Wanna teach your kid to be a hacker but don’t know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career … or at least make our children a more security-conscience adult in whatever field they choose.
2. Disclaimer
• Opinions expressed do not express the views
or opinions of
– my employers, his schools
– my customers,
– my wife, his mom
– my daughter, his sister
– my parents, his grandparents
– my in-laws, his other grandparents
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
14. Background
Why
Feds Need 10,000 Cyber Security Experts (6/7/2009)
Cybersecurity business, jobs expected to grow through 2016 (10/21/12)
Fewer Cyber Pros, More Cyber Problems (9/1/14)
15. Background
Why
• NSA Tapping Schools of Excellence
• University “Cyber” Degrees
• Technical Training Organizations
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
16. Background
Why
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
Preparing Next Next
Gen of Infosec Pros
by Getting Interested
Early
Recent Trainer Role -
Contemplating Best
Ways to Teach
Focus on Simulation with Gaming
Versus Setting Up Real Environment
SIMULATION WITH GAMING
…
NEXT-
NEXT
GEN
TRAINING
ROLE
17. Background
Inspiration
• CTFs (for years)
• Bruce Potter – DerbyCon 2013
– It’s Only a Game: Learning Security through Gaming
• History of CTF Contests & Other Games Hardcore Security Pros Play
• Games that Can Be Used to Engage Non-Security Pros More Focused on
Theory vs Collecting List of Games
• http://bit.ly/pottergaming
• MrsYIsY – Network Computing
– Want To Develop Information Security Skills?
Capture The Flag
• Simulation of Real-World Security Operations
• http://bit.ly/mrsyctf
• Ender’s Game
– Military Tactics
– Simulations/Drills
19. Existing Games
Hacker
• Type: Card
• History/About
– 1990: Secret Service Raided Steve Jackson Games
• Confiscated Equipment, including Illuminati BBS.
– 1992: Made Game of It
• Satirizing Secret Service, Hackers, Phone Companies, etc.
– 1993: Hacker II – The Dark Side - more players & new rules
– 2001: Hacker – Deluxe Edition – Combined All Above into
Box Set
• Objective
– Players Act as Hackers
– Compete Against Each Other to Control Most Systems
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
20. Existing Games
Hacker
• Hacker uses a variation of the Illuminati system; players lay
out cards (representing systems) to create the Net, which is
never the same twice. But instead of separate “power
structures” for each player, there is only one Net, and
players place tokens to indicate what systems they have
invaded and how completely they control them.
• For 3 to 6 players; takes from 90 minutes to 2 1/2 hours.
The supplement, Hacker II, lets you add two more players.
• Components include rulebook, 110 cards, 172 marker
chips, 6 console units, lots of “system upgrades,” and other
markers.
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
21. Existing Games
Hacker
• Hacker II
– Supplement to Hacker (not playable alone)
– New Rules: Viruses, the Internet Worm, outdials, multiple accounts,
Black Ice, and Military Hardware.
– Consoles & Tokens for 2 More Players
• Hacker – Deluxe Edition
– Can you break into the world’s toughest computer systems? In Hacker,
players sail through the Net, competing to invade the most systems.
The more systems you crack, the more you learn, and the easier your
next target is. You can find back doors and secret phone lines, and
even crash the systems your rivals are using. But be careful. There’s a
Secret Service Raid waiting for you!
– Designed by Steve Jackson, Hacker requires guile and diplomacy. To
win, you must trade favors with your fellow hackers – and get more
than you give away. But jealous rivals will try to bust you. Three busts
and you’re out of the game!
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
22. Existing Games
Hacker
• Availability
– Out of Print
– Dealers In Out-Of-Print Games
• http://www.sjgames.com/general/outofprint.html
• Write-Up
– http://bit.ly/hackercardgame
• Kid Review
23. Existing Games
[d0x3d!]
• Type: Card/Board
• History/About
– Inspired by 2010 Game
Forbidden Island
– Introduces Attack & Defend Mechanics and Other
Basic Computer Security Constructs
• Objective
– Teaching Non-Techies Computer Security
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
24. Existing Games
[d0x3d!]
• In [d0x3d!], you and up to three other players take on the role of an 1337 hacker
syndicate, infiltrating a network to reclaim valuable digital assets that have been
stolen from them. What are these assets? There are four types—financial data,
personally identifiable information, authentication credentials, and intellectual
property—but what exactly these represents is your little secret. Embarrassing
photos? The recipe for the best BBQ in the world? You decide.
• As you seek out these valuable digital assets, the network admins respond:
patching compromised machines, raising alarms, sometimes changing its very
topology to impede your movement. You and your team work together,
compromising and looting machines on the network, trying to not alert the
network admins of your presence. If the admins feel too threatened by the activity
they see on their network, they will take your stolen personal data and release it
onto the internet! In other words, you’ll get d0x3d!
• You all win together, or you all lose together. Brave the network and protect your
data!
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
26. Existing Games
[d0x3d!]
• Availability
– Open-Source & Freely Available
• https://github.com/TableTopSecurity/d0x3d-the-game
• Download & Print
– $25 Boxed Set from TheGameCrafter.com
• https://www.thegamecrafter.com/games/-d0x3d-
• Write-Up
– http://bit.ly/d0x3dgame
• Kid Review
27. Existing Games
Control-Alt-Hack
• Type: Card
• History/About
– 3-6 Players, 14+, ~ 1 hour
– Announced DefCon 2012
– Available Nov 2012 (Amazon)
– Designed by Tamara Denning, Tadayoshi Kohno,
Adam Shostack
• Objective
– Teaching Non-Techies Computer Security
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
28. Existing Games
Control-Alt-Hack
• Based on a game mechanic by gaming powerhouse Steve Jackson Games
(Munchkin and GURPS), Control-Alt-Hack™ is a tabletop card game about
white hat hacking.
• You and your fellow players work for Hackers, Inc.: a small, elite
computer security company of ethical (a.k.a. white hat) hackers who
perform security audits and provide consultation services. Their motto?
“You Pay Us to Hack You.”
• Your job is centered around Missions-tasks that require you to apply your
hacker skills (and a bit of luck) in order to succeed. Use your Social
Engineering and Network Ninja skills to break the Pacific Northwest’s
power grid, or apply a bit of Hardware Hacking and Software Wizardry to
convert your robotic vacuum cleaner into an interactive pet toy…no two
jobs are the same. So pick up the dice, and get hacking!
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
31. Existing Games
Hackers & Agents
• Type: Card
• History/About
– Created by Jason Bevis
– 2 – 8 Players, 12+, < 30 mins
– Similar to Uno
• Skip Encrypted (w/ text you can analyze & decrypt)
• Draw Two Logs
• Reverse Lead
• Wild SQL Injection (with example injection code)
• Wild Draw Four Rootkit
• Number Cards (with its binary representation to learn from)
• Objective
– Teaching Non-Techies Computer Security
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
32. Existing Games
Hackers & Agents
• The world has been infiltrated with hackers who are out
to steal your personal data if they can get their hands on
it. The agents are well armed with forensic techniques and
sworn to catch these cyberpunks.
• Be the first to rid yourself of all the cards in your hand
before every other player and obtain as few points as
possible.
• Each player scores penalty points for cards left in their
hand. As soon as one player has reached 300 points the
game is over and the person with the lowest score is the
winner.
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
33. Existing Games
Hackers & Agents
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
34. Existing Games
Hackers & Agents
• Availability
– $15 from TheGameCrafter.com
• https://www.thegamecrafter.com/games/hackers-agents
– $9 Threat Booster from TheGameCrafter.com
• https://www.thegamecrafter.com/games/hackers-agents-threat-
deckcon-booster
• Write-Up
– http://bit.ly/hackersandagents
• Kid Review
35. Existing Games
Pwn: Combat Hacking
• Type: Video
• History/About
– Released March 2013
– Designed by 82 Apps, Inc.
• Objective
– Various Node Layouts (e.g., grid)
– Take Over All Competitor Nodes
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
36. Existing Games
Pwn: Combat Hacking
• Engage in fast-paced computer hacking wars against
your cyberpunk rivals like you were in a retro-
futuristic hacking movie.
• PWN is a fast-paced, real-time strategy game where
you face off against other hackers within 3D virtual
networks and take each other out using wits, skill, and
computer viruses. Place devious hidden trojans and
backdoors, while strategically defending yourself with
encrypted nodes and firewalls. PWN lets you feel like
the hero (or villain) of your favorite computer hacking
action movies.
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
39. Existing Games
Uplink
• Type: Video
• History/About
– 2001: Released for Windows &
Linux by Introversion Software
– 2006: Valve's Steam
– 2011: Ubuntu Software Center
– 2012: iPad & Android
• Objective
– Standard One-Off Missions
– Storyline with Player Receiving an E-Mail from
Deceased Uplink Agent
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
40. Existing Games
Uplink
• You play an Uplink Agent who makes a living by performing jobs for
major corporations. Your tasks involve hacking into rival computer
systems, stealing research data, sabotaging other companies,
laundering money, erasing evidence, or framing innocent people.
• You use the money you earn to upgrade your computer systems,
and to buy new software and tools. As your experience level
increases you find more dangerous and profitable missions become
available. You can speculate on a fully working stock market (and
even influence its outcome). You can modify peoples academic or
criminal records. You can divert money from bank transfers into
your own accounts. You can even take part in the construction of
the most deadly computer virus ever designed.
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
43. Existing Games
CryptoClub
• Type: Website
• History
– Created by University of Illinois & Partners
– cryptoclub.math.uic.edu
– CryptoClub.org
• Objective
– Teach Basic Crypto Concepts
– Test Skills with Games & Challenges
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
45. Existing Games
CryptoClub
• More Detail
– “The CryptoClub Project develops
classroom and web-based material
to teach cryptography and related
mathematics, as well as material to
support teachers of these topics. The
project is a collaboration between
UIC's Learning Sciences Research
Institute, Department of
Mathematics, Statistics, and
Computer Science, and School of Art
and Design.”
• Kid Review
46. Other
• Games
– NSA CryptoChallenge (http://bit.ly/nsacryptochallenge)
– VIM Adventures (http://bit.ly/vim-adventures)
• Computers/Programming
– Qimo and Edubuntu (http://bit.ly/learningthecomputer)
– Scratch, Logo (http://bit.ly/learningtoprogram)
• Conferences/Presentations
– HacKid
– Hak4Kidz (http://bit.ly/hak4kidz)
– r00tz (http://bit.ly/defconkids)
– “Teaching Kids Cyber Security” – Reuben Paul
(http://bit.ly/teachingkidscyber)
– “Minecraft Security” by Riese Goerlich
(http://bit.ly/minecraftsecurity)
47. Other
• Books/Podcasts/Blogs
– InventWithPython.com
• Hacking Secret Ciphers with Python
• Invent Your Own Computer Games with Python
• Making Games with Python and Pygame
– Super Scratch Programming Adventure
– Python for Kids
– “HackerTikes Podcast” - mubix (http://bit.ly/hackertikes)
• Curriculums/Competitions
– CyberPatriot (teams from elementary through high school)
– CyberAces
– Hacker High School (http://bit.ly/hackerhighschool)
– CyberQuest Challenges
– CCDC-like Teams
48. KidHack Project
• Platform
– Blog Page:
http://bit.ly/kidhac
k
• Categories
– Games
– Computers/Progra
mming
– Conferences/Presen
tations
– Books/Podcasts/Blo
gs
– Curriculums/Compe
titions
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
49. Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
WHAT’S NEXT
Age-Based Curriculum
Effectiveness Survey
Reviewing New Games
Accepting Comm. Contributions
Have Fun
51. What’s Next
Effectiveness Survey
• Demographics (e.g., age, sex, …)
• Prior “Cyber” Experience (e.g., games, school
programs)
• Game Being Surveyed On
– Time Spent Playing
– Ranking 1 – 10 on Various Characteristics
• General: “Funness, ” Play Again?
• Security: Firewalls, Encryption, Malware, …
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
52. What’s Next
• Finding New Games & Reviewing Them
• …
• Accepting Contributions from Community ;)
– Comments on KidHack Page: http://bit.ly/kidhack
– Contact Us Form: http://bit.ly/nispcontact
• …
• Have Fun!
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
53. Conclusion
• Introduction
• Background
• Existing Games
• KidHack Project
• What’s Next
• Conclusion
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,