Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Project Kid Hack - Teaching Kids Security through Gaming at BSidesDE on November 15, 2014

1,827 views

Published on

Wanna teach your kid to be a hacker but don’t know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career … or at least make our children a more security-conscience adult in whatever field they choose.

Published in: Technology
  • Be the first to comment

Project Kid Hack - Teaching Kids Security through Gaming at BSidesDE on November 15, 2014

  1. 1. Project KidHack Teaching Kids (and even some adults) Security through Gaming @grecs NovaInfosec.com
  2. 2. Disclaimer • Opinions expressed do not express the views or opinions of my – my employers – my customers, – my wife, – my kids, – my parents – my in-laws – my high school girlfriend from Canada Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  3. 3. Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  4. 4. Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  5. 5. 20 Years Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  6. 6. Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  7. 7. Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  8. 8. CFP Call for Sponsors http://bit.ly/firetalks2015 Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  9. 9. Agenda • Background • Existing Games • KidHack Project • What’s Next? • Conclusion Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  10. 10. Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  11. 11. Background Why
  12. 12. Background Why Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  13. 13. Background Why Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  14. 14. Background Why Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  15. 15. Background Why Feds Need 10,000 Cyber Security Experts (6/7/2009) Cybersecurity business, jobs expected to grow through 2016 (10/21/12) Fewer Cyber Pros, More Cyber Problems (9/1/14)
  16. 16. Background Why • NSA Tapping Schools of Excellence • Wait … Wait … Don’t Need Degrees • More Technical Skills Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  17. 17. Background Why • Preparing Next Generation of Infosec Pros by Getting Interested Early – Seeing if My Kids into Infosec • Recent Trainer Role – Contemplating Best Ways to Teach – Lecture, Socratic, Active, Rote, … • Focus on Simulation with Gaming – Versus Setting Up Real Environment Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  18. 18. Background Inspiration • CTFs (for years) • Bruce Potter – DerbyCon 2013 – It’s Only a Game: Learning Security through Gaming • History of CTF Contests & Other Games Hardcore Security Pros Play • Games that Can Be Used to Engage Non-Security Pros  More Focused on Theory vs Collecting List of Games • http://bit.ly/pottergaming • MrsYIsY – Network Computing – Want To Develop Information Security Skills? Capture The Flag • Simulation of Real-World Security Operations • http://bit.ly/mrsyctf • Ender’s Game – Military Tactics – Simulations/Drills
  19. 19. EXISTING GAMES
  20. 20. Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  21. 21. Existing Games Hacker • Type: Card • History – 1990: Secret Service Raided Steve Jackson Games • Confiscated Equipment, including Illuminati BBS. – 1992: Made Game of It • Satirizing Secret Service, Hackers, Phone Companies, etc. – 1993: Hacker II – The Dark Side - more players & new rules – 2001: Hacker – Deluxe Edition – Combined All Above into Box Set • Objective – Players Act as Hackers – Compete Against Each Other to Control Most Systems Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  22. 22. Existing Games Hacker • Hacker uses a variation of the Illuminati system; players lay out cards (representing systems) to create the Net, which is never the same twice. But instead of separate “power structures” for each player, there is only one Net, and players place tokens to indicate what systems they have invaded and how completely they control them. • For 3 to 6 players; takes from 90 minutes to 2 1/2 hours. The supplement, Hacker II, lets you add two more players. • Components include rulebook, 110 cards, 172 marker chips, 6 console units, lots of “system upgrades,” and other markers. Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  23. 23. Existing Games Hacker • Hacker II – Supplement to Hacker (not playable alone) – New Rules: Viruses, the Internet Worm, outdials, multiple accounts, Black Ice, and Military Hardware. – Consoles & Tokens for 2 More Players • Hacker – Deluxe Edition – Can you break into the world’s toughest computer systems? In Hacker, players sail through the Net, competing to invade the most systems. The more systems you crack, the more you learn, and the easier your next target is. You can find back doors and secret phone lines, and even crash the systems your rivals are using. But be careful. There’s a Secret Service Raid waiting for you! – Designed by Steve Jackson, Hacker requires guile and diplomacy. To win, you must trade favors with your fellow hackers – and get more than you give away. But jealous rivals will try to bust you. Three busts and you’re out of the game! Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  24. 24. Existing Games Hacker • Availability – Out of Print – Dealers In Out-Of-Print Games • http://www.sjgames.com/general/outofprint.html • Kid Review Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  25. 25. Existing Games [d0x3d!] • Type: Board • History – Inspired by 2010 Game Forbidden Island – Introduces Attack & Defend Mechanics and Other Basic Computer Security Constructs • Objective – Teaching Non-Techies Computer Security Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  26. 26. Existing Games [d0x3d!] • In [d0x3d!], you and up to three other players take on the role of an 1337 hacker syndicate, infiltrating a network to reclaim valuable digital assets that have been stolen from them. What are these assets? There are four types—financial data, personally identifiable information, authentication credentials, and intellectual property—but what exactly these represents is your little secret. Embarrassing photos? The recipe for the best BBQ in the world? You decide. • As you seek out these valuable digital assets, the network admins respond: patching compromised machines, raising alarms, sometimes changing its very topology to impede your movement. You and your team work together, compromising and looting machines on the network, trying to not alert the network admins of your presence. If the admins feel too threatened by the activity they see on their network, they will take your stolen personal data and release it onto the internet! In other words, you’ll get d0x3d! • You all win together, or you all lose together. Brave the network and protect your data! Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  27. 27. Existing Games [d0x3d!] http://youtu.be/oMi-GB9tc6s
  28. 28. Existing Games [d0x3d!] • Availability – Open-Source & Freely Available • https://github.com/TableTopSecurity/d0x3d-the-game • Download & Print – $25 Boxed Set from TheGameCrafter.com • https://www.thegamecrafter.com/games/-d0x3d- • Kid Review
  29. 29. Existing Games Control-Alt-Hack • Type: Card • History – Announced DefCon 2012 – Available Nov 2012 (Amazon) – Designed by Tamara Denning, Tadayoshi Kohno, Adam Shostack • Objective – Teaching Non-Techies Computer Security Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  30. 30. Existing Games Control-Alt-Hack • Based on a game mechanic by gaming powerhouse Steve Jackson Games (Munchkin and GURPS), Control-Alt-Hack™ is a tabletop card game about white hat hacking. • You and your fellow players work for Hackers, Inc.: a small, elite computer security company of ethical (a.k.a. white hat) hackers who perform security audits and provide consultation services. Their motto? “You Pay Us to Hack You.” • Your job is centered around Missions-tasks that require you to apply your hacker skills (and a bit of luck) in order to succeed. Use your Social Engineering and Network Ninja skills to break the Pacific Northwest’s power grid, or apply a bit of Hardware Hacking and Software Wizardry to convert your robotic vacuum cleaner into an interactive pet toy…no two jobs are the same. So pick up the dice, and get hacking! Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  31. 31. Existing Games Control-Alt-Hack http://youtu.be/Kpnvsgiiz8s
  32. 32. Existing Games Control-Alt-Hack • Availability http://www.amazon.com/gp/product/B008HIX5KO/
  33. 33. Existing Games Pwn: Combat Hacking • Type: Video • History – Released March 2013 – Designed by 82 Apps, Inc. • Objective – Take Over All Competitor Nodes Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  34. 34. Existing Games Pwn: Combat Hacking • Engage in fast-paced computer hacking wars against your cyberpunk rivals like you were in a retro-futuristic hacking movie. • PWN is a fast-paced, real-time strategy game where you face off against other hackers within 3D virtual networks and take each other out using wits, skill, and computer viruses. Place devious hidden trojans and backdoors, while strategically defending yourself with encrypted nodes and firewalls. PWN lets you feel like the hero (or villain) of your favorite computer hacking action movies. Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  35. 35. Existing Games Pwn: Combat Hacking http://youtu.be/9D23qABd9gg
  36. 36. Existing Games Pwn: Combat Hacking • Availability – IOS • $2.99 • http://bit.ly/pwnios1 – Mac • $4.99 • http://bit.ly/pwnmac1 • Kid Review
  37. 37. Existing Games Uplink • Type: Video • History – 2001: Released for Windows & Linux by Introversion Software – 2006: Valve's Steam – 2011: Ubuntu Software Center – 2012: iPad & Android • Objective – Standard One-Off Missions – Storyline with Player Receiving an E-Mail from Deceased Uplink Agent Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  38. 38. Existing Games Uplink • You play an Uplink Agent who makes a living by performing jobs for major corporations. Your tasks involve hacking into rival computer systems, stealing research data, sabotaging other companies, laundering money, erasing evidence, or framing innocent people. • You use the money you earn to upgrade your computer systems, and to buy new software and tools. As your experience level increases you find more dangerous and profitable missions become available. You can speculate on a fully working stock market (and even influence its outcome). You can modify peoples academic or criminal records. You can divert money from bank transfers into your own accounts. You can even take part in the construction of the most deadly computer virus ever designed. Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  39. 39. Existing Games Uplink http://youtu.be/xmqvoFfVbAo
  40. 40. Existing Games Uplink • Availability – Windows/Linux • $15 download; $20 Delivery – iPad • $4.99 • http://bit.ly/uplinkipad – Mac • $10 • http://bit.ly/uplinkmac – Android (coming) • Kid Review
  41. 41. Existing Games CryptoClub • Type: Website • History – Created by University of Illinois & Partners – cryptoclub.math.uic.edu – CryptoClub.org • Objective – Teach Basic Crypto Concepts – Test Skills with Games & Challenges Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  42. 42. Existing Games Crypto Club http://www.cryptoclub.org/
  43. 43. Existing Games NSA CryptoChallenge • Type: Most Mobile Devices • History – No such story exists – So I can not tell you much – But here you go • Objective – Teach Basic Crypto Concepts – Test Skills with Games & Challenges Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  44. 44. Existing Games NSA CryptoChallenge Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  45. 45. Existing Games VIM Adventures • Type: Website • History – Few Years Ago – 3 Levels – Recently Finalized – 13 Levels • Objective – Learn VIM through Gaming – “It’s the ‘Zelda meets text editing’ game.” Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  46. 46. Existing Games VIM Adventures http://vim-adventures.com/
  47. 47. Other • HackTikes Podcast • Hacker High School • Online (Regex Golf, …) • https://sites.google.com/site/cybersafetygam es/ Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  48. 48. KidHack Project • Platform – Blog: bit.ly/kidhack – Fancy .io Domains • Game Categories – Computers – Programming – Games – Conferences – Books/Podcasts Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  49. 49. Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  50. 50. What’s Next OpenSecurityTraining.info
  51. 51. What’s Next • Contribute (comments, emails, etc.) Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  52. 52. Conclusion • Introduction • Background • Existing Games • KidHack Project • What’s Next • Conclusion Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
  53. 53. Questions? • Presentation http://bit.ly/grecsbsidesde • Twitter @grecs • Website NovaInfosec.com • Contact http://bit.ly/nispcontact
  54. 54. Backup

×