Years ago, the NSA spied on World of Warcraft — how have things changed since?

The plot sounds like a Bush era spy thriller for young adults: while millions of players raided Azeroth in the years 2006-2013, Western intelligence agencies including the NSA and British Government Communications Headquarters developed ways to build and monitor informant systems to keep track of suspected Islamic terrorists. World of Warcraft.

WoW wasn’t the NSA’s only target: Together with GCHQ, the NSA also turned its eye toward social MMO Second Life, Microsoft’s original Xbox Live chat service, and other popular “Games and Virtual Environments.”

Edward Snowden is a former NSA employee turned whistleblower who, in 2013, worked with The Guardian, The New York Times and investigative non-profit ProPublica to leak a trove classified documents.

Leaked documents show that MMOs can be used for signals intelligence as well as human intelligence. In one document, GCHQ said that they found evidence that terrorists were logging onto WoWThe following are some examples of how to get started: Second LifeAccording to a joint report by the BBC and the Guardian, the British intelligence agency used an informant to track down targets. Second LifeBust online criminal gangs

The news was such a shocker at the time that companies, like Linden Labs, maker of Second LifeBlizzard is the creator of World of WarcraftTo deny the existence of any kind of government surveillance that was conducted with their consent.

When we look back at this story, almost a century later, there are still three unanswered questions: How did they do it? Why did they care? What was the result?

“Eyes in the Sky”

It is not the NSA that spies on Alliance guild meetings. World of Warcraft or even video games at large, but instead — as many stories of international espionage do — with the Cold War.

Following World War II the United States signed an agreement with Canada, Aotearoa & Australia and U.K. to share automatically all collected SIGINT. The UKUSA Agreement, colloquially known as the “Five Eyes,” established a network of listening posts at various points around the world, all pointed in the Soviet Union’s direction.

These listening posts evolved into digital data collection centers as nations deployed satellites. One of the many programs created during this period of technological shift was called “Echelon,” and its explicit goal was to monitor satellite communications networks.

Snowden’s documents have given us at least a glimpse of the use made of Echelon. Echelon began collecting huge amounts of data every day in 2006 at the height the war against terrorism. The data collected came from WoW, namely “country and time zone data, local IP addresses and realm server addresses,” according to the leaked documents linked above. GCHQ, the NSA and other agencies trained an open source packet sniffer named SNORT in order to sort out the data they had gathered. This method reportedly allowed the agencies to identify “accounts, characters, and guilds related to Islamic Extremist Groups, Nuclear Proliferation and Arms Dealing,” according to a particular leaked NSA document titled “Topic: Exploiting Terrorist Use of Games & Virtual Environments.”

The NSA released this document in 2007. It recommended a broader level of interagency collaboration. By the next year, the office of director of national intelligence Mike McConnell would be sending Congress a brief 15-page report of its own detailing data mining projects to be carried out by ODNI’s research division, IARPA. One of these projects, Project Reynard, aimed “to identify the emerging social, behavioral and cultural norms in virtual worlds and gaming environments” and “apply the lessons learned to determine the feasibility of automatically detecting suspicious behavior and actions in the virtual world.”

Stanford University was involved in this research from 2009-2012, as were Lockheed Martin and Palo Alto. ProPublica’s report about the Snowden leak states that the researchers who worked on the Reynard Project weren’t allowed to speculate how their research might be used.

The shadows of the night

Intuitively, spying on online games seems a bit silly. Most players use virtual worlds to relax and escape from reality. They don’t want it seeping into their lives. The idea that terrorists would be using those spaces to recruit, propagandize, and plan real-world attacks doesn’t inherently make a lot of sense, even in a “purely” social sim like Second Life. As King’s College cybersecurity researcher Timothy Stevens notes in his 2015 paper “Security and surveillance in virtual worlds: Who is watching the warlocks and why,” contemporary news reporting on so-called terrorism in online games along these lines was met with “hostility and derision from the online commentariat.”

“This scepticism was well founded: establishing direct connections between acts of ‘virtual’ vandalism and actual terrorism was as absurd as it was unsubstantiated,” he wrote. “Why would a jihadist group form a recognisable entity in a quasi-public space to wage an insurgency against the ‘government’ of Second LifeWhat is the basis for ‘experts’ claims that terrorists use virtual worlds to train and recruit? What was the basis for ‘expert’ claims that terrorists were using virtual worlds for training and recruitment?”

In the mid-2000s the United States and its allies — including the U.K. and some of its commonwealth states — were chest-deep into waging the war on terrorism and everything that entailed. For the U.K.’s part, in 2005 suicide bombers carried out a coordinated attack on London’s transit system, killing over 50 people and injuring hundreds more on the London Underground and bus system. Even if it was just a vague rumor, GCHQ and the NSA would still investigate.

Stevens believes that absurdity is what makes a statement. Spy agencies have learned that suspect extremists are tech-savvy, and they also know how to use good security measures. Games, where there is no expectation that anything should be taken serious, except perhaps in context with the story and lore of the game, can also lead to a lapse in security. According to one of the Snowden documents linked above, NSA analysts wrote, “These applications and their servers however, are trusted by their users and makes an connection [sic] to another computer on the Internet, which can then be exploited.”

After all, while many people see MMOs as separate sites where they can play, fight, and sometimes get rewarded with treasures, the intelligence communities saw and may still view MMOs, themselves, as treasures, which could be constantly plunder to gather fresh information on possible targets. The IC doesn’t see the “magic circle” of Azeroth or Eorzea or Linden World as a barrier, but rather, as a veil from the public’s critical gaze.

While the most damning revelations from the Snowden leaks — like the fact that Microsoft had been a participant in the PRISM program and GCHQ had considered spying on people through their Kinects — caused a long-term uproar, the forays into direct online game surveillance were taken less seriously, like in this clip of then-Daily ShowJon Stewart makes fun of government spying WoW. However, as more reports were released detailing the possible NSA/GCHQ spying in Angry BirdsIt seemed that the public’s outrage over this issue died almost as fast as it began.

Whispers from the crowd

Image: Blizzard Entertainment

While civil libertarians might balk at such flagrant exploitation of a public space and personal data, according to Stevens many members of the intelligence community fall into a “realist” position — where the “Internet’s basic characteristics” are “dangerously inimical to state interests” and “the global village becomes a virtual battlespace” — and thus are more likely to look past those issues, provided said exploitation produces results.

Did the programs get results, or was it a “virtual waste of time,” as one NBC headline called it in 2013?

We reached out to the NSA and GCHQ, along with various MMOs and Virtual World game companies. Six companies got back to us with a variation of Blizzard’s own statement to ProPublica and company from 2013: “We are unaware of any surveillance taking place. […] If it was, it would have been done without our knowledge or permission.” One company, Square Enix, did not respond to our request for comment.

Researchers like Stevens, who believe that surveillance continues despite the fact there is no documentation to support it.

“We can be certain that all virtual environments, of which MMOs are a small subset, will be subject to increased surveillance and monitoring in the name of security, particularly for the purposes of counterterrorism and domestic counter-subversion,” he wrote. “However MMOs evolve they are unlikely to be ignored by an intelligence community armed with research funds and powerful ‘big data’ analytics.”

What is also certain is that there is now a much larger “attack surface” for intelligence agencies to go after: more network-connected devices, more online games, bigger, more diverse audiences. If MMOs were enticing to spy agencies in the mid-2000s, they certainly haven’t become less so in 2023. And as Ben Egliston wrote at Wired in 2022, it’s never been easier for companies to collect mountains of player data independent of any government, down to special tools in the game engines themselves.

Watchers at night

What is the answer? You can also find out more about us on our website.What happened in the decade that spanned between Snowden’s leaks and now? Shortly, the world changed. The world has changed. While conventional warfare still follows the battle lines of former presidents Bush, Obama and Trump, on-line, there is a greater focus on domestic extremism than foreign terrorism. Alex Newhouse, the deputy director at Middlebury’s Center on Terrorism, Extremism, and Counterterrorism, has been researching right-wing acceleratorist networks that extend on platforms such as Roblox.

“The overall environment that we’re observing in the threat landscape is that there are a number of users who are using the social features of Roblox to basically create and propagandize elements that are associated with accelerationist violence,” he tells Polygon. He uses an example from a RobloxThe group adopts the name of an anti-communist white paramilitary organisation from 1970’s, and is affiliated with groups such as Patriot Front or Atomwaffen Division.

“One of the surprising aspects was just how robust all of these networks are; they’re pretty big,” Newhouse says. “They have a lot of propaganda built for the Roblox platform. They’re really creatively using the different features of RobloxTo do certain things. And the content moderation evasion tactics are really, really well developed.” In response, Newhouse says, RobloxIt has heavily invested in its safety and trust moderation team.

Roblox is a member of several tech industry organizations, like Tech Against Terrorism, the Christchurch Call, and the Global Internet Forum to Counter Terrorism, according to the company’s vice president of public affairs, Remy Malan. “We maintain a number of dialogues with people who study and track trends, and this helps us be informed on what’s happening in the real world,” Malan tells Polygon. “Because our view is if things are happening in the real world, then we need to be vigilant about people trying to bring those things onto Roblox itself.”

Malan said that Malan invests in app moderation and chat filtering as well as its reporting system. The company also trains the Trust and Safety team regularly on what to look out for.

The spokesperson for VRChat mentioned a similar system in place for its virtual world in an emailed statement, where a trust and safety team “uses a number of detection methods and investigative tools (both proactive and reactive) to locate and — when appropriate — remove extremist content from the service.”

A spokesperson for Linden Labs, the company that created Second Life, wrote: “Privacy and security are cornerstone values of Second Life. Over the past decade, we’ve enhanced our account security posture in numerous ways to prioritize the safety of our residents. Those enhancements include establishing increased identity verifications methods (including ‘Know Your Client’ procedures to better verify individuals during financial transactions), implementing enhanced identity verification methods, making improvements to our in-house tools to faster expose account threats, monitoring new behavior markers, using artificial intelligence to determine potential threats in real-time and implementing MFA (multi-factor authentication) across all accounts.”

If the government knocks, what will you do? Roblox VP Malan says, “If we get a subpoena request or other legal notice, then we’ll look at ‘can we comply with that,’ but we don’t do anything different than any other private entity would do.”

Ghosts of the Machine

Roblox Corporation

There’s something jarring, knowing that for at least a few years (and probably still to this day), the United States and the U.K. turned the eye of their surveillance apparatus onto the activity of random gamers; that money was spent and grants were doled out for research on the ways gamers interacted with each other and how they conceived of themselves in virtual space, which was then likely used to improve intelligence analysis on those games for that apparatus.

Playing online games often comes with a set of unconscious assumptions on the player’s part. One such assumption is that there is an inviolable “magic circle” where the “real” world can’t be permitted to penetrate, lest the illusion of the game be broken. We hear this the most when someone demands that critics and developers “keep politics out of my games!” Building on that assumption is one where there is an “imagined community” of gamers that transcends national allegiances and circumvents sociocultural problems like racism and colonialism — that is to say, while inside the magic circle, all players are unified by whatever goal the game has set for them.

And maybe most fundamentally, there’s the pervasive techno-libertarian notion that anything online — including and maybe екретне документ games — is by necessity a site of unmitigated individual freedom, especiallyFrom government interference. Any action that contradicts these assumptions can create a cognitive dissonance where the violation of game space seems absurd.

It seems that data gathering and surveillance by governments as well as corporations has been normalized. We have become used to the idea that someone, somewhere has been snooping around in our digital wake, to the point where a common joke on social media involves the teller’s personal FBI or NSA agent in the punchline. Our ironic reaction to this “panopticism,” as Michel Foucault put it, doesn’t make us immune to its effects.

“What [the NSA] will argue is that they don’t use this for nefarious purposes against American citizens; in some ways that’s true,” Edward Snowden said in an interview with Last Week Tonight’s John Oliver one year after the NSA leaks. “But the real problem is that they’re using these capabilities to make us vulnerable to them, and then saying, ‘While I have a gun pointed at your head, I’m not going to pull the trigger. Trust me.’”

The gun is not the only thing we should remember.