/ 12 December 2013

Gamers spook world of spycraft

Trap: The operations have raised concerns about the privacy of people who immerse themselves in the virtual world.
Trap: The operations have raised concerns about the privacy of people who immerse themselves in the virtual world.

To the United States's National Security Agency (NSA) analyst writing a briefing to his superiors, the situation was clear: their current surveillance efforts were lacking something. The agency's impressive arsenal of cable taps and sophisticated hacking attacks was not enough. What it really needed was a horde of undercover Orcs.

That vision of spycraft sparked a concerted drive by the NSA and its sister agency in the United Kingdom, the Government Communications Headquarters (GCHQ), to infiltrate the massive communities playing online games, according to secret documents disclosed by whistle-blower Edward Snowden.

The files were obtained by the Guardian and were published this week in partnership with the New York Times and ProPublica.

The agencies, the documents show, have built mass-collection capabilities against the Xbox Live console network, which boasts more than 48-million players. Real-life agents have been deployed into virtual realms, from those Orc hordes in World of Warcraft to the human avatars of Second Life. There were attempts, too, to recruit potential informants from the games' tech-friendly users. Online gaming is big business, attracting tens of millions of users worldwide who inhabit their digital worlds as make-believe characters, living and competing with the avatars of other players. What the intelligence agencies feared, however, was that, among these clans of innocent elves and goblins, terrorists were lurking.

The NSA document, written in 2008 and titled Exploiting Terrorist Use of Games & Virtual Environments, stressed the risk of leaving games communities under-monitored, describing them as a "target-rich communications network" where intelligence targets could "hide in plain sight".

Games, the analyst wrote "are an opportunity!". According to the briefing notes, so many different US intelligence agents were conducting operations inside games that a "deconfliction" group was required to ensure they weren't spying on, or interfering with, each other.

If properly exploited, games could produce vast amounts of intelligence, according to the NSA document. They could be used as a window for hacking attacks, to build pictures of people's social networks through "buddylists and interaction", to make approaches by undercover agents, and to obtain target identifiers (such as profile photos), geolocation and collection of communications.

The ability to extract communications from talk channels in games would be necessary, the NSA paper argued, because of the potential for them to be used to communicate anonymously: Second Life was en-abling anonymous texts and planning to introduce voice calls, and game noticeboards could, it says, be used to share information on the web addresses of terrorism forums.

But the documents contain no indication that the surveillance foiled any terrorism plots, nor is there any clear evidence that terror groups were using the virtual communities to communicate as the intelligence agencies confidently predicted.

The operations raise concerns about the privacy of gamers. It is unclear how the agencies accessed their data, or how many communications were collected. Nor is it clear how the NSA ensured that it was not monitoring innocent Americans whose identity and nationality may have been concealed behind their virtual avatar.

The California-based producer of World of Warcraft said neither the NSA nor the GCHQ had sought its permission to gather intelligence inside the game.

"We are unaware of any surveillance taking place," said a spokesperson for Blizzard Entertainment. "If it was, it would have been done without our knowledge or permission."

The surreal and uneven virtual world of Second Life failed to maintain an audience

Microsoft declined to comment on the latest revelations, as did Philip Rosedale, the founder of Second Life and former chief executive of Linden Lab, the game's operator. The company's executives did not respond to requests for comment.

The NSA declined to comment on the surveillance of games. A spokesperson for the GCHQ said the agency did not "confirm or deny" the revelations, but added: "All GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that its activities are authorised, necessary and proportionate, and there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the intelligence and security committee."

Though the agencies might have been relatively late to virtual worlds and the communities forming there, once the idea had been mooted, they joined in enthusiastically.

In May 2007, the then chief operating officer of Second Life gave a "brown bag lunch" address at the NSA to explain how his game gave the government "the opportunity to understand the motivation, context and consequent behaviours of non-Americans through observation, without leaving US soil".

One problem the paper's unnamed author and others in the agency faced in making their case – and avoiding suspicion that their goal was merely trying to play computer games at work without getting fired – was the difficulty of proving terrorists were even thinking about using games to communicate.

A 2007 invitation to a secret internal briefing noted that "terrorists use online games – but perhaps not for their amusement. They are suspected of using them to communicate secretly and to transfer funds." But the agencies had yet to find any evidence to support their suspicions. The same still seemed to hold true a year later, albeit with a measure of progress: games data that had been found in connection with internet protocols, email addresses and information linked to terrorist groups.

"Al-Qaeda terrorist target selectors … have been found associated with Xbox Live, Second Life, World of Warcraft and other games and virtual environments]," the document notes. "Other targets include Chinese hackers, an Iranian nuclear scientist, Hezbollah and Hamas members."

However, that information was not enough to show terrorists are hiding out as pixels to discuss their next plot. Such data could merely mean someone else in an internet café was gaming, or a shared computer had previously been used to play games.

That lack of knowledge about whether terrorists were actually plotting online emerges in the document's recommendations: "The amount of games and virtual environments in the world is growing," it said. 

Not actually knowing whether terrorists were playing games was not enough to keep the intelligence agencies out of them. According to the document, the GCHQ already had a "vigorous effort" to exploit games, including "exploitation modules" against Xbox Live and World of Warcraft.

That NSA effort, based in the agency's New Mission Development Centre in the Menwith Hill UK air force base in North Yorkshire, was paying dividends by May 2008.

Agents have been deployed to infiltrate the game World of Warcraft

At the request of the GCHQ, the NSA began a deliberate effort to extract World of Warcraft metadata from their troves of intelligence, and tried to link "accounts, characters and guilds" to Islamic extremism and arms dealing efforts. A later memo noted that among the game's active subscribers were "telecom engineers, embassy drivers, scientists, the military and other intelligence agencies".

The UK agency did not stop at World of Warcraft, though: by September, a memo noted that the GCHQ had "successfully been able to get the discussions between different game players on Xbox Live".

Meanwhile, the FBI, the CIA and the Defence Humint (Human Intelligent) Service all had undercover agents within the virtual world of Second Life. In fact, so crowded were the virtual worlds with staff from the different agencies that there was a need to try to "deconflict" their efforts – in other words, to make sure each agency wasn't duplicating what the others were doing.

By the end of 2008, such human intelligence efforts had produced at least one usable piece of intelligence, according to the documents: following the successful takedown of a website used to trade stolen credit card details, the fraudsters moved to Second Life – and the GCHQ followed, having gained their first "operational deployment" into the virtual world.

This, they noted, put them in touch with a game character "who helpfully volunteered information on the target group's latest activities".

Second Life continued to occupy the intelligence agencies' thoughts throughout 2009. One memo noted that the game's economy was "essentially unregulated" and so "will almost certainly be used as a venue for terrorist laundering and will, with certainty, be used for terrorist propaganda and recruitment".

In reality, Second Life's uneven virtual world failed to maintain the promised audience, and its userbase waned, though the game lives on.

The agencies had other concerns about games, beyond their potential use by terrorists to communicate. Much like the pressure groups that worry about the effect of computer games on the minds of children, the NSA expressed concerns that games could be used to "reinforce prejudices and cultural stereotypes", noting that Hezbollah had produced a game called Special Forces 2.

According to the document, Hezbollah's "press section acknow-ledges [the game] is used for recruitment and training", serving as a "radicalising medium" with the ultimate goal of becoming a "suicide martyr". Despite the game's disturbing connotations, the "fun factor" of the game cannot be discounted, it states. As Special Forces 2 retails for $10, it concludes, the game also serves to "fund terrorist operations". – © Guardian News & Media 2013