Cellphone data tracking and online activity monitoring may be the “mainstream” ways the feds are tracking potential terrorist activities, but there is another more unassuming device that is capable of online hookup and has the government interested in the secrets it may hold. It is none other than your video game console.
The gaming system that gives you hours of Mario Kart, Rock Band or Madden NFL fun is also being looked at by the Department of Homeland Security, which wants to see if it can pick passwords, credit card numbers, and other communications from the consoles. Wired reports DHS awarded a more than $177,000 contract to Obscure Technologies last week to develop a method to make gleaning this information from the systems possible — but only if they come from foreign sources:
The government says it plans to use the forensic tool only on systems owned by foreigners outside the U.S. and that the research is aimed at investigations of pedophiles who target victims through gaming systems, and terrorists, who DHS says may be using gaming consoles to communicate and plan their activities.
Given privacy issues of collecting information from devices gotten on U.S. soil, Simson Garfinkel, a computer science professor and expert at the Naval Postgraduate School, said that’s why the research will target systems purchased outside of the United States.
Foreign Policy magazine has more on the research:
The ultimate goal is to “improve the current state-of-the-art of computer forensics by developing new tools for extracting information from popular game systems, and by building a corpus of data from second-hand game system that can be used to further the development of computer forensic tools,” Garfinkel said in an email to Foreign Policy. Though the research is being overseen by NPS, the contract award states that the tools developed by Obscure will be delivered to DHS.
The Gaming Systems Monitoring and Analysis Project was first introduced in 2008. Foreign Policy described the development of techniques to hack into gaming consoles as relatively new ground as the devices are well-encrypted to prevent piracy. Obscure Technologies President Greg May is reported as saying even they’re not sure how complicated the process will be.
ZDNet has more on some of the tasks Obscure Technologies will need to complete:
- Provide monitoring for 6 new video game systems, a maximum of 2 of any type from any given vendor.
- Generate clean data (data that does not contain any identifiable information from real people) from new video game systems.
- Design a prototype rig for capturing data from new video game systems.
- Implement the prototype rig on the new video game systems.
- Provide data captured by the prototype rig in the following formats: Packets shall be delivered in PCAP format, Disk images shall be delivered in E01/EWF format.
- Write a final report, between 10 and 20 pages, to include details of work performed, the engineering approach used and the reason why, any engineering decisions that were made and why, what work remains to be done, and any failings of the approaches followed.
Privacy expert Parker Higgins from the Electronic Freedom Foundation told Foreign Policy that he doesn’t think the government would be interested in the consoles for intentionally stored sensitive information but for conversations that may be logged while using the platform to message other users. He said that “it’s even more alarming because users might not know that the data is created.” Here’s the type of info Higgins thinks the government is seeking:
Thing about it: Your Nintendo Wii might tell government investigators when you were connected to the Internet, who you were talking to, what you were saying, and what you were playing. “Taken in context, it could end up revealing more than you expect,” Higgins warns. There have already been hacks that could allow for spying on users of the Xbox Kinect, a video-enabled add-on that reads body movement for interactive gaming.
Until this research is complete and a way for authorities to access data from gaming consoles is identified, Wired reports law enforcement can still subpoena the company running the service for information it has collected.