Forensic computer investigation techniques have been developed for almost as long as computers have been personal. However, just as the forensic technology stabilises, criminals are moving onto smarter and darker alternatives – video games.
We have been examining gaming consoles for many years, typically in connection with alibis - “I couldn’t have been at the scene of the crime because I was playing on my XBox” (OR Playstation, lest we start a flame war amongst the Sony faithful). But there is much more to forensic gaming investigation than simple logs of activity. These days, peer to peer communications are a large part of gaming activities and have been for several years now.
The threat is readily apparent with the realisation that gaming communities may be hiding or even training terrorists. Games such as World of Warcraft or Second Life are capable of being used to communicate outside the normal channels that organisations such as the Government Communications Headquarters (GCHQ) can and do routinely monitor. With whole communities trading in gaming environments such as Second Life, the movement of funds and even the plotting of terrorist attacks can, in theory, happen below the radar of existing forensic and surveillance capabilities.
Whilst these different communication channels can initially sound like a breakthrough from the usual WhatsApp and texting methods, traditional digital forensic techniques remain as important as ever. Encrypted and secure communication methods are often only hidden whilst in transport, and forensically accessing the computers and mobile devices at a byte level can still yield artefacts that can be used during prosecution. Whilst cyber-criminals may believe they are moving to new territories by using mobile games such as Clash of Clans or gaming environments such as Steam, in reality they are moving into a territory that traditional forensic investigations are well-versed in.
However disguised and by whatever alternative route these potentially illicit and dangerous communications are transmitted, without exception the communications start life via traditional microprocessors and routers. Once they leave the router and travel across the ether they can be sent via unusual protocols and in various encrypted formats. There are two basic choices that law enforcement and security forces have to make: regulate the internet so that international law enforcement can at least gain access or deploy more monitoring into everyday microprocessors and mobile devices so that encryption can be defeated.
There is of course, a third, perhaps more simplistic alternative. In recent press articles it is claimed that government or federal agents were able to create avatars and then join games and participate in or monitor communications between other players. According to leaked documents provided to The Guardian and shared with both the New York Times and ProPublica; Second Life, Xbox Live and World of Warcraft were all targeted, potentially affecting tens of millions of users.
The New York Times also reports that GCHQ had sent operatives into Second Life in 2008 and helped police in London break a ring of criminals that was selling stolen credit card information in the virtual world. Documents report that the sting was codenamed Operation Galician and was aided by an informer who “helpfully volunteered information on the target group’s latest activities”.
Although the interception of this data in order to catch those conducting organised crime and terrorist acts is important, a thought should be spared for the civil liberties and digital freedom of those who use these platforms for their genuine, originally-intended uses. A balance between catching the criminals and allowing the internet to be used for socialising and enjoyment must be found - without the use of a Great Wall style, country-wide restriction firewall.
|Aaron Pickett is a Digital Forensic Examiner at IT Group specialising in Information Security and Computer Forensics. Aaron holds accreditation from Bond Solon Expert Witness Training, as well as UFED Cellbrite Mobile Phone Forensics, using both of these to assist IT Group to stay at the vanguard of the Legal and Forensic Computing sectors.|