My experience with an (NSA?) prankster

Remember the movie The Mothman Prophecies? A major feature of the film is Richard Gere's interaction with an entity who calls itself Indrid Cold; a being with supernatural abilities who apparently knows everything there is to know about the present, as well as the future.

A person claiming to be Indrid Cold appeared in YouTube comments one day. It impressed other people who commented, by sharing apparently supernatural knowledge about them. Some people exchanged correspondence with it in private, and it impressed them with its abilities even more. One of those people posted about it on Reddit, and that's how I got to know about Indrid Cold.

I was naturally curious, so I sent Indrid an email. More than a month later, I received this reply:

Hello, Mr. Bider,

Your are the co-founder of a software company called 'Bitvise'. You are originally from Slovenia but moved to the Leeward Islands with your wife, Jana. You both enjoy fresh seafood and online gaming. You recently canceled your World of Warcraft account due, in part, to the mishandling of Affliction Warlock class balance. You use 'Elo' as a prefix for your World of Warcraft characters with the exception being your Undead Mage, 'Creepybones'. Your wife uses 'Rheo' as the prefix for all of her World of Warcraft characters. Your main character is 'Elocyn of Stormrage' and your wife's main character is 'Rheolynx of Stormrage'. You are an atheist, yet are fascinated by the nature and mysteries of perceived reality. Your wife is quite fond of cats. You very much enjoyed the film 'Inception', though, the ending, while seemingly happy, left you wanting. You supported Ron Paul for President of the United States. You wrote a fairly popular user guide for the software 'Crypto++'. You almost broke your ankle, once, near Brimstone Hill Fortress on Saint Christopher Island. You would love to see an explosion of Free-Market Libertarianism sweep across the Balkans. You fancy yourself as an inventor.

Greetings, Mr. Bider. My name is Indrid Cold. I have noticed your interest in a post by the Reddit user known as Griffdude13. How may I be of service?

- Indrid

This is nearly entirely correct, except that at the time I received it, I had no recollection of almost breaking my ankle. What memory I did form since then could very well be false.

I received this a week before any of the Snowden revelations, but one of my immediate suspicions was that this could be a prank played by someone at an intelligence agency. What's especially telling is that, with the exception of the ankle thing - which is dubious - Indrid mentioned nothing outside of what's easily accessible in English and online, with the proper access.

Today, I find this article:

Spy agencies in covert push to infiltrate virtual world of online gaming

(The Guardian, December 9, 2013)

[...]

The NSA document, written in 2008 and titled Exploiting Terrorist Use of Games & Virtual Environments, stressed the risk of leaving games communities under-monitored, describing them as a "target-rich communications network" where intelligence targets could "hide in plain sight".

Games, the analyst wrote, "are an opportunity!". According to the briefing notes, so many different US intelligence agents were conducting operations inside games that a "deconfliction" group was required to ensure they weren't spying on, or interfering with, each other.

If properly exploited, games could produce vast amounts of intelligence, according to the NSA document. They could be used as a window for hacking attacks, to build pictures of people's social networks through "buddylists and interaction", to make approaches by undercover agents, and to obtain target identifiers (such as profile photos), geolocation, and collection of communications.

The ability to extract communications from talk channels in games would be necessary, the NSA paper argued, because of the potential for them to be used to communicate anonymously: Second Life was enabling anonymous texts and planning to introduce voice calls, while game noticeboards could, it states, be used to share information on the web addresses of terrorism forums.

Given that gaming consoles often include voice headsets, video cameras, and other identifiers, the potential for joining together biometric information with activities was also an exciting one.

But the documents contain no indication that the surveillance ever foiled any terrorist plots, nor is there any clear evidence that terror groups were using the virtual communities to communicate as the intelligence agencies predicted.

The operations raise concerns about the privacy of gamers. It is unclear how the agencies accessed their data, or how many communications were collected. Nor is it clear how the NSA ensured that it was not monitoring innocent Americans whose identity and nationality may have been concealed behind their virtual avatar.

[...]

Since the Snowden revelations, I've heard nothing from Indrid, so I can only assume that the prank ended when the extent of NSA monitoring came into the spotlight.

The NSA claims that abuses aren't common, but pranks like the above are a clear indication of how easy they must be. If analysts could feel free to prank strangers with this kind of data, it's nearly certain they can get the same data, or more, about anyone in whom they have a personal interest.

Comments

Indrid Cold said…
Hello, Mr. Bider,

Philadelphia and Alabama are of little consequence. You know of whom I speak.

I am no NSA prankster, Mr. Bider. I am Indrid Cold. I do not communicate from whim nor fancy. Every word I type has purpose. Seek me, Mr. Bider. You will have your answers.

22 45 63 81 11 37 54 06 91 67 27 98 20 72 14
Mike Litorus said…
I seek an audience with Indrid Cold
denis bider said…
Good luck. So far, I can't make any sense of who this entity is interested in talking to, and why.
Ciprian Jurma said…
But can't you at least decrypt that code, since you're a programmer and have so much experience with Crypto++? We'd all want to know what it says.

A fuller version, on his Google+ account, seems to also give the key (?) and is:

216
22 45 63 81 11 37 54 06 91 67 27 98 20 72 14
Behind the straw.

Popular posts from this blog

When monospace fonts aren't: The Unicode character width nightmare

"Unreachable" beauty standards

Is the internet ready for DMARC with p=reject?