US government hires company to hack into video game consoles

The U.S. government recently posted a project asking for the "Development of Tools for Extracting Information from Video Game Systems." The listing was posted just two months ago, and last week a contract was signed with the California-based company Obscure Technologies. The U.S. is paying $177,237.50 for the job.

The U.S. Navy says it is looking to hack into used consoles to extract any sensitive information exchanged through their messaging services. The organization says it will only use the technology on consoles belonging to nations overseas, because the law doesn't allow it to be used on any "US persons."

Here's the official description from the U.S. Navy listing, posted on February 15: "This project involves furnishing video game systems, both new and used, and creating prototype rigs for capturing data from the video game systems." Obscure Technologies responded three days later.

Even better is the description from the actual contract from the Federal Business Opportunites website, posted on March 26: "R & D effort for the development and delivery of computer forensic tools for analyzing network traffic and stored data created during the use of video game systems."

The Statement of Work document (doc) gives more insight into what the project is all about.

Obscure Technologies will have to perform the following online monitoring tasks:

• Provide monitoring for 6 new video game systems, a maximum of 2 of any type from any given vendor.
• Generate clean data (data that does not contain any identifiable information from real people) from new video game systems.
• Design a prototype rig for capturing data from new video game systems.
• Implement the prototype rig on the new video game systems.
• Provide data captured by the prototype rig in the following formats: Packets shall be delivered in PCAP format, Disk images shall be delivered in E01/EWF format.
• Write a final report, between 10 and 20 pages, to include details of work performed, the engineering approach used and the reason why, any engineering decisions that were made and why, what work remains to be done, and any failings of the approaches followed.

It will also be required to implement the following offline monitoring tasks:

• Provide used video games systems purchased on the open market.
Used systems provided shall be likely to contain data from previous users.
• Extend tool development to implement creating signatures over sections.
• Survey console chat room technology and identify potential chokepoints where data may be committed to storage.
• Identify data storage points on used video game systems and attempt to demonstrate proof of concept.
• Extract real data from used video game systems.
• Provide data captured from used video game systems in the following formats: Packets shall be delivered in PCAP format, Disk images shall be delivered in E01/EWF format.
• Provide video game system extraction software and/or hardware.
• Write a final report, between 10 and 20 pages, to include details of work performed, the engineering approach used and the reason why, any engineering decisions that were made and why, what work remains to be done, and any failings of the approaches followed.

Obscure Technologies was chosen because it "is the only US company that appears to offer the purchasing of used computer equipment for access to the contained information as a commercial service," according to the Contracting Activity document (docx). The company also has "substantial experience in working with such systems" including a "lead scientist having previously reverse engineered the Microsoft Xbox."

Leveraging content on video game consoles to watch and understand what citizens are up to isn't a exactly a new idea. Gaming studios and academic minds have been tracking gamers for a long time: the former typically want to know how customers use their products while the latter often use the findings for psychological research.

See also:

• Microsoft investigating used Xbox 360 credit card hack
• Hackers can steal credit card data from used Xbox 360s
• US government pays $250,000 for iOS exploit
• Up to 1.5 million Visa, MasterCard credit card numbers stolen
• Justin Bieber's Twitter account hacked
• New iPad jailbroken on day one