The NSA tracks World of Warcraft and other online games for terrorist clues

Agency fears terrorists may be using online gaming platforms to communicate and plot attacks

American and British spy agencies apparently believe there are real-life terrorists lurking among the elves, gnomes and the trolls of online gaming worlds.

For the past several years, the National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ), have secretly monitored activity and harvested data from massively multiplayer online game networks like World of Warcraft and Second Life.

There is little evidence yet that the monitoring has yielded any counterterrorism successes. But the agencies believe terrorists might be using such networks to communicate with each other, move money and plot attacks around the world without being noticed, the New York Times reported Monday, quoting documents obtained from former NSA contractor Edward Snowden.

Agents from NSA and GCHQ have created make-believe characters and entered online fantasy game terrains in an effort to recruit informers and tap communications between players.

"Because militants often rely on features common to video games fake identities, voice and text chats, a way to conduct financial transactions American and British intelligence agencies worried that they might be operating there," the Times reported.

Snowden's latest revelations are sure to provoke more questions about the NSA's breathtaking range of surveillance activities -- especially if it turns out that the agency collected data on U.S. gamers as part of its monitoring efforts.

Just last week, the Washington Post reported on how the agency is daily collecting location data from millions of cellphones around the world, including those belonging to Americans travelling abroad.

The NSA later cited a 1981 Executive Order signed by President Ronald Reagan as the authority under which it is collecting the data. Privacy groups have called the effort unconstitutional and another example of the agency monitoring and gathering data on U.S. residents without a court-issued warrant.

Former NSA agent John Pescatore, who is presently director of emerging technologies at the SANS Institute, said the NSA's effort to mine intelligence data from online gaming networks is not all that surprising. "Years ago, law enforcement and the intelligence community were concerned about criminal and terrorist use of online services like AOL or Compuserve," he said. "So, I'm not surprised they would look at the online gaming world -- they are just another form of online service."

According to the Times, documents obtained from Snowden show that the NSA and the GCHQ began taking an active interest in intelligence gathering from the online gaming world between 2007 and 2008.

In one document from around that time, the NSA talked about how it was able to gather information on user accounts, characters and guilds related to known Islamic extremists groups by monitoring World of Warcraft.

Targets of interest appeared to be playing World of Warcraft and other online games, the documents noted. However, there is nothing to show whether those targeted were engaged in any nefarious activities on the networks, the Times said.

By 2008, Britain's GCHQ had established a full-fledged network exploitation team in Second Life and helped London police bust a crime gang that was using the gaming platform to sell stolen credit card information. A similar team on World of Warcraft helped the British spy agency identify engineers, scientists, foreign intelligence operatives and embassy drivers on the network, many of whom were apparently viewed as potential targets for recruitment, the Times said.

The intelligence gathering effort gathered intensity in 2009. In one episode, the GCHQ apparently harvested three days' worth of instant messages, chats, communications and financial transaction data from Second Life while testing its spying abilities on the network.

The documents apparently do not specify how the NSA or its counterparts in other countries got access to gamer accounts and communications data. Nor do the documents provide any information about how many game users may have been monitored or whether information was collected on any Americans.

The makers of the gaming platforms themselves appear to be unaware of the spying. The creators of World of Warcraft, for instance, claimed they had not been contacted or informed of the data mining on their networks by either the NSA or the GCHQ.

Join the CSO newsletter!

Error: Please check your email address.

Tags new york timesNational Security AgencysecuritycyberwarfarensaGovernment Communications HeadquartersinternetprivacyGCHQ

More about AOLCompuserveGCHQNational Security AgencyNSASANS Institute

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place