Wednesday, December 11, 2013

Follow The Money: Terrorism And RMT

"To the National Security Agency analyst writing a briefing to his superiors, the situation was clear: their current surveillance efforts were lacking something. The agency's impressive arsenal of cable taps and sophisticated hacking attacks was not enough. What it really needed was a horde of undercover Orcs."

I think that one's life experiences sometimes color a person's outlook at life.  I think we are seeing that in some of the coverage of the leak of classified documents by Edward Snowden about U.S. and British intelligence efforts targeting virtual worlds such as Second Life and World of Warcraft.  Some might think that looking for terrorists in a video game played by kids is foolish.  Others, more familiar with these settings, may wonder why anyone would want to conduct clandestine meetings where the game platform records conversations.

But then again, not very many people thought a group of terrorists would hijack multiple aircraft and fly them into buildings either.  In a world where the security apparatus wants to lock every threat down, people don't want to take a chance. To use an EVE Online analogy, would you want to explain to the President of the United States why a group of blood elves managed to suicide gank a high value target? 

However, since I'm older than Big Bird and never saw a game console until I was in high school, I have a slightly different perspective.  Having grown up during Watergate, I think back to that line from All The President's Men, "Follow the money."

Is there a money aspect to the story?  Of course.  Terrorists engage in money laundering to avoid the efforts of governments to seize their funds.  And what medium have criminals used for years to launder stolen money?  Virtual worlds.  So the fact that intelligence agencies are looking at virtual worlds is an old story.  In a paper presented to the International Cyber Resilience Conference in 2010, Angela Irwin and Jill Slay, both from the University of South Australia, looked at the possibility of terrorists laundering money through Second Life and World of Warcraft.  They concluded that...
"The constantly evolving nature of money laundering and terrorism financing requires that opponent’s strengths and weaknesses be constantly assessed at both technological and social levels as the degree of protection afforded to financial systems are merely temporary as investigators and anti-terrorism agencies continue to find themselves one step behind a constantly transforming adversary. The development of a practical typology, a strategic and tactical orientation, can guide homeland security professionals and investigators in identifying, assessing and defeating opponents. 

"Although real-world financial regulations do not currently extend to virtual environments, there is growing momentum for this to change. It can reasonably be assumed that, in time, virtual environments will be subject to the strict compliance laws and regulations faced by their real-world counterparts. Therefore, it is vital that pattern recognition techniques and suspicious behaviour maps, rule bases and models already be determined and systems designed to automatically detect potential money laundering and terrorist financing activities to ensure their transition into the virtual world is as smooth as possible."
I write extensively about game companies' war on illicit RMT, but thinking about governments joining the war is a little scary.  Yet, if we see the actions of the U.S. and British intelligence agents as a huge anti-RMT operation looking for a specific type of operator, I find the activities described in the Snowden leak as more logical.

The question some may wonder is: can RMT, whether through the use of Linden dollars in Second Life or the illicit secondary market for WoW gold, really fund terrorist operations?  In the scenario envisioned by Irwin and Slay, the process would involve credit card fraud.
  1. Acquire a stolen credit card number.
  2. Create a new account using a prepaid card on a massively multi-player online game with an active gold farming market, which allows both buying and selling of game currency.  It is important that the virtual goods can be bought and sold.
  3. Go to the gold farming sites and purchase the money with the stolen card and have it transferred to the new account.
  4. Log on with a second account that has been purchased with a different credit card or prepaid gift card so both accounts are logged on at the same time.
  5. Transfer the money from the first account to the second and then delete the first account.
  6. Now sell the money to a place different from where it was purchased and have the proceeds transferred to a new bank account.
That type of fraud would not stand out as unusual in today's world.  Back in January 2008, Sony Online Entertainment CEO John Smedly told Massively that credit card fraud and chargebacks had cost SOE over $1 million over the previous six months.  And Scott Hartsman, now the CEO of Trion Worlds, told Gamasutra in July 2011...
"Where you go buy gold from a disreputable gold site, and they say 'thank you' and deliver your gold, and sell your credit card number, or start registering accounts with your credit card.
"It's those kinds of things where people laugh and go, 'Oh, that never happens.' No. It happens. It happens a shitload. To the point where, over the last three or four years, I would dare anybody to ask an exec at a gaming company how much they've had to pay in Master Card and Visa fines, because of fraud. It happens a lot."
Just how much could a terrorist cell engaged in credit card fraud make in a money laundering operation involving MMOs make?  Marcus Eikenberry, the owner of the game time code selling site, related a story from 2002 of how the Russian mafia would use stolen credit cards to purchase Ultima Online 90-day game codes from the EA store and turn around and sell them at half-price to the general public.  He calculated that EA probably lost around $600,000 from the credit card fraud, meaning that the Russians probably pocketed around $300,000.

But is this story just an aberration or is the illicit RMT market just this big?  In 2007, the Helsinki Institute for Information Technology's Tuukka Lehtiniemi and Vili Lehdonvirta estimated that the combined primary and secondary RMT markets were over $2 billion, with the secondary market in the West valued at $285 million.

Based on recent events, the value of the secondary RMT market has probably increased over the past 7 years.  In an anti-botting/RMT operation conducted in Final Fantasy XIV: A Realm Reborn in September 2013, Square Enix seized 367.7 billion gil from botters/illicit RMTers worth an estimated $2.5-$4.2 million on the illicit secondary market.  And Jagex, makers of the browser-based MMORPG Runescape, also in September estimated that in-game currency with a secondary market value of $60,000-$70,000 was sent to the illicit RMT sites every month.

But is this enough to finance terrorist operations.  According to a report on the website of the Council of Foreign Relations, the answer is yes.  While al-Quaeda may have spent as much as $500,000 on the 9/11 attacks, the 2002 bombing of a Bali nightclub cost about $50,000, the 2004 Madrid train bombing cost an estimated $10,000-$15,000 to conduct and the 2005 attacks on London's mass transit system cost about $2,000.

So far no money laundered through an MMO has helped finance a terrorist attack.  According to the CFR report the biggest sources of funding for terrorist organizations are charities, the illicit drug trade and money laundering though legitimate businesses.  Also, the money laundering that does occur is in the more traditional forms of transfers as well as using the hawala system.

Am I too focused on the subject of RMT and ignoring such benefits to intelligence organizations as the identification of human targets to either flip or track?  Perhaps.  But I'm struck by the Pro Publica article that mentioned "Operation Galician," an effort that cracked down on a crime ring that had moved into virtual worlds to sell credit card information.  As that is basically the only solid benefit I saw while researching this article, I'll believe that a focus on credit card fraud is a valid approach to take. But taking my "follow the money" approach, I don't see any evidence presented of a link between MMOs and terrorism.  At most I see that some terrorists may like to play computer games.

Expanding beyond the financial angle, is this effort by U.S. and British intelligence agencies really designed to prevent terrorist acts?  While the people releasing the data have their own biases, the information available currently indicates the answer is no.  I see the effort as a fishing expedition with the fight against terror a handy excuse to justify more intrusions into people's lives.  If I had to reach into literature, I would compare this efforts to the early years of Jerry Pournelle's CoDominium series.  That, for those unfamiliar with Pournelle's work, is not flattering.  Then again, the desire to collect every bit of information on everyone on the off-chance the information could come in handy isn't exactly a pretty picture either.


  1. I would expect the fascists to be also be highly interested in the conversations that spin off from Teamspeak and Mumble when people get together in-game and use those tools to talk.

    I am quite certain that pretty much every Teamspeak server is now monitored and every word said on them recorded, and the user IP addresses tracked back.

    If the u.s. can gather and keep meta-data on every phone call, they sure as hell can keep track of 3rd party VoIP sites.

    As for the RMT, that overall size you stated give some pause. Just how big of that RMT pie involves Eve ISK? To suggest that the null sec cartel leaders are NOT making real big money from the trillions of ISK monthly cash flows they control is beyond naive.

    1. You see, now you've mentioned the Null sec cartels, I have an image of a terrorist financial group cursing the CFC's ownership of large tracts of space, which can be used to fund their own operations. This means that Goonswarm, the self-proclaimed terrorists of New Eden, might be in direct opposition to real world terrorists... and unwittingly fighting against them in the cause of 'lolz' and 'tear farming'.

      Unlikely, but... I'm not sure how to feel about that.

  2. Nosy,

    What about those young Somali teenagers Al Shabaab likes to recruit? Could the real spies be looking for online recruitment done through video games? Seems plausible to me - not that I agree with what the NSA and other's are doing. They have overstepped their bounds IMO, and lack a public mandate to do what they are doing. I'm former military with a specialty in nukes and my view on security is broader than most people, but what Snowden reveals is far beyond anything I'd think of as prudent and necessary. Small digression there. Forgive me? :p

    1. Actually that is one of the original fears; that terrorists would recruit in the games. Apparently MMO players in the West don't make good recruits.