RSN June 14 Fundraising
FB Share
Email This Page
add comment
Print

Excerpt: "Think twice if you live outside the US and plan to sell your used gaming console. The Department of Homeland Security has launched a research project to find ways to hack into gaming consoles to obtain sensitive information about gamers stored on the devices."

The Feds want to hack into your personal gaming system. (photo: Mobiledia)
The Feds want to hack into your personal gaming system. (photo: Mobiledia)



Feds Want Way to Hack Xboxes and Wiis for Evidence

By Kim Zetter, Wired

11 April 12

 

hink twice if you live outside the U.S. and plan to sell your used gaming console.

The Department of Homeland Security has launched a research project to find ways to hack into gaming consoles to obtain sensitive information about gamers stored on the devices.

One of the first contracts for the project was awarded last week to Obscure Technologies, based in California, to devise a forensic tool that will siphon data from the Xbox 360, Wii, PlayStation 3 and other consoles.

The $177,000 contract requires the company to create new hardware and software tools that can extract data from gaming consoles, and to purchase used gaming consoles outside the U.S. to determine what data was left on them by previous owners that can be extracted, including information about communications with other gamers, according to Foreign Policy magazine.

Gaming consoles can store sensitive information such as passwords, credit card numbers and addresses. Newer systems also allow users to communicate with one another via messaging and chat systems, and the government is interested in knowing what data is stored in the systems and can be siphoned out of them. But the systems often employ anti-tampering technologies that can make extracting data from them difficult.

Obscure Technologies was chosen for the contract in part due to its extensive reverse-engineering experience in general and its specific experience in exploiting digital rights management technologies, according to a government document justifying the award of the contract to Obscure Technologies. The company's lead scientist previously reverse-engineered the Microsoft Xbox, according to the document.

The government says it plans to use the forensic tool only on systems owned by foreigners outside the U.S. and that the research is aimed at investigations of pedophiles who target victims through gaming systems, and terrorists, who DHS says may be using gaming consoles to communicate and plan their activities.

“This project requires the purchasing of used video game systems outside of the U.S. in a manner that is likely to result in their containing significant and sensitive information from previous users,” Simson Garfinkel, a computer science professor associated with the project, told Foreign Policy. “We do not wish to work with data regarding U.S. persons due to Privacy Act considerations. If we find data on U.S. citizens in consoles purchased overseas, we remove the data from our corpus.”

The government has long fretted about terrorists plotting and training in online games, but, as with any networked communication service, law enforcement agencies can subpoena a company running a service, such as Xbox Live, to get information on users. The research project appears to be another method to obtain data; in this case data stored on devices seized in law enforcement and military raids.

Obscure Technologies president Gregory May told Foreign Policy that extracting data from gaming consoles is still in the "exploratory research and development" stage, and that it's unclear what his company will uncover. "It will be interesting to see, because it's new to us as well," he said. "A lot of this stuff hasn't been done. We're not sure how complicated it is."

The government first began looking at game system monitoring in 2008 when law enforcement became concerned that pedophiles were using game consoles to communicate with children. DHS’s Science and Technology Directorate was approached to develop a way to obtain game console data, according to Foreign Policy, which then approached Simson Garfinkel, a computer science professor at the Naval Postgraduate School, to put together a contract for a private company to research the issue and develop a product. [Ed. note: Garfinkel wrote a classic piece for Wired about HavenCo, an attempt to create a new country that would house a data center immune to government takedowns and data seizures.]

The Navy posted the contract notice last February, which included a statement of work calling for a contractor to produce the following:

  • Provide monitoring for 6 new video game systems, a maximum of 2 of any type from any given vendor.
  • Generate clean data (data that does not contain any identifiable information from real people) from new video game systems.
  • Design a prototype rig for capturing data from new video game systems.
  • Implement the prototype rig on the new video game systems.
  • Provide data captured by the prototype rig, including packets delivered in PCAP format and disk images delivered in E01/EWF format.
  • Provide used video games systems purchased on the open market. Used systems provided shall be likely to contain data from previous users.
  • Survey console chat room technology and identify potential chokepoints where data may be committed to storage.
  • Identify data storage points on used video game systems and attempt to demonstrate proof of concept.
  • Extract real data from used video game systems.
  • Provide video game system extraction software and/or hardware.

Parker Higgins, a spokesman for the Electronic Frontier Foundation, expressed concern that users might not know what data is created and stored on their gaming devices.

"These consoles are being used as general-purpose computers," he told the Foreign Policy. "And they’re used for all kinds of communications. The Xbox has a very active online community where people communicate. It stands to reason that you could get sensitive and private information stored on the console.”

Although reformatting a device before selling it should erase such data, researchers at Drexel University have recently claimed they could extract credit card information and a billing address from the hard drive of an XBox 360 even after it was reformatted.

 

Comments   

We are concerned about a recent drift towards vitriol in the RSN Reader comments section. There is a fine line between moderation and censorship. No one likes a harsh or confrontational forum atmosphere. At the same time everyone wants to be able to express themselves freely. We'll start by encouraging good judgment. If that doesn't work we'll have to ramp up the moderation.

General guidelines: Avoid personal attacks on other forum members; Avoid remarks that are ethnically derogatory; Do not advocate violence, or any illegal activity.

Remember that making the world better begins with responsible action.

- The RSN Team

 
+1 # Valleyboy 2012-04-12 01:41
Three points on this:

1)The government's claim to target phadephiles & terrorists is a tissue thin cover for spying on anyone they want to.

2)Why do they fret about terrorists training on video games but not give a sh1t about the American kids who play these games day in day out and in the process become numb to violence and the dehumanisation of coloured people?

3)What a name Simson Garfinkel is! Please tell me he is in a Simon & Garfunkel cover band!!
 
 
+1 # John Locke 2012-04-12 07:12
Yes those gamers are all potential terrorists and we need to spend trillions monitoring their game activity....aft er all they could be planning an invasion of earth…

But I don't think so!

We need software to monitor the "intelligence community”. Intelligence community? This is an oxymoron, like a good lawyer.....Inte lligence in Washington, get real!

This seems to also be a Conundrum; the word intelligence implies intellect... I don't see either in this expanding domestic surveillance of American Citizens… talk about a fear based electorate, we have a paranoid and fear based government, they are scared to death of everyone and everything…pret ty soon they will have an equal number of people working for the government to watch us 24/7; 3 people to watch each one of us, sounds like Russia under Communism! One man watched the worker, and another watched the watcher!

Obviously they are not looking for terrorists so much as looking for signs of a real revolution! If this was really an intelligence community with true intellect they would stop pushing the people toward the thing they fear most…
 
 
0 # hkatzman 2012-04-13 06:11
"The government says it plans to use the forensic tool only on systems owned by foreigners outside the U.S. and that the research is aimed at investigations of pedophiles who target victims through gaming systems..."

We must be totally vigilant and protect our children against pedophiles overseas. Huh??
 
 
+1 # Capn Canard 2012-04-13 08:39
What's next?? How can it get worse? Because I don't know about you all, but I am confident that it will worse.
 
 
0 # feloneouscat 2012-04-13 10:25
LOL

Okay, so they will find that I like to play Japanese games. Why don't they just use Google? I find all sorts of stuff about myself that I've forgotten!

I mean, what do they expect to find?
 

THE NEW STREAMLINED RSN LOGIN PROCESS: Register once, then login and you are ready to comment. All you need is a Username and a Password of your choosing and you are free to comment whenever you like! Welcome to the Reader Supported News community.

RSNRSN