NSA: new report unearths spying on Xbox Live, WoW, more

Monday, 9 December 2013 14:06 GMT By Dave Cook

America’s National Security Agency is reportedly spying on players using Xbox Live, World of Warcraft, Second Life and other services.

The report follows a joint investigation carried out by The Guardian, New York Times, ProPublica, and backed bydocumentsunearthed by whistleblower Eric Snowden.

NSA records indicate that the agency sent agents into World of Warcraft under the guise of avatars to snoop on players, and in some cases attempt to recruit seasoned players to the cause. The paper, entitled ‘Exploiting Terrorist Use of Games & Virtual Environments’ shows that the agency also has the means to collect mass data from Xbox Live’s 48 million players.

The documents warn that leaving online game services unchecked renders them ideal for terrorists or wrongdoers looking to, “hide in plain sight”. They reveal that so many NSA agents and other third-party agencies were snooping around in games, that the task forces had to be properly measured to ensure they weren’t disrupting each other’s projects.

One page suggests that online games can be used to offer weapons training. An excerpt reads, “These games offer realistic weapons training (what weapon to use against what target, what ranges can be achieved, even aiming and firing, military operations and tactics, photorealistic land navigation and terrain familiarization, and leadership skills. While complete military training is best achieved in person, perfection is not always required to accomlish the missions. Some of the 9-11 pilots had never flown a real plane, they had only trained using Microsoft’s Flight Simulator.

“When the mission is expensive, risky or dangerous, it is often a wiser idea to exercise virtually, rather than really blow an operative up assembling a bomb or exposing a sleeper agent to law enforcement scrutiny. Militaries around the world use virtual simulators with great success and the Hizballah even hooked up a PlayStation controller to a laptop in order to guide some of its real missiles.”

There is also mention of Al Qaida using Xbox Live, Second Live and World of Warcraft, along with Chinese hackers, an Iranian nuclear scientist, Hizballah and Hamas members.

It has been suggested that by infiltrating games in this manner, the NSA can catch wind of hacking attempts, make friends with suspects, build their real-world profile, find out their location and earn enough of their trust to see their profile pictures. Gaining access to voice and text chat logs appears to be instrumental to this process.

The Guardian in particular notes that the documents fail to disclose any known instances of when online gaming was used as a meeting place to discuss terrorist activity, or if indeed the NSA’s attempts were successful in uncovering suspects. The site adds that it isn’t clear exactly how the agency gained access to said data, or if it managed to avoid spying on innocent players.

World of Warcraft developer Blizzard has since pleaded that it was in the dark surrounding NSA activity. The studio said in a statement, “We are unaware of any surveillance taking place. If it was, it would have been done without our knowledge or permission.”

Second Life developer Linden Lab did not reply to comment requests, but Microsoft issued the following statement to Polygon:

“We’re not aware of any surveillance activity. If it has occurred as reported, it certainly wasn’t done with our consent.”

The NSA’s sister agency GCHQ did respond however, and stated, “All GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that its activities are authorised, necessary and proportionate, and there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Intelligence and Security Committee.”

An excerpt from the NSA documents reads, “Al-Qaida terrorist target selectors and … have been found associated with XboxLive, Second Life, World of Warcraft, and other GVEs [Games and Virtual Environments]. Other targets include Chinese hackers, an Iranian nuclear scientist, Hizballah, and Hamas members.”

However, The Guardian offers that this is inconclusive, seeing as someone could have used the same computer or IP address – perhaps at an internet cafe – as these suspects to play games, and is no guarantee that the players and suspects are one and the same.

Regardless, by September 2008, the GCHQ was able to successfully obtain discussions between players conducted on Xbox Live. At the same time, the FBI, CIA, and the Defense Humint Service were infiltrating Second Life amid fears that the Linden Dollar currency was being used to launder the money of terrorists.

Read the documents in full via the first link and let us know what you think below.

Latest