America’s National Security Agency has been spying on users of Xbox Live and World of Warcraft, according to new documents.
The revelation is the latest in along line of leaks stemming from Edward Snowden and published by, amongst others, The Guardian.
A new document published today entitled ‘Exploiting Terrorist Use of Games & Virtual Environments‘ claims that the NSA identified Xbox Live, World of Warcraft and Second Live as ‘Games and Virtual environments’ (GVEs) in which terrorists could easily communicate.
Many GVEs allow convergent technologies to intermingle such as XboxLive which can be run via an Xbox 360 gaming console and/or connect via a PC to normal MSN chat,” it reads. Second Life offers the ability to anonymously text a GSM phone (SMS) and soon they will offer anonymous voice calls so that phone numbers do not have to be known by either party and won’t show up in collection.
Al Qaida terrorist target selectors and GVE executable have been found associated with Xbox Live, Second Life, World of Warcraft and other GVEs in PINWALE network traffic, TAO databases and in forensic data.
GVEs are an opportunity! We can use games for: CNE exploits, social network analysis, HUMINT targeting, ID tracking (photos, doc IDs), shaping activities, geo-location of target and collection of comms. These applications and their servers are trusted by their users and makes a connection to another computer on the internet, which can then be exploited. Through target buddylists and interaction found in the game and on gaming websites, social networks can be diagrammed and previously unknown SIGINT leads and connections and terrorist cells discovered.
Recommendation: Protocol Exploitation, SLF and TAO should begin profiling their databases and the GVEs for collection and exploitation possibilities. CT SIGDEV along with CT TOPIs will study the collected traffic to find and track targets of interest. We need to develop a viewer database that allows linguist/analysts to view/experience voice/text/video traffic together to archive the GVE data associated with reporting.
CT SIGDEV/SSG should develop strategy for collaboration. Members should have the ability to check tasking, traffic and status of current operations.”
The news comes on the same day that Microsoft, Google and Apple have publicly demand changes to US surveillance laws.
Microsoft has previously had to assure Xbox One users that data collected by Kinect will not be handed over to US authorities.