NSA infiltrating World of Warcraft, Second Life and other MMO’s

It was recently released that the NSA has infiltrated popular MMO’s, such as World of Warcraft, Second Life, and others in an attempt to catch terrorists.

Secret briefings from 2007 and 2008 show agents expressing great enthusiasm for video games as a “target-rich communication network” affording bad guys “a way to hide in plain sight.” At one point, the Guardian reports: “According to the briefing documents, so many different US intelligence agents were conducting operations inside games that a “deconfliction” group was required to ensure they weren’t spying on, or interfering with, each other….”

At first thought I figured this was insanity at its best. But after thinking about it, I thought, how clever this actually is (from the terrorist perspective). Let me explain in more detail.

Let’s say that I belong to some “uber secret society” that law enforcement keeps trying to infiltrate. We already know, Governments can tap your cell phone, wired phone, sat phone, internet traffic (unless heavily encrypted), and written correspondence. Practically any traditional method of communicating with other members of this “uber secret society” is at risk.

Enter MMO’s.

I go online and buy a CD at GameStop, or stop at my local one and pick up two (or more) copies for cash. It is something that I can carry with my anyplace in the world, and is not subject to export regulations (like heavy encryption) nor is any “game” going to trigger any unusual alerts or investigation. I pass that game on to another contact and he installs it, I do the same.

We log in, create an “guild or group” and bam. Done. One “player” can be sitting in a cave in some remote location with a sat or cell phone internet data connection, and I can be sitting in New York with mine, and nobody will give a care. Think about it. Who cares if you see World of Warcraft traffic? I am sure if someone was sniffing traffic in the ether looking for “email” and they noticed World of Warcraft packets they would probably laugh about it.

And I know that some of you guys are gonna say, you can’t play Warcraft on a sat or cell phone data connection, the latency is too high. I say bull. I am not raiding Ice Crown Citadel in a 25 man to kill the Lich King, so I don’ t care if my latency is through the roof. I am only sending text messages in chat, and maybe running around killing bats in Tirisfal Glades. What a great way to obfuscate your data, encapsulated in the middle of something nobody cares about (or in plain site).

Also, anyone who has played Warcraft and looked at trade chat for more than 5 minutes knows that there is an ungodly number of messages flowing through that chat window. Albeit, most of them are about “your mom”, “Chuck Norris”, or how some PUG failed his group. But, there is a significant number of them. I would place my bets that these “chat” messages are not archived, and if they are, they are not archived for very long, which also makes a perfect way to purge any chat history. After all, keeping them (storing them long term) has absolutely no benefit to any game mechanic what-so-ever. So, why would a company want to spend millions of dollars on data storage for something that has no effect on game play.

Bottom line is, this is a pretty clever way to obfuscate your data in plain site. And it is interesting that the NSA caught on to this. Further more, according to the minutes of a January 2009 meeting, GCHQ’s “network gaming exploitation team” had identified engineers, embassy drivers, scientists and other foreign intelligence operatives to be World of Warcraft players—potential targets for recruitment as agents.