator you cannot take your conclusions any farther.

As discussed later in this chapter, VPNs are often configured to authenticate via RADIUS or Active Directory, enabling digital investigators to determine which account was used to connect. In addition, VPNs generally record the remote IP address of the computer being used to connect into the network, as well as the internal IP address assigned by the VPN to create a virtual presence on the enterprise network. These VPN logs are often critical for attributing events of concern within an organization to a particular user account and remote computer.

Practitioner's Tip: Tracking Down Computers within a Network

When a computer is connected to a network it needs to know several things before it can communicate with a remote server: its own IP address, the IP address of its default router, the MAC address of its default router, and the IP address of the remote server. Many networks use the Dynamic Host Configuration Protocol (DHCP) to assign IP addresses to computers. When a networked system that uses DHCP is booted, it sends its MAC address to the DHCP server as a part of its request for an IP address. Depending on its configuration, the server will either assign a random IP address or a specific address that has been set aside for the MAC address in question. In any event, DHCP servers maintain a table of the IP addresses currently assigned.

DHCP servers can retain logs to enable digital investigators to determine which computer was assigned an IP address during a time of interest, and potentially the associated user account. For instance, the DHCP lease in Table 9.1 shows that the computer with hardware address 00:e0:98:82:4c:6b was assigned IP address 192.168.43.12 starting at 20:44 on April 1, 2001 (the date format is weekday yyy/mm/dd hh:mm:ss where 0 is Sunday).

Table 9.1. DHCP Lease

lease 192.168.43.12 {starts 0 2001/04/01 20:44:03;ends 1 2001/04/02 00:44:03;hardware ethernet 00:e0:98:82:4c:6b;uid 01:00:e0:98:82:4c:6b;client-hostname "oisin";}

Some DHCP servers can be configured to keep an archive of IP address assignments, but this practice is far from universal. Unless you are certain that archives are maintained, assume that the DHCP history is volatile and collect it as quickly as possible.

A DHCP lease does not guarantee that a particular computer was using an IP address at a given time. An individual could configure another computer with this same IP address at the same time, accidentally conflicting with the DHCP assignment or purposefully masquerading as the computer that originally was assigned this IP address via DHCP. The bright side is that such a conflict is often detected and leaves log records on the systems involved.

The same general process occurs when an individual connects to an Internet Service Provider (ISP) via a modem. Some ISPs record the originating phone number in addition to the IP address assigned, thus enabling investigators to track connections back to a particular phone line in a house or other building.

Obtaining additional information about systems on the Internet is beyond the scope of this chapter. See Nikkel (2006) for a detailed methodology on documenting Internet name registry entries, Domain name records, and other information relating to remote systems.

Posted on Leave a comment

VI5: A survey of identity and handoff management approaches for the future Internet

A survey of identity and handoff management approaches for the future Internet

Hasan Tuncer, ... Nirmala Shenoy, in Computer Communications, 2012

Abstract

Since its inception almost 40 years ago, the Internet has evolved and changed immensely. New technology solutions are desired to keep up with this unprecedented growth. Besides the traditional computing devices, different types of mobile devices need to be supported by the future Internet architecture. In this work, a survey of identity and handoff management solutions proposed in future Internet architectures is presented. Mobility protocols developed by the Internet Engineering Task Force initiatives are discussed to give the background on the user mobility support challenges with the current architecture. The next generation network architectures supported by global initiatives are presented and analyzed in terms of their support for seamless user and device mobility. Furthermore, this survey is extended to include the architectures proposed for wireless mesh networks, which are envisioned to be a part of the next generation networks with their self organizing and self configuring network characteristics.

4.5.1 Identity management in DAIDALOS

DAIDALOS architecture supplies Virtual Identity (VID) Framework in which a profile of an entity (single user or group of users) may stem from contracts with different networks and services. Subsets of this entity profile are called entity profile views, that are the virtual IDs of the entity. A user can choose the virtual identity – service provider mapping. After virtual identity is confirmed by the service provider, the entity gets an IP address tied to that virtual identity [59]. Virtual identity concept requires ID-Broker, that supplies entity’s location to correspondent node and proxies the request to the entity and ID-Manager. ID-Manager provides interface for creating, managing, and destroying virtual identities by abstracting entity’s physical interfaces.

DAIDALOS also provides Virtual MAC infrastructure, which enables an entity to have two or more virtual identities bind to one physical interface to be able to access different providers. These virtual identities can be expanded to the relationships between banks, governmental institutions, operators, and service providers.

Posted on Leave a comment

VI4: N00bz inworld

N00bz inworld

Woody Evans, in Information Dynamics in Virtual Worlds, 2011

Abstract

The initial experiences in virtual worlds mirror other types of initiation, and these experiences can be understood as analogs to rites of passage. Gender and identity impact the initiation experience. Many games include storytelling techniques to encourage the newcomer to quickly buy-in to the new world. Non-game spaces use more passive techniques, but also attempt to initiate newcomers.

Gendered initiation

One of the most important differences between Real Life initiation and inworld initiation, and one of the hardest to ignore, is the factor of gender.

Here we might take issue with Judith Butler’s claim that there’s no such thing as essential gender identity. She says that no gender-based identity exists ‘behind the expressions of gender’, and that the expression itself is more important than any sense of male/female identity. ‘Identity is performatively constituted by the very “expressions” that are said to be its results’ (1999: 33).

In virtual worlds, the perspective that gender is constructed and performed rather than inherent (see also the work of Anne FaustoSterling, C. J. Pascoe, and Anne Balsamo) get more mileage. The identity problems inherent in online communities and virtual worlds make initiation as we usually understand it – which is almost always gendered – decidedly de-sexed. Newbies pick the gender they wish to perform almost as lightly as they pick the colors of their garments, their beard particularities, or their shoe styles.

Yet gender isn’t (can’t be) obviated by virtual identities. For one thing, the person behind the avatar has a gender of some kind. For another, the avatar has its own gender; in fact, the division between genders is often more cartoonishly distinct in virtual worlds than it ever could be in Real Life (think big BIG bosoms and broad BROAD hips for the ladies; wide shoulders and grim-set jaws for the lads). There’s very little that’s either fey or butch in avatars, and that’s true in virtual worlds that build in clear gender differences (like Guild Wars) as well as in worlds that allow a lot of flexibility about look and build and sexual characteristics (like Second Life). Even so, we see in Second Life a lite attitude toward gender because of the inherent transcience built into avatars; avatars are mutable. In this way, we see in Second Life something of the values reflected by Kellee Santiago in building Cloud, which was ‘dedicated to creating an emotionally rich, age[less] and genderless game experience’ (Kafai et al., 2008: 170). Queer Theory isn’t equipped for Samus Aran.

Sex is fundamental to human identity (which is why Queer Theory, with its insistence on the mutability of sexual identity, is so important), and initiation universally happens to individuals who are seen either as boys or girls (for puberty rites), or as men or women (for other kinds of initiations, later life passages, joining organizations, etc.). We may except cases of physical sexual ambiguity (hermaphrodites) or ‘third genders’ (such as the ‘two-spirit’ shamans of Native American tribes).

Victor Turner takes pains to point out the differences between the male and female initiation rites of the Ndembu people of Zambia in the 1960s. ‘Although both boys and girls,’ he says, ‘undergo initiation ceremonies, the form and purpose of the ceremonies differ widely in either case. Boys, for instance, are circumcised, but there is no cliterodectomy of girls. Boys are initiated collectively, girls individually . . .’ (1967). The differences between the purposes and comportment of male and female initiations he spells out in some detail. Again, gender provides order for initiation into the full agency of adulthood.

Those symbols of initiation (the passages, the thresholds, the stairways) that Eliade reminds us run rampant at home and office? Turns out that these symbols are quite common in virtual worlds too. Next we’ll examine the induction period, the initiation into a new identity, in virtual worlds in detail and see which elements inworld provide insight into the issues of initiatory symbols.

Posted on Leave a comment

VI3: Philosophy of Computing and Information Technology

Philosophy of Computing and Information Technology

Philip Brey, Johnny Hartz Søraker, in Philosophy of Technology and Engineering Sciences, 2009

Philosophy has been described as having taken a “computational turn,” referring to the ways in which computers and information technology throw new light upon traditional philosophical issues, provide new tools and concepts for philosophical reasoning, and pose theoretical and practical questions that cannot readily be approached within traditional philosophical frameworks. As such, computer technology is arguably the technology that has had the most profound impact on philosophy. Philosophers have studied computer technology and its philosophical implications extensively. Philosophers have discovered computers and information technology (IT) as research topics, and a wealth of research is taking place on philosophical issues in relation to these technologies. The research agenda is broad and diverse. Issues that are studied include the nature of computational systems, the ontological status of virtual worlds, the limitations of artificial intelligence, philosophical aspects of data modeling, the political regulation of cyberspace, the epistemology of Internet information, ethical aspects of information privacy and security, and many more.

5.6 Cyborgs and virtual subjects

Information technology has become so much part of everyday life that it is affecting human identity (understood as character). Two developments have been claimed to have a particularly great impact. The first of these is that information technologies are starting to become part of our bodies and function as prosthetic technologies that take over or augment biological functions, turning humans into cyborgs, and thereby altering human nature. A second development is the emergence of virtual identities, which are identities that people assume online and in virtual worlds. This development has raised questions about the nature of identity and the self, and their realization in the future.

Philosophical studies of cyborgs have considered three principal questions: the conceptual question of what a cyborg is, the interpretive and empirical question of whether humans are or are becoming cyborgs, and the normative questions of whether it would be good or desirable for humans to become cyborgs. The term “cyborg” has been used in three increasingly broad senses. The traditional definition of a cyborg, is that of a being composed of both organic and artificial systems, between which there is feedback-control, with the artificial systems closely mimicing the behavior of organic systems. On a broader conception, a cyborg is any individual with artificial parts, even if these parts are simple structures like artificial teeth and breast implants. On a still broader conception, a cyborg is any individual who relies extensively on technological devices and artifacts to function. On this conception, everyone is a cyborg, since everyone relies extensively on technology.

Cyborgs have become a major research topic in cultural studies, which has brought forth the area of cyborg theory, which is the multidisciplinary study of cyborgs and their representation in popular culture [Gray, 1996]. In this field the notion of the cyborg is often used as a metaphor to understand aspects of contemporary — late modern or postmodern — society's relationship to technology, as well as to the human body and the self. The advance of cyborg theory has been credited to Donna Haraway, in particular her essay “Manifesto for Cyborgs” [Haraway, 1985]. Haraway claims that the binary ways of thinking of modernity (organism-technology, man-woman, physical-nonphysical and fact-fiction) traps beings into supposedly fixed identities and oppresses those beings (animals, women, blacks, etc.) who are on the wrong, inferior side of binary oppositions. She believes that the hybridization of humans and human societies, through the notion of the cyborg, can free those who are oppressed by blurring boundaries and constructing hybrid identities that are less vulnerable to the trappings of modernistic thinking (see also [Mazlish, 1993]).

Haraway believes, along with many other authors in cyborg theory (cf. [Gray, 2004; Hayles, 1999]) that this hybridization is already occurring on a large scale. Many of our most basic concepts, such as those of human nature, the body, consciousness and reality, are shifting and taking on new, hybrid, informationalized meanings. Coming from the philosophy of cognitive science Andy Clark [2003] develops the argument that technologies have always extended and co-constituted human nature (cf. [Brey, 2000]), and specifically human cognition. He concludes that humans are “natural-born cyborgs” (see also the discussion of Clark in Section 3.6).

Philosophers Nick Bostrom and David Pearce have founded a recent school of thought, known as transhumanism that shares the positive outlook on the technological transformation of human nature held by many cyborg theorists [Bostrom, 2005; Young, 2005]. Transhumanists want to move beyond humanism, which they commend for many of its values but which they fault for its belief in a fixed human nature. They aim at increasing human autonomy and happiness and eliminate suffering and pain (and possibly death) through human enhancement. Thus achieving a trans- or posthuman state in which bodily and cognitive abilities are augmented by modern technology.

Critics of transhumanism and human enhancement, like Francis Fukuyama, Leon Kass, George Annas, Jeremy Rifkin and Jürgen Habermas, oppose tinkering with human nature for the purpose of enhancement. Their position that human nature should not be altered through technology has been called bioconservatism. Human enhancement has been opposed for a variety of reasons, including claims that it is unnatural, undermines human dignity, erodes human equality, and can do bodily and psychological harm [DeGrazia, 2005]. Currently, there is an increasing focus on ethical analyses of specific enhancements and prosthetic technologies that are in development, including ones that involve information technology [Gillett, 2006; Lucivero and Tamburrini, 2008]. James Moor [2004] has cautioned that there are limitations to such ethical studies. Since ethics is determined by one's nature, he argues, a decision to change one's nature cannot be settled by ethics itself.

Questions concerning human nature and identity are also being asked anew because of the coming into existence of virtual identities [Maun and Corruncker, 2008]. Such virtual identities, or online identities, are social identities assumed or presented by persons in computer-mediated communication and virtual communities. They usually include textual descriptions of oneself and avatars, which are graphically realized characters over which users assume control. Salient features of virtual identities are that they can be different from the corresponding real-world identities, that persons can assume multiple virtual identities in different contexts and settings, that virtual identities can be used by persons to emphasize or hide different aspects of their personality and character, and that they usually do not depend on or make reference to the user's embodiment or situatedness in real life. In a by now classical (though also controversial) study of virtual identity, psychologist Sherry Turkle [1995] argues that the dynamics of virtual identities appear to validate poststructuralist and postmodern theories of the subject. These hold that the self is constructed, multiple, situated, and dynamical. The next step to take is to claim that behind these different virtual identities, there is no stable self, but rather that these identities, along with other projected identities in real life, collectively constitute the subject.

The dynamics of virtual identities have been studied extensively in fields like cultural studies and new media studies. It has been mostly assessed positively that people can freely construct their virtual identities, that they can assume multiple identities in different contexts and can explore different social identities to overcome oppositions and stereotypes, that virtual identities stimulate playfulness and exploration, and that traditional social identities based on categories like gender and race play a lesser role in cyberspace [Turkle, 1995; Bell, 2001]. Critics like Dreyfus [2001] and Borgmann [1999], however, argue that virtual identities promote inauthenticity and the hiding of one's true identity, and lead to a loss of embodied presence, a lack of commitment and a shallow existence. Taking a more neutral stance, Brennan and Pettit [2008] analyze the importance of esteem on the Internet, and argue that people care about their virtual reputations even if they have multiple virtual identities. Matthews [2008], finally, considers the relation between virtual identities and cyborgs, both of which are often supported and denounced for quite similar reasons, namely their subversion of the concept of a fixed human identity.

Posted on Leave a comment

VI2: Cyber personalities in adaptive target audiences

Cyber personalities in adaptive target audiences

Miika Sartonen, ... Jussi Timonen, in Emerging Cyber Threats and Cognitive Vulnerabilities, 2020

Abstract

Target audience analysis (TAA) is an essential part of any influence operation. To convey a change in behaviour, the overall target population is systematically segmented into target audiences (TAs) according to their expected responsiveness to different types of influence and messages, as well as their expected ability to behave in a desired way.

The cyber domain poses a challenge to traditional TAA methods. Firstly, it is vast, complex and boundless, requiring effective algorithms to filter out relevant information within a meaningful timeframe. Secondly, it is constantly changing, representing a meshwork in formation, rather than a stable collection of TAA-specific data. The third challenge is that the TA consists not of people but of digital representations of individuals and groups, whose true identity, characteristics or location cannot usually be verified.

To address these challenges, the authors of this chapter suggest that the concept of TAA has to be revised for use in the cyber domain. Instead of trying to analyze physical people through the cyber interface, the authors have conceptualized an abstract entity whose physical identity might not be known but whose behavioural patterns can be observed in the cyber environment. These cyber personalities (some of which can be artificial in nature) construct and share their honest interpretation of reality, as well as their carefully planned narratives in the digital environment. From the viewpoint of TAA, the only relevant quality of these entities is their potential ability to contribute to the objectives of an influence operation.

As a first step, this chapter examines the cyber domain through a five-layer structure and looks at what TAA-relevant data are available for analysis. The authors also suggest a way of analyzing cyber personalities and their networks within adaptive TAs, to conduct a TAA that more effectively supports influence operations in the cyber domain.

Syntactic layer

The syntactic layer consists of the software that operates the devices of the physical layer (Sartonen et al., 2016). The corresponding cyber personality aspect is a virtual identity: a local user account on a computer or device. In other words, once a cyber personality starts using a new device (computer, mobile phone), a virtual identity has been created in the syntactic layer. A single virtual identity can provide access to multiple network identities, such as e-mail addresses or cloud-based user IDs, and can thus be the means of connecting multiple network identities to a single cyber personality. Linking a physical device, such as a computer on a campus or in a working place, to a virtual identity also provides demographic information about the physical identity of a cyber personality. The browser used by the cyber personality is also a good source of information. It can leave traces of past browsing and other information (such as user agent and operating system) (Wang, Lee, & Lu, 2016).

Again, conversely, supposing we have established a possible connection between the physical as well as the virtual identities of a cyber personality, we can assess the likelihood of the connection being real by comparing the information on both levels. Is the network usage pattern as expected and does it correspond with the physical trajectory? If there are discrepancies, it is possible that the cyber personality is fraudulent, such as an automated social media bot that is not utilizing a browser and is only focussing on application programming interface (Chu, Gianvecchio, Wang, & Jajodia, 2012). Discrepancies can also occur if a cyber personality uses different techniques, such as encryption (Gupta, Gupta, & Singhal, 2014) and TOR network (Haraty & Zantout, 2014), to avoid detection.

Posted on Leave a comment

VI1: Technology Changes Rapidly; Humans Don’t

Technology Changes Rapidly; Humans Don't

Tharon W. Howard, in Design to Thrive, 2010

Abstract

The RIBS heuristic are essential to better understand how to design sustainable social networks and online communities. This final chapter is designed to afford network architects and community designers a better view both of RIBS and of external forces in the social media landscape. Social networks and online communities have the potential to effect economic, political, and social changes far beyond the expectations of their designers, and that kind of “success” can ironically threaten the sustainability of a community. When social media begin to impact larger institutions, such as the election of government officials, intellectual property laws, religious institutions, educational settings, and other established institutions of literate cultures, then a battle for control ensues. The issues resulting from such clashes can destroy communities whose leaders lack a means of understanding and anticipating the conflicts. This chapter explores four areas of the future that history suggests are likely to be the social networking battlefield of the future. These four areas are copyrights and intellectual property; disciplinary control vs. individual creativity; visual, technological, and new media literacies; and decision-making contexts for future markets. One can use RIBS as an analytical tool on existing communities in order to assess the health of their community's interactions.

Ownership and control of virtual identities

Control of an individual's virtual identity is yet another example of this future intellectual property battlefield. In this book, I've talked a lot about Blizzard's extraordinarily successful game, World of Warcraft (WoW). I've talked about how WoW players have an incredible investment in the avatars they create. Players spend months, years even, creating their avatars, collecting different weapons, armor, articles of clothing, and so on by playing the game. And, as shown in Chapter 6 with the character Justus, WoW players invest a lot of their real identities in the characters they create. For most of them, that avatar belongs to them; they made it and they invested significant resources in its creation. This is also true for users of the social network Second Life. They also identify with their avatars so strongly that users are living a “second life” through those avatars as well as the spaces they create. For WoW and Second Life users, their avatars are their virtual identities. So if these users want to share an image of their virtual selves with others, they should be able to do so, right?

Wrong. They can't share their virtual identities because (1) screen captures are considered “derivative works” and (2) because Blizzard owns World of Warcraft and Linden Labs owns Second Life. Blizzard had hundreds of artists, designers, and programmers create the armor, weapons, clothing, and mounts that players collect. As a result, they own the game and any derivative works that come from it. If a player wished, for example, to create a line of t-shirts and posters with her avatar on the front that she would sell through, say, Café Press, then Blizzard could sue for copyright infringement. And again, this makes sense from Blizzard's perspective, as the company provided all the artwork and software required to derive that particular avatar's configuration. But from the player's perspective, the avatar is her virtual self; it's who she is in that world. In the real world, she might wear Lee blue jeans to work every day; that doesn't mean she has to give Lee a cut of her salary or, to carry the analogy further, that Lee has the right to tell her she can't go to that particular job because she's wearing jeans they designed.

Ownership of purchasing identities

Beacon was an application that would tell other users on Facebook what products and services an individual was purchasing. The idea, presumably, was that knowing what videos your friends were renting, what movie tickets they were purchasing, and what video games they were buying would encourage you to make similar purchase decisions. However, the loss of control over the information being revealed about a user's Facebook identity infuriated large numbers of Facebook users who brought a class action lawsuit against Beacon, Blockbuster, Fandango, Overstock, Gamefly, Hotwire, and a small number of other companies who had partnered with Beacon to provide the service. In this case, the virtual identity wasn't an image or an avatar, it was the ability to control the story or picture of an individual that emerged through his or her purchasing decisions. The virtual identity in this case may be less tangible than an avatar, yet users’ need to own and control it is no less passionate.