Archive for the ‘NSA’ Category

Years ago, the NSA spied on World of Warcraft how have things changed since? – Polygon

It sounds like the plot of a Bush-era young-adult spy thriller: as millions of players raided their way through Azeroth from 2006 to at least 2013, Western intelligence agencies like the NSA and the British Government Communications Headquarters were working out ways to surveil and build informant networks to keep tabs on suspected Islamic extremists in World of Warcraft.

WoW wasnt the NSAs only target: Together with GCHQ, the NSA also turned its eye toward social MMO Second Life, Microsofts original Xbox Live chat service, and other popular Games and Virtual Environments.

We know this today because of former NSA contractor turned whistleblower Edward Snowden, who worked with newspapers The Guardian and The New York Times, as well as investigative nonprofit ProPublica, to release a trove of classified documents from the agency in 2013.

According to the leaked documents, MMOs were fertile grounds for exploitation along both signals intelligence and human intelligence lines. In one such document, GCHQ claimed that it had found clear evidence of suspected terrorists logging into WoW and Second Life, correlating usernames and IP addresses to targets, and according to the joint news report, the British spy agency had even used an informant in Second Life to bust an online crime ring.

At the time, the story was a bombshell, prompting companies like Linden Lab, the maker of Second Life, and Blizzard, the developer of World of Warcraft, to deny that any government surveillance was happening with their knowledge.

Looking back on this story almost a decade later, three questions remained unclear: How did the NSA do it? Why did it care? And what did it accomplish?

The story of NSA analysts snooping on Alliance guild meetings begins not with World of Warcraft or even video games at large, but instead as many stories of international espionage do with the Cold War.

After World War II, the United States entered into an agreement with the U.K. and commonwealth countries Canada, Aotearoa, and Australia, to automatically share all SIGINT data the constituent nations collected with each other. The UKUSA Agreement, colloquially known as the Five Eyes, established a network of listening posts at various points around the world, all pointed in the Soviet Unions direction.

As nations began deploying satellites and computer networks emerged, these listening posts became digital information collection centers. One of the many programs created during this period of technological shift was called Echelon, and its explicit goal was to monitor satellite communications networks.

Thanks to the documents Snowden leaked, we have at least one idea of how Echelon was used. By 2006, at the height of the war on terrorism, Echelon was collecting large quantities of data from around the world every day. Some of the data being scooped up came from WoW, namely country and time zone data, local IP addresses and realm server addresses, according to the leaked documents linked above. GCHQ and the NSA trained an open-source packet sniffer called SNORT to separate that data from the rest of the information pile they pulled in. This method reportedly allowed the agencies to identify accounts, characters, and guilds related to Islamic Extremist Groups, Nuclear Proliferation and Arms Dealing, according to a particular leaked NSA document titled Topic: Exploiting Terrorist Use of Games & Virtual Environments.

In this document, released in 2007, the NSA recommended broader interagency cooperation. By the next year, the office of director of national intelligence Mike McConnell would be sending Congress a brief 15-page report of its own detailing data mining projects to be carried out by ODNIs research division, IARPA. One of these projects, Project Reynard, aimed to identify the emerging social, behavioral and cultural norms in virtual worlds and gaming environments and apply the lessons learned to determine the feasibility of automatically detecting suspicious behavior and actions in the virtual world.

This research project lasted from 2009 to 2012 and included work from Stanford University, Lockheed Martin, and the Palo Alto Research Center. According to the ProPublica report on the Snowden leak, researchers involved with the Reynard Project were asked not to speculate on how their research would be used.

Spying on online games intuitively seems kind of silly. For most players, the virtual worlds they visit in their downtime or as a hobby are escapes from the pressures of reality, not doorways through which that reality can seep in. The idea that terrorists would be using those spaces to recruit, propagandize, and plan real-world attacks doesnt inherently make a lot of sense, even in a purely social sim like Second Life. As Kings College cybersecurity researcher Timothy Stevens notes in his 2015 paper Security and surveillance in virtual worlds: Who is watching the warlocks and why, contemporary news reporting on so-called terrorism in online games along these lines was met with hostility and derision from the online commentariat.

This scepticism was well founded: establishing direct connections between acts of virtual vandalism and actual terrorism was as absurd as it was unsubstantiated, he wrote. Why would a jihadist group form a recognisable entity in a quasi-public space to wage an insurgency against the government of Second Life, let alone to pursue more nefarious ends? What was the basis for expert claims that terrorists were using virtual worlds for training and recruitment?

In the mid-2000s the United States and its allies including the U.K. and some of its commonwealth states were chest-deep into waging the war on terrorism and everything that entailed. For the U.K.s part, in 2005 suicide bombers carried out a coordinated attack on Londons transit system, killing over 50 people and injuring hundreds more on the London Underground and bus system. Even if all there had been was a vague rumor that suspected terrorists were using these games and virtual spaces to organize, GCHQ, to say nothing of the NSA, was likely to check it out.

According to Stevens, the absurdity is the point. Spy agencies know that suspected extremists operating online are both tech-savvy and aware of good operational security practices. But games, places where nothing is inherently supposed to be taken seriously except maybe in the context of the in-world lore and story, are also places where one might inherently let their guard down. According to one of the Snowden documents linked above, NSA analysts wrote, These applications and their servers however, are trusted by their users and makes an connection [sic] to another computer on the Internet, which can then be exploited.

In short: While many see MMOs as sites separate from their daily lives, where they play and fight and occasionally get rewarded for their efforts with treasure, the intelligence community saw (and potentially still sees) MMOs themselves as the treasure, to be continuously plundered for fresh data on potential targets. The IC doesnt see the magic circle of Azeroth or Eorzea or Linden World as a barrier, but rather, as a veil from the publics critical gaze.

While the most damning revelations from the Snowden leaks like the fact that Microsoft had been a participant in the PRISM program and GCHQ had considered spying on people through their Kinects caused a long-term uproar, the forays into direct online game surveillance were taken less seriously, like in this clip of then-Daily Show host Jon Stewart making fun of the government for spying in WoW. Even as follow-up reports came out, like one detailing possible NSA/GCHQ surveillance in Angry Birds, it seemed like public outcry over this died as quickly as it erupted.

World of Warcraft: Legion

Image: Blizzard Entertainment

While civil libertarians might balk at such flagrant exploitation of a public space and personal data, according to Stevens many members of the intelligence community fall into a realist position where the Internets basic characteristics are dangerously inimical to state interests and the global village becomes a virtual battlespace and thus are more likely to look past those issues, provided said exploitation produces results.

Did the programs get results, or was it a virtual waste of time, as one NBC headline called it in 2013?

We asked the NSA and GCHQ for comment, as well as various companies who publish MMOs and virtual world games. Six companies got back to us with a variation of Blizzards own statement to ProPublica and company from 2013: We are unaware of any surveillance taking place. [...] If it was, it would have been done without our knowledge or permission. One company, Square Enix, did not respond to our request for comment.

While no new documentation has come to light concerning attempts by spy agencies to snoop on games, researchers like Stevens believe surveillance has continued.

We can be certain that all virtual environments, of which MMOs are a small subset, will be subject to increased surveillance and monitoring in the name of security, particularly for the purposes of counterterrorism and domestic counter-subversion, he wrote. However MMOs evolve they are unlikely to be ignored by an intelligence community armed with research funds and powerful big data analytics.

What is also certain is that there is now a much larger attack surface for intelligence agencies to go after: more network-connected devices, more online games, bigger, more diverse audiences. If MMOs were enticing to spy agencies in the mid-2000s, they certainly havent become less so in 2023. And as Ben Egliston wrote at Wired in 2022, its never been easier for companies to collect mountains of player data independent of any government, down to special tools in the game engines themselves.

So what did happen in the decade between the Snowden leaks and today? In short: The world changed. While most conventional war still takes place along battle lines drawn by former Presidents Bush, Obama, and Trump, online the overriding threat has shifted away from a focus on foreign terrorism and toward domestic extremism. Researchers like Alex Newhouse, deputy director of the Center on Terrorism, Extremism, and Counterterrorism at Middlebury, have been studying right-wing accelerationist networks as they extend to platforms like Roblox.

The overall environment that were observing in the threat landscape is that there are a number of users who are using the social features of Roblox to basically create and propagandize elements that are associated with accelerationist violence, he tells Polygon. He cites an example of a Roblox group taking on the name of a 1970s-era white power paramilitary organization, as well as groups affiliated with Patriot Front and Atomwaffen Division.

One of the surprising aspects was just how robust all of these networks are; theyre pretty big, Newhouse says. They have a lot of propaganda built for the Roblox platform. Theyre really creatively using the different features of Roblox to do certain things. And the content moderation evasion tactics are really, really well developed. In response, Roblox says it uses a mix of staff and state-of-the-art automated machine learning technology to track and remove extremist content, and that it is very unlikely [players who dont seek it out] would be exposed to such content on our platform.

Roblox is a member of several tech industry organizations, like Tech Against Terrorism and the Christchurch Call, according to the companys vice president of public affairs, Remy Malan. We maintain a number of dialogues with people who study and track trends, and this helps us be informed on whats happening in the real world, Malan tells Polygon. Because our view is if things are happening in the real world, then we need to be vigilant about people trying to bring those things onto Roblox itself.

Additionally, Malan says the company invests resources into app moderation, chat filtering, and its reporting system, as well as regular training for the trust and safety team on new trends to be on the lookout for.

A spokesman for VRChat mentioned a similar system in place for its virtual world in an emailed statement, where a trust and safety team uses a number of detection methods and investigative tools (both proactive and reactive) to locate and when appropriate remove extremist content from the service.

And in a similar vein, a spokesman for Linden Lab, creator of Second Life, wrote: Privacy and security are cornerstone values of Second Life. Over the past decade, weve enhanced our account security posture in numerous ways to prioritize the safety of our residents. Those enhancements include establishing increased identity verifications methods (including Know Your Client procedures to better verify individuals during financial transactions), implementing enhanced identity verification methods, making improvements to our in-house tools to faster expose account threats, monitoring new behavior markers, using artificial intelligence to determine potential threats in real-time and implementing MFA (multi-factor authentication) across all accounts.

And if the government comes knocking? Roblox VP Malan says, If we get a subpoena request or other legal notice, then well look at can we comply with that, but we dont do anything different than any other private entity would do.

Roblox

Image: Roblox Corporation

Theres something jarring, knowing that for at least a few years (and probably still to this day), the United States and the U.K. turned the eye of their surveillance apparatus onto the activity of random gamers; that money was spent and grants were doled out for research on the ways gamers interacted with each other and how they conceived of themselves in virtual space, which was then likely used to improve intelligence analysis on those games for that apparatus.

Playing online games often comes with a set of unconscious assumptions on the players part. One such assumption is that there is an inviolable magic circle where the real world cant be permitted to penetrate, lest the illusion of the game be broken. We hear this the most when someone demands that critics and developers keep politics out of my games! Building on that assumption is one where there is an imagined community of gamers that transcends national allegiances and circumvents sociocultural problems like racism and colonialism that is to say, while inside the magic circle, all players are unified by whatever goal the game has set for them.

And maybe most fundamentally, theres the pervasive techno-libertarian notion that anything online including and maybe especially games is by necessity a site of unmitigated individual freedom, especially from government interference. Anything that rubs against those assumptions creates a kind of cognitive dissonance, where such violation of the game space is simply too ridiculous to be possible.

At the same time, it seems as though surveillance and data collection, by corporations as well as governments, has become thoroughly normalized. We have become used to the idea that someone, somewhere has been snooping around in our digital wake, to the point where a common joke on social media involves the tellers personal FBI or NSA agent in the punchline. Our ironic reaction to this panopticism, as Michel Foucault put it, doesnt make us immune to its effects.

What [the NSA] will argue is that they dont use this for nefarious purposes against American citizens; in some ways thats true, Edward Snowden said in an interview with Last Week Tonights John Oliver one year after the NSA leaks. But the real problem is that theyre using these capabilities to make us vulnerable to them, and then saying, While I have a gun pointed at your head, Im not going to pull the trigger. Trust me.

We would do well not to forget the gun, much less the fingers on the trigger.

Update: We have added details of Robloxs moderation policies to this story, and have removed a reference saying Roblox is a member of the Global Internet Forum to Counter Terrorism Roblox works with GIFCT, but is not a member.

Read more

Original post:
Years ago, the NSA spied on World of Warcraft how have things changed since? - Polygon

Reality Trailer: Sydney Sweeney Is In Trouble As NSA Whistleblower Reality Winner – /Film

The footage focuses very prominently on Sweeney's face, looking like a ghost, sort of like her life is over. In many ways (not to spoil it) it probably is. We see men with badges going through her things, taking pictures, and bagging up items. It's clear someone believes a crime was committed, and it's probably every otherwise upstanding citizen's worst nightmare. To provide a bit more context, here is the synopsis for the film that was provided by the Berlin Film Festival ahead of its premiere:

The social media profile of a young woman includes pictures of her pets, her friends, and her exercise routine. But on June 2, 2017, the posts come to an end. This film begins on the following day and contains verbatim dialogue from the unedited transcript of an FBI audio recording. The audience witnesses the protagonist played by Sydney Sweeney arriving at her home in Georgia, only to be met by two men outside who politely inform her that they have a search warrant. What follows is a chamber piece focusing on the interrogation of whistle-blower Reality Winner and the search of her home.

The minimal cast also includes Josh Hamilton as Agent Garrick and Marchnt Davis as Agent Taylor. Tina Satter is in the director's chair, making her feature directorial debut. Meanwhile, Sweeney is becoming a real mainstay at HBO between this film as well as her roles on "Euphoria" and "The White Lotus." Plus, she's starring in Sony's "Madame Web" movie next year. Sweeney is undoubtedly having one heck of a moment.

"Reality" premieres May 29 on Max.

Here is the original post:
Reality Trailer: Sydney Sweeney Is In Trouble As NSA Whistleblower Reality Winner - /Film

NSA Part of Coalition Highlighting Cybersecurity Best Practices for … – National Security Agency

FORT MEADE, Md. - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) are partnering with international partners cybersecurity agencies to publish cybersecurity best practices for smart cities, which integrate public services into a connected environment to increase efficiencies and improve the quality of life in various communities.Seven agencies from five countries has published the Cybersecurity Information Sheet, Cybersecurity Best Practices for Smart Cities, highlighting how the integration of operational technology into a connected environment has many benefits, but can also be an attractive target for malicious cyber actors to steal critical infrastructure data and proprietary information, conduct ransomware operations, or launch destructive cyberattacks.

The report examines risks deriving from three areas: a large interconnected attack surface, the ICT supply chain and vendors, and the automation of infrastructure operations.

The authoring agencies also provide recommendations to help organizations balance efficiency and innovation with cybersecurity, privacy protections, and national security. They recommend that organizations implement these best practices to ensure the safe and secure operation of infrastructure systems, protection of citizens private data, and security of sensitive government and business data.

Read the full report.

View CISA's resource library for this report.Visit our full library for more cybersecurity information and technical guidance.

NSA Media RelationsMediaRelations@nsa.gov443-634-0721

Read the original here:
NSA Part of Coalition Highlighting Cybersecurity Best Practices for ... - National Security Agency

NCSC-UK, NSA, and Partners Advise about APT28 Exploitation of … – National Security Agency

FORT MEADE, Md. - The National Security Agency (NSA) has partnered with the UKs National Cyber Security Centre (NCSC), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) to publish a joint Cybersecurity Advisory (CSA) report on the tactics, techniques, and procedures (TTPs) associated with APT28s exploitation of Cisco routers.

APT28 is also known as the Russian General Staff Main Intelligence Directorate (GRU) 85th Special Service Center (GTsSS) military intelligence unit 26165, Fancy Bear, STRONTIUM, Pawn Storm, the Sednit Gang, and Sofacy.

The transatlantic coalition published the APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers CSA indicating that APT28 cyber actors masqueraded Simple Network Management protocol (SNMP) to exploit CVE-2017-6742 (Cisco Bug ID: CSCve54313) and access vulnerable Cisco routers worldwide. This included U.S. Government institutions, approximately 250 Ukrainian victims, and a small number based in Europe.

These cyber actors continue to leverage a known vulnerability to exploit unpatched Cisco routers to conduct reconnaissance and deploy malware to enable unauthenticated access. See NCSCs Jaguar Tooth malware analysis report for details.

SNMP is designed to allow administrators to monitor and configure network devices remotely, but it can also be misused to obtain sensitive network information and, if vulnerable, exploit devices to penetrate a network.

The authoring agencies recommend following the mitigation advice to defend against this malicious activity and identify indicators of compromise (IoCs) to detect possible activity in networks.Read the full report here. Visit our full library for more cybersecurity information and technical guidance.

NSA Media RelationsMediaRelations@nsa.gov443-634-0721

Continued here:
NCSC-UK, NSA, and Partners Advise about APT28 Exploitation of ... - National Security Agency

Past leaks have exposed NSA surveillance, Guantanamo ops – NewsNation Now

Tyler Wornell and Steven Joachim

6 days ago

The National Security Agency (NSA) is shown 31 May 2006 in Fort Meade, Maryland, a suburb of Washington, DC. The National Security Agency/Central Security Service is Americas cryptologic organization. It coordinates, directs, and performs highly specialized activities to protect US government information systems and produce foreign signals intelligence information. AFP Photo/Paul J. Richards (Photo by Paul J. RICHARDS / AFP) (Photo by PAUL J. RICHARDS/AFP via Getty Images)

(NewsNation) An Air National Guardsman has been arrested for allegedly leaking more than 100 classified documents about the war in Ukraine in whats become one of the major intelligence disclosures in recent years.

The investigation has drawn comparisons to the Edward Snowden case, but former prosecutors see greater parallels with the 2018 prosecution of defense contractor Reality Winner. She was sentenced to more than five years for leaking an intelligence report about Russias interference in the 2016 elections.

Winner shared the information with the media and served more than four years in prison before being released. The documents relating to Ukraine and other intelligence gathered by the United States was initially confined to a small online chat group on the messaging platform Discord.

Heres a brief history of major intelligence leaks over the past 15 years and what they exposed:

Read more:
Past leaks have exposed NSA surveillance, Guantanamo ops - NewsNation Now