US and British spies invade World of Warcraft in hunt for online criminals and terrorists

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

World of WarcraftI think I’ve heard it all now.

The New York Times reports that – according to documents leaked by NSA whistleblower Edward Snowden – intelligence agencies in the United States and UK have infiltrated the online MMORPG World of Warcraft.

Their intention it seems, is not to prance around imagining that they are a madrigal-singing Elf, but instead to scoop up data and conduct surveillance on “people” of interest.

Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels.

Because militants often rely on features common to video games — fake identities, voice and text chats, a way to conduct financial transactions — American and British intelligence agencies worried that they might be operating there, according to the papers.

In short, it wasn’t enough that they were snooping on email conversations, able to tap phone calls, weaken encryption standards, use sophisticated hacking techniques to install spyware on targeted computers… they needed to extend their range to Middle Earth and Xbox Live as well.

Leaked document

Well, yes, obviously online games which include chat or IM facilities do provide a method for people to communicate. And I suppose that games that include virtual characters could also communicate *visually* (for instance, lopping an orc’s head off with the bronze axe might mean launch the attack next Friday).

Sign up to our free newsletter.
Security news, advice, and tips.

But how practical is it to have a team of spies sniffing around World of Warcraft to see what they might find?

Draw SomethingWhy aren’t they also snooping (maybe they are!) on the chess app I have on my smartphone. Perhaps everytime I mess up my Dutch Stonewall defence it’s not really an indication that I’m a lousy chess student, but instead a coded message for my opponent to launch an attack on SCADA systems in the Netherlands?

How about all these people playing Draw Something who might be doodling secret messages to fellow criminals or conspirators. It’s hard enough for people to guess what’s being drawn… it boggles the mind to imagine that a bad guy could be using it to send coded messages to their partners in crime, and that some poor sucker at the NSA is going to be scratching his head trying to work out what they really represent.

I guess the important thing is to ask the question: was surveillance on online games like World of Warcraft successful? Did it foil any terrorist plots?

Sadly, no information about the success of the surveillance has been presented.

What we do know from the documents is that at one time there were so many spies from various agencies snooping around the virtual world of Second Life, that steps had to be taken to prevent intelligence officers bumping into each other, and wasting their time spying on colleagues.

But for all their enthusiasm — so many C.I.A., F.B.I. and Pentagon spies were hunting around in Second Life, the document noted, that a “deconfliction” group was needed to avoid collisions — the intelligence agencies may have inflated the threat.

There is no doubt that intelligence agencies are interested in who people communicate with, who their friends and associates are, and that is true both offline and online.

But can video games be used for more than just communicating?

The leaked documents – which date from 2008 – attempt to argue that video games can provide a virtual training-group for wannabe terrorists. Predictably, they link the threat to 9/11.

These games offer realistic weapons training (what weapon to use against what target, what ranges can be achieved, even aiming and firing), military operations and tactics, photorealistic land navigation and terrain familiarization, and leadership skills. While complete military training is best achieved in person, perfection is not always required to accomplish the mission. Some of the 9-11 pilots had never flown a real plain, they had only trained using Microsoft’s Flight Simulator.

Hmm.

I would probably argue that there’s a difference between hours playing Microsoft Flight Simulator and a game where you are mostly encountering gnomes.

Read more about the leaked documents in the New York Times report.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “US and British spies invade World of Warcraft in hunt for online criminals and terrorists”

  1. Nick

    Hahahaha! This is the funniest thing I read. I'm
    certain that employees at the NSA and GCHQ had this conversation:
    Joe: "Hey guys lets convince our bosses that Second Life
    and WoW has terrorist communications!" "Great
    idea Joe, that way we can play games all day and the NSA will think
    we are actually working!"

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.