On July 12th 2018, the Jakarta Globe reported that terrorists could potentially use online gaming platforms such as World of Warcraft and Clash of Clans to communicate covertly with each other for the purpose of planning attacks. According to Indonesia’s National Cyber and Encryption Agency (BSSN), there are signs suggesting that the terrorists were responsible for the coordinated terrorist attacks which shook Paris on November 13, 2015 and could have used the PlayStation 4 console to communicate with each other ahead of the attacks.
Indeed, the Paris attacks continue to offer important lessons for security and intelligence agencies worldwide in the fight against smart terrorists. Besides the need to keep pace with improvised terror tactics, agencies should find a balance between countering threats and protecting the interests of ordinary people – online gamers in this case – who are the majority and use technology for innocuous and beneficial purposes.
The possible use of online gaming platforms as a digital tactic that enables criminals to assume anonymity and evade detection while planning unlawful activities is hardly a new idea. A Criminal Tradecraft Alert by the U.S Federal Bureau of Investigation (FBI) dated May 25, 2011 and titled “Bronx Bloods Members Communicating Through PlayStation Network (PSN)” stated that gang members in New York were able to circumvent house arrest and chat with each other by using the communication features in the PlayStation network.
PlayStation and Xbox consoles allow players to meet, chat and form virtual communities according to an article “How to join a game’s online community” by softonic.com dated 17 July 2018. These communication features extend to online games such as Fortnite and Roblox which can be played on desktops and laptops, and are currently popular among youths. Players can also take their discussions further either by meeting on internet chat rooms and social media, or in person.
It would hence be conceivable for terrorists to take a leaf out of the criminals’ digital playbook. In this regard, The Telegraph on December 9, 2013, reported that the Snowden leaks included documents revealing operations by the U.S National Security Agency (NSA) and U.K Government Communications Headquarters (GCHQ) to infiltrate online gaming platforms for the purposes of detecting criminal and terrorist communications and recruiting informants. Following the Paris attacks, Sony responded in an official statement that PlayStation 4 like “all modern connected devices” enables communication and hence “has the potential to be abused.”
If it is true that the Paris attackers had used PlayStation to help plot their attacks, the success of the attacks further underscores three challenges that security and intelligence agencies will encounter in relying on online surveillance which has its limitations.
First, online gaming platforms – like any other digital technology such as social media and messaging apps – are part of the vast cyberspace which criminals and terrorists will constantly try to exploit to find new opportunities and avenues for concealment and subterfuge. Expectedly, security and intelligence agencies are beefing up their cyber capabilities to keep up with the evolving digital tactics of criminals and terrorists. However, these capabilities should not be unnecessarily invasive and there must be safeguards to ensure responsible and ethical usage.
Second, the use of digital avatars for fake identities as well as local languages and cultural lingo in the content of discussions could constrain the ability of intelligence efforts to detect and monitor suspicious activities and assess the reliability of informants. It will not be a straightforward process – even with the use of machine learning algorithms – to distinguish suspicious communications from other communications that are happening in online gaming communities that are populated largely by ordinary gamers. Hence, agencies should not be overly reliant on surveillance as a tool to counter threats especially when the results are not guaranteed.
Third, even if security and intelligence agencies have state-of-the-art technical capabilities, they will have to balance security priorities with issues of privacy that could limit their legal authority to conduct surveillance and transnational intelligence-sharing. A research paper, “Playing in the Dark: How Online Games Provide Shelter for Criminal Organisations in the Surveillance Age” by the Arizona Journal of International and Comparative Law, highlighted that privacy issues present a new battlefield in the relationship between law enforcement and individual privacy.
This battlefield has grown more arduous in the current climate as the Cambridge Analytica debacle has heightened the voices of free speech and privacy advocates – including technology companies – who clamor for the protection of consumers’ personal data and the right to privacy. However, agencies should not dismiss these issues which are crucial to the well-being of people living in free and democratic societies.
Given these challenges, security and intelligence agencies will have to devise better approaches for Prevention which relates to intelligence-gathering to thwart attacks from happening, and secondly enhance Response which relates to existing capabilities to protect people when attacks happen.
Prevention could be a two-fold approach. First, it will be strategically efficient for national-level agencies to leverage international law enforcement organizations such as INTERPOL and EUROPOL to partner with technological companies – game creators – to jointly examine the problem of criminals and terrorists misusing gaming platforms. Given the nature of the online gaming environment, these companies should be in a better position to develop fair and transparent user policies and tools that enable the monitoring of gamers’ communications to foster a safer gaming environment by detecting and deterring unlawful activities. Such partnerships could also help to ameliorate the privacy and free speech issues stemming from surveillance and intelligence-sharing.
Second, national-level agencies can reach out to the local gaming communities – specifically the youth – during crime prevention and cyber wellness campaigns for the purpose of leveraging them as assets rather than viewing them only as a demographic group that is vulnerable to negative online influences. The youths’ perspectives and familiarity with the online gaming environment could be useful in examining the problem and devising ways to detect and report suspicious communications, while protecting the consumer rights of online gamers.
Response would require the enhancement of first responders’ capabilities, particularly private security officers, who would be at the scene of the incident – to detect possible threats and evacuate people – even before emergency response forces could arrive. The crucial role of private security officers was highlighted during the Paris attacks in two instances: officer Salim Toorabally stopped a suicide bomber from entering the national stadium during a football match, and officer Didi helped several concert-goers escape when gunmen stormed the Bataclan theatre.
In this respect, countries could take a leaf out of Singapore’s book on transforming the private security industry by enhancing the professional skills of private security officers and facilitating the adoption of digital technology to support security operations in the face of a shrinking workforce and the heightened threat of terrorism. On July 18, 2018, Singapore launched the Security Industry Digital Plan (IDP) that aims to empower small and medium-sized private security companies with digital capabilities – such as surveillance robots and artificial intelligence for threat prediction – over the next decade.
These two counter-terrorism areas – prevention and response – are not sufficient on their own but could form a comprehensive strategy when developed in concert. This strategy is necessary to stay ahead of smart terrorists who exploit any form of digital technology to conceal their machinations, while concurrently protecting the interests of ordinary people such as online gamers.
This article was published at International Policy Digest.