The spies who came into the virtual

News has been breaking that the United States National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ), the British equivalent of the NSA, “infiltrated” various on-line gaming platforms and virtual worlds as part of the anti-terrorist activities.

Revelations a part of The Guardian's "The NSA Files" series
Revelations form a part of The Guardian’s “The NSA Files” series

Information on the operations, obtained via Edward Snowden, the former CIA employee / NSA contractor, who released some 200,000 documents to the press, is at the centre of a series of reports the Guardian newspaper in the UK in partnership with The New York Times and ProPublica, and which have been widely picked-up by the on-line media on both sides of the Atlantic. The reports show that both the NSA and GCHQ were so concerned about the various methods nefarious individuals might use to communicate with one another, that they started targeting various on-line platforms – often on the thinnest of reasoning.

The actual activities were varied in scope, ranging from specific data gathering through the use of “mass-collection capabilities”, through to operatives posing as players on various platforms seeking information and also charged with recruiting potential informants from the more technically aware members of the various communities – with Second Life being one of the targeted platforms.

In some respects, the interest in virtual world and games platforms is unsurprising; I’d frankly be more concerned if the security agencies hadn’t considered the potential for such platforms to be used by militant or terrorist groups (which, I would also add, should not be taken to mean I necessarily condone their actions). However, what I do find to be eyebrow-raising, and doubtless what other people will as well, is the degree to which GVEs – games and virtual environments – were subjected to surveillance and what went on.

For example, ProPublica reports that in 2009, a 3-day “test” of capabilities to gather data from within Second Life, Britain’s GCHQ gathered real-time data on chats, IMs and L$ transactions which amounted to some 176,677 lines of data. How widespread this data-gathering was, who was affected by it and what happened to the data, is unclear.

GCHQ’s interest in Second Life appears to have started out as a legitimate activity. Towards the end of 2008, they were involved in tracking down a credit card fraud ring in what was known as “Operation Galician”. When the fraud ring attempted to move some of their activities to Second Life, GCHQ and the police followed. Even so, the success (or otherwise) of that operation doesn’t seem to stand up as justification for the wholesale gathering of data as occurred in 2009.

The UK's GCHQ - gathered over 176,000 lines of data pertaining to SL users chat, IM and L$ transactions in a single real-time "test" of their ability to gather SL data
The UK’s GCHQ – gathered over 176,000 lines of data pertaining to SL users chat, IM and L$ transactions in a single real-time “test” of their ability to gather SL data (images via Gizmodo)

The British security agency was no slouch when it came to other virtual and gaming environments, either, as the Guardian’s report reveals:

At the request of GCHQ, the NSA had begun a deliberate effort to extract World of Warcraft metadata from their troves of intelligence, and trying to link “accounts, characters and guilds” to Islamic extremism and arms dealing efforts. A later memo noted that among the game’s active subscribers were “telecom engineers, embassy drivers, scientists, the military and other intelligence agencies.”

GCHQ was also the motivating force behind data gathering activities directed at the Xbox Live console network, and developed “exploitation modules” for various platforms. Much of this activity appears to have been carried out at Menwith Hill, a Royal Air Force base which provides communications and intelligence support services to the United Kingdom and the United States of America, and where GCHQ and NSA operatives worked side-by-side to infiltrate World of Warcraft.

LL's former CTO: Cory Ondrejka - met with NSA officials in 2007
LL’s former CTO: Cory Ondrejka – met with NSA officials in 2007 (image via CSCW08)

Activities appear to have started in 2007, reaching their peak in around 2009, although it is far from clear how much is still going on today. Ironically, initially interest may have been sparked as a direct result of Second Life. Because it was in 2007 that LL’s former CTO, Cory Ondrejka, himself a former Navy officer who had worked at the NSA prior to entering the private sector, met with NSA officials at the agency’s headquarters in Fort Meade Maryland, to explain how Second Life presented USD agencies with “the opportunity to understand the motivation, context and consequent behaviours of non-Americans through observation, without leaving US soil”.

Nor was he alone in courting the intelligence services. At the same time, US government contractor Science Applications International Corporation (SAIC), active within Second Life, was promoting its ability to support “intelligence collection in the game space” while at the same time warning of the risk of militant groups using on-line game environments as a means of recruitment, providing them “with a powerful platform to reach core target audiences.”

Just how big a potential security threat GVEs presented is debatable; while the likes of Second Life offers a degree of anonymity to its users and also provides a micro transaction system complete with the ability to both transfer and cash-out funds, it’s fair to say that such platforms are still policed by the companies operating them. Records are kept and transaction trails can be traced; ergo, their appeal would appear to be somewhat minimal for those wishing to cover their tracks and minimise the risk of exposure.

That said, there has been evidence to suggest that games have been identified as a potential medium for recruitment by extremist organisations – the documents passed-on by Mr. Snowden note that Hezbollah had produced a game called Special Forces 2, specifically intended to be a “radicalising medium” with the ultimate goal of the player to become a “suicide martyr”. It’s also fair to say that SL has from time-to-time been used to promote extremist views. But just how widespread and serious these latter endeavours may have been is really hard to determine.

Overall, the scale of the operations mounted by intelligence and law enforcement agencies within GVEs appears to have been well out of keeping with any perceived risk such platforms were thought to contain. So much so, that with the likes of the FBI, CIA and US Defense Humint (Human Intelligence) Service all involved in Second Life undercover operations in what might be termed something of an intelligence agency pile-on test (or perhaps “pile-up” test might be a better description), it was suggested that a “deconflicting group” was required in order to prevent the various agencies tripping over one another’s activities.

As I mentioned earlier, I’m not that surprised that security agencies have taken an interest in GVEs; what I do find surprising is the extent to which that interest went, and just how complicit the various companies running the platforms mentioned in the article were in matters. Were the chat, IM and L$ transactions data gathered by GCHQ with or without LL’s knowledge, for example. And either way, what does it mean for our perceptions of on-line privacy and security as users of Second Life – or any other platform, for that matter? If, indeed, we really have any.

Related Links

21 thoughts on “The spies who came into the virtual

  1. These things were not dreadfully secret. In 2009 there were reports of possible use of SL for terrorist communication, and there have been long-running rumours of money laundering. As well as claims that every L$ had a unique serial number.

    How far they went beyond just a few experiments, we don’t know. There’s some convincing documentation, not all via Snowden, that the NSA just doesn’t recognise any limits on what it may do. They look out of control.


    1. Yup. There has been off / on evidence for a good few years covering both sides of the fence. what is to me interesting about the latest set of revelations via Snowden / The Guardian et al, is the extensive nature of what has been going on particularly with reference to SL & GVEs, and just who has been the motivating force (GCHQ). This also obviously raises questions as to complicitly as well.

      Criminal activities such as fraud / money laundering are something of a different issue (allowing for the fact that a) GCHQ appears to have been initially involved in an anti-fraud operations and b) money laundering could also form a part of terrorist activities). Where such activities take place in SL for criminal gain, one would hope the LL and cooperating fully and completely with the relevant law enforcement bodies.


  2. Tinker, Tailor, Healer, Spy.

    A mixture of hilarity and creepiness, the Cory business certainly moves to the creepy side.

    Really it should come as no surprise that the security forces would be monitoring such platforms, although you can’t help but get the feeling that they might have enjoyed their time there too much!

    All very Orwellian but not a surprise at all.


  3. What concerns me is not the in-world operations (open or nefarious) by government agencies, it is the possibility (probability?) that our day to day activities in SL could be intercepted in the internet pipeline. Snowden have said they do such things with our email etc., how vulnerable is SL? Does LL care? Do we care? Should we care?


    1. The other, potentially disastrous, possibility is that LL has given the NSA some kind of backdoor access. That would be the end or whatever trust we have left in them.


      1. Indeed. Hence my closing remarks. Although, given GCHQ apparently “built” capabilities to access Xbox Live and WoW data, one does tend to lean towards the same happening with Second Life, and the Lab being in the dark over it. As such, part of me feels any cosying-up to intelligence networks is akin to cosying-up to a politician: you can be sure that while they’re kissing your cheek in a friendly greating, their hand is already in your purse…


  4. That Cory, such a scamp!

    I wonder how many sims will shut down now that the spies realize their honeypots lure only other spies.


  5. Well, im not worried about Nsa or any other agency activities in SL, Im worried yes, about phishing scams, spammers, griefers!
    Still as someone said before, Linden Lab will need to make clear that:
    Didn’t knew any about this or knew all the way!
    Nevertheless, it is obvious that these agencies didn’t manage to stop any of the things that concern me and can even be a major cause of lag!
    And even worse, these agencies never managed to stop any terrorist attempt!
    So they are redundant to say the least!
    Its time to put an end to them!


  6. This is why I have all those alts…keeping them guessing!

    If intelligence agencies’ interest in SL peaked a few years ago, is that more evidence for the “SL is dead” crowd?


    1. Funnily enough, a lot of the reports ascribe waning interest on the part of the spooks to be down to SL “losing relevance”. Personally, I think the reality is that they lost interest as a result of getting their L$ purchases rejected as legitimate expenses on the company credit cards.


  7. On the other side of the coin, the U.S. Army uses and makes available it’s own version of OpenSimulator that it can use for virtual training exercises, known as MOSES. It’s designed to be more secure, providing a greater degree of privacy for those who might choose to make use of it. Anyone with an interest in it can take a look over at

    It also has some other interesting features like the Distributed Scene Graph,or DSG. DSG allows for the separation of various the various functions of a simulator (physics, scripting, etc.) to be split amongst many servers, enabling more than a thousand avatars in a single simulator.


    1. Yup, I covered MOSES a couple of years ago, and have been meaning to contact Doug and ask him if I can have another look around. I’ve also yet to see Intel’s DSG in action, which inrigues me.

      MOSES is a fascinating use of a VW, and the fact that is is open to non-military uses for research, etc., is a huge plus to Doug and the team at the STTC.


Comments are closed.