Schneier on Security
A blog covering security and security technology.
« FAA Badges Missing |
| German Courts Rule on Spying in Cyberspace »
March 11, 2008
Searching for Terrorists in World of Warcraft
So, you're sitting around the house with your buddies, playing World of Warcraft. One of you wonders: "How can we get paid for doing this?" Another says: "I know; let's pretend we're fighting terrorism, and then get a government grant."
Having eliminated all terrorism in the real world, the U.S. intelligence community is working to develop software that will detect violent extremists infiltrating World of Warcraft and other massive multiplayer games, according to a data-mining report from the Director of National Intelligence.
You just can't make this stuff up.
EDITED TO ADD (3/13): Funny.
Posted on March 11, 2008 at 2:42 PM
• 43 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
> will begin with observational studies
> to establish baseline normative
Makes sense. You've got to know what's expected if you want to wage war on the unexpected.
And hey, how did that "war on poverty" turn out? I never got the memo.
Sounds logical to me. A simulation is a good place to test profiling algorithms, and a public simulation is good because it has a lot more noise than one crafted for the specific purpose. They can introduce their own avatars with specific intent and test whether the software can pick them out.
Well, we _can't_ allow a Warcraft gap...
It is the two headed dragon or the bouncing smiley face? Kinda hard to profile when everyone is made up...and the 30 year old guy is pretending to be a 14 year old girl (now that's normal)
Also..is it terrorisim if you blow up a virtual building with virtual people in a virtual world.
Before that they claimed it was first person shooters were being used to train terrorists. Before that Role Playing Games. Before that some other popular activity that was easily demonized.
Heinlein predicted that everyone would go nuts around the start of the century, followed by a takeover by a theocracy. The first part has come true. I just hope he was wrong about the second. (Though looking at the Bush administration you could argue for both insanity and theocracy.)
"baseline normative behaviors" ...
On an MMRPG? Uh, these guys do know what they are getting into, don't they???
So within WoW you can take photographs of CCTV cameras?
Ok, someone is seriously on the crack pipe for this one. "normative behavior in MMOs?"
I'm not sure which part to laugh at first. The part in which we measure normal in a semi-anonymous, violent world of dragons and faires or the part where they try to balance out a male in his late 30s playing a female wood elf to get free stuff from every 14 year old male that plays the game.
I suppose this makes it fairly easy to prove you are not a terrorist, I mean really, who has pointed ears and can cast balls of fire out their fingers? And if you could, how would the TSA Stop you? :)
To quote a friend, "These aren't the Crazy Years, these are the Utterly Barking Insane Years."
"You just can't make this stuff up."
Charlie Stross already did in his most recent novel "Halting State".
Fighting them over there so we don't have to fight them here!
Actually, once AQ gets into WoW they won't have time or bandwidth to do anything else.
There are a bunch of guys in EVE - goonswarm that have a wing doing JihadSwarm. They go and suicide in battleships in order to blow up miners! LOL
It sounds like a hard problem to figure out how to sort 'normal 'from 'suspicious' behaviors in World of Warcraft with sufficient clarity that particular motives can be accurately detected. In large multiplayer games, people's behavior is less constrained in some ways, and significantly more constrained in others. It sounds like a decent testbed for determining the usefulness of profiling, though. How about we take the entire budget for "Knowledge Discovery and Dissemination" and give it to "Reynard"? If they can't get useful results out of the virtual world, I'd rather they not experiment on the real one.
I very much like the fact that this is 'unclassified' research, and intended for publication. I think it will be instructive regardless of the outcome.
@ alan: "Heinlein predicted that everyone would go nuts around the start of the century, followed by a takeover by a theocracy. The first part has come true."
Actually Heinlein's Crazy Years start in the 60's and run up to the end of the century. He says himself somewhere in the 70's ("Expanded Universe"?) "these are the Crazy Years". But he made the original prediction around 1940 - during WW II. This sounds more prescient than it probably is.
The French used the term "the crazy years" to describe the period between the World Wars, particularly the 20's (http://www.cbc.ca/documentaries/sincities/paris.html), and Heinlein probably "smouched" the term and the concept from them, assuming (for the sake of his science fictional "future history") that there would be a licentious period after WW II, followed by a reaction (which was expressed in Europe by the rise of the fascist dictatorships and in Heinlein's future history by the rise in the US of a religious dictatorship). Life followed art and Heinlein scored points for his prescience.
@ Bruce Scheier: "You just can't make this stuff up." Well, actually, people have, repeatedly. Video games became flight simulators for real life pilots. Virtual Reality became a tool for chemists and architects. I even vaguely recall a science fiction story where video gamers were recruited as ready-trained gunners to repell an alien invasion (and clearly recall Marty McFly's able transition of shooting skills from 20th arcade games to 18th Century games in "Back to the Future Part III").
Making it up is easy. The hard part is to anticipate which imaginative flight of fancy is going to become plodding reality.
OK, I'm SURE that some group some where is meeting in some online game to plot some evil act. Online forums of any sort get used in many ways.
But I can't think of any bigger waste of time that looking for terrorists in this way. Large groups of people meet to plan massive death and destruction all the time in games like this - the false positives would be constant, and quite embarassing.
SL said the first terrorist,
response from other terrorists in game role island at SL...
You idiot this is Sex Life Island...
no terrorism training going on here.
I hope they infiltrate BF2 next. I've seen terrorists strap c4 to their vehicles, then drive into a crowd of virtual soldiers before taking them all out. And they have tanks and quite an arsinal.
Anyone got a number for Reynard ?
I want to do profiling research into terrorist activity at strip bars, lap dancing clubs and porn sites. While I'm at it, I'll keep a record of anyone looking like Osma.
It could take years, but WE CAN'T LET THE TERRORISTS WIN !
If anyone wants to sponsor me directly, please just paypal email@example.com
In return, I will send you a rock that protects you from all pixies, even the invisible ones - they are the worst!
....I think the phrase for me is "conveniently patriotic".
A typo. In my earlier comment, for "18th century" (1701-1800) read "19th Century" (1801-1900).
You know, my cat is sitting here looking very suspicious. He does all sorts of strange things at night and keeps weird hours. There's also this strange powder substance that he digs around in... Can I get a grant to study if he's a threat to national security?
With a name like Reynard, my guess is that they're just claiming/leaking that they're doing this for some sort of distraction/underestimation/etc. I mean US intelligence agencies are pretty mind-bogglingly wasteful and stupid, but this seems beyond even them.
"You just can't make this stuff up."
Actually, yes you can. Check out Charles Stross' "Halting State". Good book, I recommend it.
Me, I'm just hoping that some of his other books don't start comming true. Like "The Atrocity Archives".
In my opinion, terrorists would have to be crazy to use pay to play virtual worlds to connect with each other.
Why? virtual worlds, like WoW, are a service offered by a corporation. As such the service and its associated data and intellectual property is *theirs* and not *ours*.
At least one California court agrees, and yes, that includes all of the game data associated with your account(s).
That case tested ownership of virtual property within game world, but I can easily see that legal logic extended to other game data such as within game chat conversation logs...
The opportunities for central monitoring without judicial oversight are limitless.
Also, the low latency nature of their client/server connections preclude the use of onion routing and related tech.
Result: There is not even the illusion of privacy, and its associated rights, in the context of such virtual worlds.
They also want credit cards! and yes, they track customers' IP addresses.
Maybe that is the real benefit for the spies? Less of that nasty oversight by pesky judges...
PS: I have three level 70 WoW toons.
"Having eliminated all terrorism in the real world, ..."
that's all I'm saying.
Have you heard of this:
"Under normal circumstances, knowing the encryption algorithm allows a hacker to perform a brute-force attack in which every possible key is entered until the correct combination unlocks the scrambled code. But that would have taken days, given Mifare Classic's key length of 48 bits.
The research team, which also included Henryk Plötz and an individual who goes by the moniker Starbug, soon found out that Cypto1 has a flaw that causes it to produce cryptographically weak outputs. The weakness allows them to make intelligent guesses about the possible key by swiping the smartcard against an RFID reader and observing the data that reader sends back."
If the people running the Intelligence operations were responsible/realistic/reasonable regarding this front on the war against.. (oops) War Against Terrorism(tm) by not funding WoW teams, they have to also not fund the dolphin with explosives programs, the ESP remote vision programs, etc, etc, etc...
That, and maybe there are office pools to see who can have the wackiest program approved.
As a former gamemaster for an online game (Simutronics Corp.), exactly what is normative behavior for a game? We had our share of disruptive players as well as 'serious' players.
So do we follow the disruptive types, because they're disturbing, anti-social elements?
Or do we follow the organized, serious hunting parties, because they're practicing military-style discipline?
Do we follow the loners/solo-hunters?
And at what point does the phrase 'Lich King' become a codeword for 'I'd like to blow up a skyscraper'?
How about monitoring the rapidly-scrolling chat in the lobby areas of multiple channels on different servers? Is an offer to speed-level your character really a secret invitation to an al-Qaeda training camp?
Laughable, until you think about it, and then it's just sad.
Shouldn't be too hard to find the terrorists. Look for characters walking around with a vest of mulitple fireballs, a ring of water breathing (for virtual water boarding) and a vorpal blade/+5 against defenseless victims....
Don't you miss the old days when D&D was simply considered witchcraft and satan worship? Gyfax is rolling over...
Yeah, D&D was going to be the gateway sin that led unsuspecting teenagers to become devil-worshipping thugs. Ain't happened yet, and I'm closer to retirement than I am my teenage days.
And I hope the clowns thinking their going to find terrorists online understand that once word of this gets out, there will be players who deliberately seek to spike their 'normalized behavior' read.
I'm more worried that the package contains other initiatives, such as video/facial recognition. Now, it's a sure bet they're not looking for Verne Troyer's avatar on WoW, so perhaps they're thinking of poring through files on YouTube, photos on MySpace, and other silliness. (As if real, effective terrorists are going to film their training and post the vid on YouTube. Why not just put the president on MySpace or Facebook and troll the friends list?)
It sound like they're counting on a) the image of the gamer/geek as disenfranchised loners (school shooters), and more amorphous fear of teh Internets.
I guess if we can't find Terrorists, we will have to manufacture them.
"I guess if we can't find Terrorists, we will have to manufacture them."
Good thing the D20 license is open source ...
Maybe it's a long-delayed attempt to justify this incident:
U.S. News & World Report
May 17, 2004
It was the lead item on the government's daily threat matrix one day last April. Don Emilio Fulci, described by an FBI tipster as a reclusive but evil millionaire, had formed a terrorist group that was planning chemical attacks against London and Washington, D.C. That day even FBI director Robert Mueller was briefed on the Fulci matter. But as the day went on without incident, a White House staffer had a brainstorm: He Googled Fulci. His findings: Fulci is the crime boss in the popular video game Headhunter. "Stand down," came the order from embarrassed national security types.
And don't forget this one:
"Was an elite congressional intelligence committee shown video footage from an off-the-shelf retail game and told by the Pentagon and a highly-paid defense contractor that it was a jihadist creation designed to recruit and indoctrinate terrorists? It's looking more and more like that is the case.
"The video began with the voice of a male narrator saying, 'I was just a boy when the infidels came to my village in Blackhawk helicopters...' Several GP readers immediately noticed that the voice-over was actually lifted from [the movie] Team America: World Police.
I like the one link that said: buy the terrorists a Wow subscription, that stuff is like crack, will keep them off the streets for months.
If you read the ODNI report to congeress, http://www.dni.gov/reports/... you will see that the project involving MMORPG is only a seedling effort to study social dynamics in virtual worlds and gaming environments. Only if it proves useful will they make it a full fledged project that will continue.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.