from the on-the-internet,-no-one-knows-you're-an-octopus dept
Apparently, there’s nowhere our intelligence agencies won’t go in ostensibly in search of terrorists. The latest leak from Snowden, as published by ProPublica, New York Times and The Guardian, shows the NSA and GCHQ are actively infiltrating MMOs and other online gatherings in order to fight terrorism.
Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe, according to newly disclosed classified documents.
Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels.
The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players, according to the documents, disclosed by the former National Security Agency contractor Edward J. Snowden.
According to the document (from 2008), online games like World of Warcraft and Second Life are potentially “target-rich environments” in which suspected terrorists “hide in plain sight.” (And it’s not just MMOs. Xbox Live has apparently been swept up in the surveillance efforts as well.) Despite this assertion, the documents contain no evidence that any terrorists have been uncovered by agents and analysts. In fact, experts and developers of games like these have found no evidence that terrorists are using their services to communicate or recruit new members.
Once again, the efforts of the NSA and GCHQ seem to be focusing time and energy searching locations where terrorists would be least likely to be “hiding in plain sight,” much in the way that grabbing data from mainstream email services and social platforms is only going to find the most amateurish of wrongdoers.
Games “are built and operated by companies looking to make money, so the players’ identity and activity is tracked,” said Peter W. Singer of the Brookings Institution, an author of “Cybersecurity and Cyberwar: What Everyone Needs to Know.” “For terror groups looking to keep their communications secret, there are far more effective and easier ways to do so than putting on a troll avatar.”
Not only is the effort highly inefficient, but it’s also highly redundant. As ProPublica points out, there are so many agents from the Pentagon, CIA and FBI chasing targets in virtual worlds that a “deconfliction” group was created just to avoid online “collisions.”
Blizzard, the developer behind World of Warcraft, has gone on record stating that if intelligence agencies are using the service to track terrorists, it hasn’t been informed or given its permission. Microsoft and Linden Lab (Second Life’s developer) declined to comment.
There may be a good reason Linden Lab isn’t issuing a statement. Its former CTO is an ex-military officer with top secret clearance.
In 2007, as the NSA and other intelligence agencies were beginning to explore virtual games, NSA officials met with the chief technology officer for the manufacturer of Second Life, the San Francisco-based Linden Lab. The executive, Cory Ondrejka, was a former Navy officer who had worked at the NSA with a top-secret security clearance.
He visited the agency’s headquarters at Fort Meade, Md., in May 2007 to speak to staff members over a brown bag lunch, according to an internal agency announcement. “Second Life has proven that virtual worlds of social networking are a reality: come hear Cory tell you why!” said the announcement. It added that virtual worlds gave the government the opportunity “to understand the motivation, context and consequent behaviors of non-Americans through observation, without leaving U.S. soil.”
GCHQ, in particular, has used Second Life to track down a crime ring selling stolen credit card information. While the use of these games in discovering and tracking terrorists still remains largely theoretical, GCHQ found the online games did offer one benefit:
According to the minutes of a January 2009 meeting, GCHQ’s “network gaming exploitation team” had identified engineers, embassy drivers, scientists and other foreign intelligence operatives to be World of Warcraft players — potential targets for recruitment as agents.
The NSA, on the other hand, seems to have found little more than evidence that terrorism suspects are largely like non-terrorists when they play online games — they do it for enjoyment.
One NSA document said that the World of Warcraft monitoring “continues to uncover potential Sigint value by identifying accounts, characters and guilds related to Islamic extremist groups, nuclear proliferation and arms dealing.” In other words, targets of interest appeared to be playing the fantasy game, though the document does not indicate that they were doing so for any nefarious purposes.
Whether or not these agencies are actually hunting down terrorists, one this is for certain: large amounts of communications are being caught in the surveillance nets.
One document says that while GCHQ was testing its ability to spy on Second Life in real time, British intelligence officers vacuumed up three days’ worth of Second Life chat, instant message and financial transaction data, totaling 176,677 lines of data, which included the content of the communications.
Not surprisingly, there’s also a profit motive tied into this infiltration of online games. SAIC, a government contractor specializing in surveillance systems (and building non-functional, incredibly expensive software), may have set this online surveillance in motion back in 2007.
In one 66-page document from 2007, part of the cache released by Mr. Snowden, the contracting giant SAIC promoted its ability to support “intelligence collection in the game space,” and warned that online games could be used by militant groups to recruit followers and could provide “terrorist organizations with a powerful platform to reach core target audiences.”
ProPublica notes that there’s nothing in the documents that suggests SAIC ended up with a contract (at that time) as a result of its self-promotion, but it does appear that SAIC (along with Lockheed Martin) won a multi-million dollar contract a couple of years later, shortly after it participated in a discussion about a proposed government study of the link between online and offline behavior in MMO gamers.
The question is how useful these infiltrations have been after a half-decade of use. The agencies have stated they feel these games could be used for communication and recruitment, but nothing has surfaced indicating the surveillance is effective. It largely seems to be another way to gather data, something the agencies already have too much of. If nothing else, GCHQ seems to be using it for a headhunting tool, but I’m not sure how many potential employees would be flattered to know they’ve been “scouted” by a questionable surveillance program. For now, it seems to be another case of the reach far exceeding the grasp, not that this lack of success ever seems to result in scaling back the “reach.”