As the international hunt for those behind the Paris terror attacks expands, investigators are trying to figure out how the ISIS terrorists were able to communicate and coordinate the assaults. Now, some investigators are pointing the finger at an unlikely target: an electronic gaming system made by Sony.
The PlayStation 4, or PS4 for short, is the world’s most popular gaming platform, which connects 110 million users together via Sony’s proprietary PSN digital network accessed via the Internet. Using PS4, gamers can join together to play all sorts of games, giving players around the world the chance to message, talk, or otherwise interact with each other in real time.
The leaders of terror groups like ISIS and al-Qaida learned long ago that some electronic communications, such as email or mobile phone conversations, are inherently insecure and expose them to government surveillance. However, the PS4 may offer some security and privacy protections that have been previously overlooked.
For example, some communications on the PSN are encrypted, and users can communicate in a variety of ways. There’s a messaging function that allows players to text one another, and Sony has not said publicly if there is any record kept of those texts.
Users can also talk to each other using the “Voice Over Internet Protocol”, or VOIP, which brings another layer of digital obfuscation. But Jonathan Katz, director of the University of Maryland’s Cybersecurity Center, says there are also “subliminal channels” that PS4 players can use to communicate with each other.
“For example, two players that are playing a game together can use actions in the game to communicate information [such as] one player going left or right to signal a direction, or specifying a number by exchanging that amount of money as part of the game,” Katz told VOA. “Subliminal channels are near-impossible to prevent, and difficult to detect, since they can be based on anything where one user's actions affect another user.”
In 2013, documents leaked by former NSA contractor Edward Snowden revealed that the CIA and other intelligence services had been monitoring digital gaming worlds such as World of Warcraft and Second Life by creating fake characters, then using them to glean information and recruit potential informers.
It’s not known if any intelligence agencies are using bogus “players” on Sony’s PSN currently. But the University of Maryland’s Jonathan Katz says given the millions of multi-user games being played at any moment just on PS4, the odds of hitting the right one where terrorists are discussing an upcoming attack are “not very effective.”
On November 10, three days before the Paris attacks, Belgium’s Home Affairs minister Jan Jambon publicly pointed the finger at PS4 as a potential security risk, saying that terrorists using PS4 “keeps me awake at night” and added that PS4 “is even more difficult to keep track of than WhatsApp.”
Speaking with the publication Politico Europe, Jambon warned “It’s very, very difficult for our services – not only our services, but international services – to decrypt the communications that’s going via PlayStation 4.”
Maryland Cybersecurity Center director Jonathan Katz, however, cautions that risks can take many forms.
“This is a bit of a hysterical reaction,” Katz said. “Anything can be a ‘security risk’ if used by criminals, and the PS4 is no more or less of a security risk than any other method of communication.”
In a statement released Monday, Sony said PS4 communication, “like all modern connected devices” can be abused, but said “we urge our users and partners to report activities that may be offensive, suspicious or illegal.”