US seeks terrorists in web worlds

By Chris Vallance
Reporter, BBC iPM

Experts say terror groups are unlikely to use games such as World of Warcraft

The US government has begun a project to develop ways to spot terrorists who are using virtual worlds.

Codenamed Reynard it aims to recognise "normal" behaviour in online worlds and home in on anomalous activity.

It is likely to develop tools and techniques for intelligence officers who are hunting terrorists and terror groups on the net or in virtual worlds.

The project was welcomed by experts tracking terror groups using the net to organise or carry out attacks.

Growing threat

Brief details about Reynard came to light in a report sent to the US Congress by the Office of the Director of National Intelligence (ODNI) - which co-ordinates the work of US intelligence agencies.

We can see groups emerging in cyber spaces and virtual communities that would be wholly virtual Roderick Jones, Concentric Solutions iPM: Listen to the interview with anti-terror experts

In that report, which talked about the data mining efforts undertaken by the ODNI, Reynard was described as: "a seedling effort to study the emerging phenomenon of social (particularly terrorist) dynamics in virtual worlds and large-scale online games and their implications for the intelligence community".

Using publicly available data Reynard researchers will carry out observational studies to establish "baseline normative behaviors".

Once these are identified, Reynard will "then apply the lessons learned to determine the feasibility of automatically detecting suspicious behavior and actions in the virtual world".

"It's a positive step," said Andrew Cochran, founder and co-chairman of the Counterterrorism Foundation. "For a number of years we were behind in chasing jihadists' presence on the net and detecting it."

"That's a very sensible step at the moment," said Roderick Jones, a vice president of Concentric Solutions and a former special branch officer. "Just to feel their way around them and work out what new intelligence collection methods might be required to deal with this threat, because you won't be able to use traditional law enforcement methods."

New worlds

A senior intelligence officer at the ODNI said Reynard was in its very early stages and it was too soon to say which online worlds it would be studying. He added that any work on it would be purely for research rather than "operational" purposes.

Many terror groups indulge in cyber crime to fund their activities

"I think its highly unlikely terrorists would use things like Second Life or World of Warcraft as they do not have the necessary security," said Mr Jones.

"Terrorist use of the internet at the moment relies on password protected forums," he added.

Said Mr Cochran: "All of the major terrorist treatises have been distributed through the internet so taking it to a virtual world with multi-player role games is really an easy step."

It was inevitable that terror groups would make greater use of the internet and the possibilities that virtual spaces offered them, said Mr Jones.

"There's more a chance of things like Jihad worlds coming online in the next five years I think," he said.

The visual richness of virtual worlds made them good places to educate recruits about techniques, said Mr Jones.

Attack pattern

"We can see groups emerging in cyber spaces and virtual communities that would be wholly virtual," he said. "They would organise and radicalise in virtual worlds and attack using cyber methods without becoming a real world presence in any real way."

Many groups were likely to use the expertise and skills they learn in virtual worlds to target key net systems.

Ken Silva, chief technology officer for Verisign which oversees some of the net's core address books, said such an attack could be "devastating".

"We see a continuing growth in the amount of horsepower in the attacks that are directed at infrastructure servers," said Mr Silva.

A router problem made YouTube inaccessible for many

"We are seeing a large shift from attacks that are directed at individual websites," he said. "The sophistication is getting a little smarter and they are attacking the infrastructure pieces behind them..., which is typically in most production environments the least invested in."

Some of the basic systems of the net, such as the Border Gateway Protocol (BGP) which helps data reach its intended destination, were open to attack.

An accidental misconfiguration of BGP in some routers in Pakistan caused the recent problems with YouTube which left many people unable to reach the video site.

"BGP is essentially a relatively unprotected protocol and is seriously vulnerable to disruption," he said. "Should that happen, it could take a very long time to correct that situation."

"This has to be fought at every level," he said.