How Intelligence Agencies Infiltrated Virtual Worlds

A joint investigation by The New York Times, The Guardian, and ProPublica — drawing on classified documents provided by former NSA contractor Edward Snowden — revealed that American and British intelligence services had been conducting surveillance operations inside massively multiplayer online games, including World of Warcraft and Second Life.

The agencies feared that terrorist networks and criminal organizations might exploit these virtual environments to communicate covertly, transfer funds, or coordinate operations. To counter this perceived threat, intelligence operatives created in-game avatars and embedded themselves among millions of unsuspecting players in digital landscapes populated by elves, gnomes, and custom-built virtual personas.

Why the NSA Targeted Online Gaming Platforms

According to a top-secret 2008 NSA document, online games represented a “target-rich communication network” that allowed surveillance subjects to “hide in plain sight.” The appeal was clear: these platforms offered built-in features that mirrored the operational needs of covert networks — anonymous identities, encrypted voice and text chat channels, and virtual currency systems capable of facilitating financial transactions.

A separate 2008 internal memo declared that virtual games constituted “an opportunity” for signals intelligence collection. The NSA acknowledged, however, that it faced a fundamental technical challenge. As one document admitted, “with a few exceptions, NSA can’t even recognize the traffic,” meaning analysts could not reliably distinguish gaming data from other internet communications flowing through their collection systems.

Spy Agencies Built Fake Avatars for Surveillance and Recruitment

The classified files described operations spanning multiple agencies. The CIA, the Defense Intelligence Agency, the FBI, and Britain’s Government Communications Headquarters (GCHQ) all maintained presences inside virtual worlds. Operatives built fictional characters, monitored player communications, and attempted to recruit informants from within gaming communities.

So many American intelligence personnel were simultaneously operating inside Second Life that agencies had to establish a “deconfliction” group — a coordination mechanism designed to prevent their own spies from unknowingly surveilling each other or interfering with parallel operations.

GCHQ launched its first dedicated deployment into Second Life by late 2008. That operation, codenamed “Operation Galician,” assisted London police in dismantling a criminal ring that had migrated to virtual worlds to traffic stolen credit card data. A digital informant using an in-game avatar provided intelligence on the group’s activities.

World of Warcraft and Xbox Live Under the Microscope

At Menwith Hill, a Royal Air Force base in Yorkshire long used by the NSA as a global communications interception hub, American and British analysts launched a dedicated World of Warcraft monitoring program in 2008.

One NSA assessment stated that the surveillance effort “continues to uncover potential Sigint value by identifying accounts, characters and guilds related to Islamic extremist groups, nuclear proliferation and arms dealing.” The document confirmed that persons of interest appeared to be active players, though it provided no evidence they were using the platform for operational planning or covert communication.

British intelligence separately confirmed it had “successfully been able to get the discussions between different game players on Xbox Live,” extending surveillance into Microsoft’s console gaming ecosystem.

By 2009, the data collection had grown substantial. During a real-time surveillance test of Second Life, GCHQ operators captured three days of chat logs, instant messages, and financial transaction records totaling 176,677 lines — including the actual content of player communications.

Gaming Companies Said They Were Never Consulted

Blizzard Entertainment, the California-based developer of World of Warcraft, stated it had no knowledge of any intelligence operations taking place within its game. A company spokesman said plainly: “We are unaware of any surveillance taking place. If it was, it would have been done without our knowledge or permission.”

Microsoft declined to comment on the Xbox Live revelations. Philip Rosedale, who founded Second Life and formerly led its parent company Linden Lab, also declined to address the disclosures. Current Linden Lab executives did not respond to press inquiries.

The relationship between the NSA and Linden Lab had earlier roots than the surveillance program itself. In May 2007, the company’s chief technology officer, Cory Ondrejka — a former Navy officer with top-secret NSA clearance — visited Fort Meade to deliver a presentation to agency staff. An internal announcement promoting the talk noted that virtual worlds offered the government a chance “to understand the motivation, context and consequent behaviors of non-Americans through observation, without leaving U.S. soil.” Ondrejka, who later became director of mobile engineering at Facebook, declined to elaborate beyond confirming the visit was similar to other industry presentations he gave during that period.

Private Contractors Competed for Virtual World Spy Contracts

The intelligence community’s interest in gaming attracted major defense contractors. A 66-page 2007 proposal from SAIC pitched the company’s capability to support “intelligence collection in the game space” and warned that online games could serve as powerful recruitment and communication platforms for militant organizations.

By spring 2009, the Intelligence Advanced Research Projects Activity (IARPA) convened academics and contractors at a conference near Washington Dulles International Airport to solicit proposals for studying how in-game behavior might correlate with real-world identities. Dmitri Williams, a University of Southern California professor who received grant funding through the program, recalled being told “it was highly likely that persons of interest were using virtual spaces to communicate or coordinate.”

Both SAIC and Lockheed Martin subsequently won multimillion-dollar contracts under this research initiative. The practical intelligence value of the resulting studies remained questionable, however. Researchers at the Palo Alto Research Center produced a government-funded analysis of World of Warcraft that primarily found younger and male players favored combat activities while older and female players preferred exploration. A separate SRI International study determined that players under 18 frequently used capital letters in chat messages and avatar names.

As one researcher involved in the project, Nick Yee of Palo Alto, recalled: “We were specifically asked not to speculate on the government’s motivations and goals.”

Pentagon Mobile Games Used as Intelligence Collection Tools

Even before the NSA began its virtual world operations, the Pentagon had recognized the intelligence potential of video games. Between 2006 and 2007, the U.S. Special Operations Command partnered with several foreign companies — including a small digital media firm based in Prague — to develop mobile phone games. These games were distributed without any indication of their Pentagon origins and were subsequently used as vehicles to collect data about the people who downloaded and played them.

Gamers Suspected They Were Being Watched

Players themselves had speculated about government surveillance long before the Snowden documents provided confirmation. In a World of Warcraft forum thread started just days after the first NSA revelations became public in June 2013, a player using the avatar name “Crrassus” asked whether intelligence agencies might be monitoring in-game chat.

Another player, a goblin priest named “Diaya,” offered a wry assessment: “If they ever read these forums, they would realize they were wasting” their time.

Were Gaming Worlds Actually Terrorist Havens?

Despite the scale and enthusiasm of the intelligence community’s gaming operations, the classified documents cited no concrete counterterrorism successes. Former intelligence officials, gaming industry employees, and independent security experts all stated in interviews that they knew of little evidence suggesting terrorist organizations viewed online games as useful operational environments.

Peter W. Singer of the Brookings Institution, co-author of “Cybersecurity and Cyberwar: What Everyone Needs to Know,” noted that games “are built and operated by companies looking to make money, so the players’ identity and activity is tracked.” He added that “for terror groups looking to keep their communications secret, there are far more effective and easier ways to do so than putting on a troll avatar.”

The surveillance programs nonetheless raised significant privacy questions. It remained unclear precisely how the agencies gained access to player data, how many gamers were monitored, or whether communications belonging to American citizens — who can only be targeted with approval from the Foreign Intelligence Surveillance Court — were swept up in the collection.

Both the NSA and GCHQ declined to comment on the specifics. A GCHQ spokesman stated only that the agency operates under “a strict legal and policy framework” with appropriate oversight.

Based on reporting by The New York Times, The Guardian, and ProPublica from classified documents provided by Edward Snowden. Originally published December 2013. Content has been rewritten for clarity and editorial standards.