[Update] Report: NSA Monitoring Some Online Game Services

by Mike Futter on Dec 09, 2013 at 09:21 AM

Update #2: Blizzard has also responded to our inquiry, sharing a statement on this morning's NSA spying report. "We are unaware of any surveillance taking place," a Blizzard representative told us via email. "If it was, it would have been done without our knowledge or permission."


Update #1: Microsoft has responded to our request for comment on the NSA spying report released this morning. “We’re not aware of any surveillance activity," a Microsoft representative told us via email. "If it has occurred as reported, it certainly wasn’t done with our consent.”


Original Story:

This morning, new documents have surfaced indicating the United States government has been monitoring popular game services. The mentioned networks and titles include Blizzard’s World of Warcraft, Microsoft’s Xbox Live service, and Second Life.

The report, which was a collaboration of the New York Times, The Guardian, and ProPublica details the measures taken to collect and monitor chat transcripts. In the 82-page source document, Xbox Live is called out for its ability to connect an Xbox 360 console to Microsoft’s messaging service. Second Life is identified because it “offers the ability to anonymously text to a GSM phone (SMS) and soon they will offer anonymous voice calls so that phone numbers do not have to be known by either party and won't show up in collection.”

The document also details how the NSA collected World of Warcraft data. “The NMDC engaged SNORT, an open source packet-sniffing software, which runs on all [Foreign Satellite Collection (FORNSAT)] survey packet data, to filter out WoW packets,” the document states. “[Government Communications Headquarters (GCHQ)] provided several WoW protocol parsing scripts to process the traffic and produce Warcraft metadata from all NMDC FORNSAT survey. These logs are now being forwarded back to GCHQ for additional analysis, target development and network knowledge enrichment.” 

The document also draws parallels between traditional target development that tracks email, chat logs, and friend lists and online gaming’s character IDs and guilds. One section of the material also details how terrorist groups might use different genres of games.

The document does call out games designed as training tools. This includes something called Special Force, which was created by Hezbollah. The game uses politically charged themes and images of real Israeli military personnel and reenactments of battles.

The free titles Ummah Defense and Ummah Defense II suppose a world conquered by Muslims fighting against the only remaining non-believer and his army of robots. The NSA document suggests that this isn’t just harmless fantasy, but rather “the overarching message is that establishment of the caliphate is possible.”

The United States Army’s America’s Army title is used as support for the concern that terrorist-supported titles can be used for recruitment. According to the document, 28 percent of America’s Army players visited a US Army recruitment website. No indication of enlistment percentages is offered.

Furthermore, the US military’s use of games as training tools in the areas of mission rehearsal and language training are used as evidence of the efficacy of the medium. The author makes the connection that “games could also be used as part of the attack plan itself.”

This follows concern earlier in the year that Microsoft and other companies had been complicit in NSA monitoring. This prompted the company to seek clearance from the government to disclose certain details and most recently resulted in Microsoft enacting new privacy measures

Microsoft also changed course on the Kinect for Xbox One. Originally, the device was required for operation. That was later amended in the wake of privacy concerns.

We’ve reached out to Microsoft and Activision for comment on this matter, as their products were specifically identified. We’ll update should they offer a statement.

[Source: New York Times, The Guardian, ProPublica, NSA Documents]


Our Take
Some of the uses of different genres identified in the document seem like a stretch. The FPS genre entry calls out Halo, Doom, and Half-Life, and something called Night of Bush Capturing, but not Call of Duty or Battlefield. 

The strategy group identifies Civilization and Age of Empires, but also Warcraft and Starcraft. I’m not sure success at terrorism is determined by APM. 

Light humor aside, while the NSA might be looking for users based in other countries engaging in suspicious activity, it is doing so on networks populated by millions of Americans. That data is being gathered, and it’s not clear if there are any privacy measures in place to protect the average WoW or Xbox Live gamer.

I agree that the game environments mentioned could be exploited for nefarious purposes, but without fully understanding how the data is collected, identified, and processed, there is reason for concern. Expect to hear a lot more about this in the coming days.