Teaching Cybersecurity through Gaming

Project
KidHack
Teaching the Next Next Generation
Security through Gaming
@grecs & @pupstrr
NovaInfosec.com

Disclaimer
• Opinions expressed do not express the views
or opinions of
– my employers, his schools
– my customers,
– my wife, his mom
– my daughter, his sister
– my parents, his grandparents
– my in-laws, his other grandparents
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,

20 Yrs Industry
16 Yrs Infosec
5 Yrs SOC

NovaInfosec Consulting
• General Security Engineering/Architecture
• Everything SOC
– Engineering
– Operations
– Training
– SOC 2.0
datamation.com/cnews/article.php/3851071/Tech-Comics-Cloud-Computing-Consultants.htm

Agenda
• Background
• Existing Games
• KidHack Project
• What’s Next?
• Conclusion

BACKGROUND
Why
Inspiration

Background
Why

Background
Why
Feds Need 10,000 Cyber Security Experts (6/7/2009)
Cybersecurity business, jobs expected to grow through 2016 (10/21/12)
Fewer Cyber Pros, More Cyber Problems (9/1/14)

Background
Why
• NSA Tapping Schools of Excellence
• University “Cyber” Degrees
• Technical Training Organizations

Background
Why
Preparing Next Next
Gen of Infosec Pros
by Getting Interested
Early
Recent Trainer Role -
Contemplating Best
Ways to Teach
Focus on Simulation with Gaming
Versus Setting Up Real Environment
SIMULATION WITH GAMING
…
NEXT-
NEXT
GEN
TRAINING
ROLE

Background
Inspiration
• CTFs (for years)
• Bruce Potter – DerbyCon 2013
– It’s Only a Game: Learning Security through Gaming
• History of CTF Contests & Other Games Hardcore Security Pros Play
• Games that Can Be Used to Engage Non-Security Pros  More Focused on
Theory vs Collecting List of Games
• http://bit.ly/pottergaming
• MrsYIsY – Network Computing
– Want To Develop Information Security Skills?
Capture The Flag
• Simulation of Real-World Security Operations
• http://bit.ly/mrsyctf
• Ender’s Game
– Military Tactics
– Simulations/Drills

EXISTING GAMES
Hacker
[d0x3d!]
Control-Alt-Hack
Hackers & Agents
Pwn
Uplink
CryptoClub

Existing Games
Hacker
• Type: Card
• History/About
– 1990: Secret Service Raided Steve Jackson Games
• Confiscated Equipment, including Illuminati BBS.
– 1992: Made Game of It
• Satirizing Secret Service, Hackers, Phone Companies, etc.
– 1993: Hacker II – The Dark Side - more players & new rules
– 2001: Hacker – Deluxe Edition – Combined All Above into
Box Set
• Objective
– Players Act as Hackers
– Compete Against Each Other to Control Most Systems

Existing Games
Hacker
• Hacker uses a variation of the Illuminati system; players lay
out cards (representing systems) to create the Net, which is
never the same twice. But instead of separate “power
structures” for each player, there is only one Net, and
players place tokens to indicate what systems they have
invaded and how completely they control them.
• For 3 to 6 players; takes from 90 minutes to 2 1/2 hours.
The supplement, Hacker II, lets you add two more players.
• Components include rulebook, 110 cards, 172 marker
chips, 6 console units, lots of “system upgrades,” and other
markers.

Existing Games
Hacker
• Hacker II
– Supplement to Hacker (not playable alone)
– New Rules: Viruses, the Internet Worm, outdials, multiple accounts,
Black Ice, and Military Hardware.
– Consoles & Tokens for 2 More Players
• Hacker – Deluxe Edition
– Can you break into the world’s toughest computer systems? In Hacker,
players sail through the Net, competing to invade the most systems.
The more systems you crack, the more you learn, and the easier your
next target is. You can find back doors and secret phone lines, and
even crash the systems your rivals are using. But be careful. There’s a
Secret Service Raid waiting for you!
– Designed by Steve Jackson, Hacker requires guile and diplomacy. To
win, you must trade favors with your fellow hackers – and get more
than you give away. But jealous rivals will try to bust you. Three busts
and you’re out of the game!

Existing Games
Hacker
• Availability
– Out of Print
– Dealers In Out-Of-Print Games
• http://www.sjgames.com/general/outofprint.html
• Write-Up
– http://bit.ly/hackercardgame
• Kid Review

Existing Games
[d0x3d!]
• Type: Card/Board
• History/About
– Inspired by 2010 Game
Forbidden Island
– Introduces Attack & Defend Mechanics and Other
Basic Computer Security Constructs
• Objective
– Teaching Non-Techies Computer Security

Existing Games
[d0x3d!]
• In [d0x3d!], you and up to three other players take on the role of an 1337 hacker
syndicate, infiltrating a network to reclaim valuable digital assets that have been
stolen from them. What are these assets? There are four types—financial data,
personally identifiable information, authentication credentials, and intellectual
property—but what exactly these represents is your little secret. Embarrassing
photos? The recipe for the best BBQ in the world? You decide.
• As you seek out these valuable digital assets, the network admins respond:
patching compromised machines, raising alarms, sometimes changing its very
topology to impede your movement. You and your team work together,
compromising and looting machines on the network, trying to not alert the
network admins of your presence. If the admins feel too threatened by the activity
they see on their network, they will take your stolen personal data and release it
onto the internet! In other words, you’ll get d0x3d!
• You all win together, or you all lose together. Brave the network and protect your
data!

Existing Games
[d0x3d!]
http://youtu.be/oMi-GB9tc6s

Existing Games
[d0x3d!]
• Availability
– Open-Source & Freely Available
• https://github.com/TableTopSecurity/d0x3d-the-game
• Download & Print
– $25 Boxed Set from TheGameCrafter.com
• https://www.thegamecrafter.com/games/-d0x3d-
• Write-Up
– http://bit.ly/d0x3dgame
• Kid Review

Existing Games
Control-Alt-Hack
• Type: Card
• History/About
– 3-6 Players, 14+, ~ 1 hour
– Announced DefCon 2012
– Available Nov 2012 (Amazon)
– Designed by Tamara Denning, Tadayoshi Kohno,
Adam Shostack
• Objective

Existing Games
Control-Alt-Hack
• Based on a game mechanic by gaming powerhouse Steve Jackson Games
(Munchkin and GURPS), Control-Alt-Hack™ is a tabletop card game about
white hat hacking.
• You and your fellow players work for Hackers, Inc.: a small, elite
computer security company of ethical (a.k.a. white hat) hackers who
perform security audits and provide consultation services. Their motto?
“You Pay Us to Hack You.”
• Your job is centered around Missions-tasks that require you to apply your
hacker skills (and a bit of luck) in order to succeed. Use your Social
Engineering and Network Ninja skills to break the Pacific Northwest’s
power grid, or apply a bit of Hardware Hacking and Software Wizardry to
convert your robotic vacuum cleaner into an interactive pet toy…no two
jobs are the same. So pick up the dice, and get hacking!

Existing Games
Control-Alt-Hack
http://youtu.be/Kpnvsgiiz8s

Existing Games
Control-Alt-Hack
• Availability
– Amazon.com
• Write-Up
– http://bit.ly/ctrl-alt-hack
• Kid Review
http://www.amazon.com/gp/product/B008HIX5KO/

Existing Games
Hackers & Agents
• Type: Card
• History/About
– Created by Jason Bevis
– 2 – 8 Players, 12+, < 30 mins
– Similar to Uno
• Skip  Encrypted (w/ text you can analyze & decrypt)
• Draw Two  Logs
• Reverse  Lead
• Wild  SQL Injection (with example injection code)
• Wild Draw Four  Rootkit
• Number Cards (with its binary representation to learn from)
• Objective

Existing Games
Hackers & Agents
• The world has been infiltrated with hackers who are out
to steal your personal data if they can get their hands on
it. The agents are well armed with forensic techniques and
sworn to catch these cyberpunks.
• Be the first to rid yourself of all the cards in your hand
before every other player and obtain as few points as
possible.
• Each player scores penalty points for cards left in their
hand. As soon as one player has reached 300 points the
game is over and the person with the lowest score is the
winner.

Existing Games
Hackers & Agents

Existing Games
Hackers & Agents
• Availability
– $15 from TheGameCrafter.com
• https://www.thegamecrafter.com/games/hackers-agents
– $9 Threat Booster from TheGameCrafter.com
• https://www.thegamecrafter.com/games/hackers-agents-threat-
deckcon-booster
• Write-Up
– http://bit.ly/hackersandagents
• Kid Review

Existing Games
Pwn: Combat Hacking
• Type: Video
• History/About
– Released March 2013
– Designed by 82 Apps, Inc.
• Objective
– Various Node Layouts (e.g., grid)
– Take Over All Competitor Nodes

Existing Games
Pwn: Combat Hacking
• Engage in fast-paced computer hacking wars against
your cyberpunk rivals like you were in a retro-
futuristic hacking movie.
• PWN is a fast-paced, real-time strategy game where
you face off against other hackers within 3D virtual
networks and take each other out using wits, skill, and
computer viruses. Place devious hidden trojans and
backdoors, while strategically defending yourself with
encrypted nodes and firewalls. PWN lets you feel like
the hero (or villain) of your favorite computer hacking
action movies.

Existing Games
Pwn: Combat Hacking
http://youtu.be/9D23qABd9gg

Existing Games
Pwn: Combat Hacking
• Availability
– IOS
• $2.99
• http://bit.ly/pwnios1
– Mac
• $4.99
• http://bit.ly/pwnmac1
• Write-Up
– http://bit.ly/pwngame
• Kid Review

Existing Games
Uplink
• Type: Video
• History/About
– 2001: Released for Windows &
Linux by Introversion Software
– 2006: Valve's Steam
– 2011: Ubuntu Software Center
– 2012: iPad & Android
• Objective
– Standard One-Off Missions
– Storyline with Player Receiving an E-Mail from
Deceased Uplink Agent

Existing Games
Uplink
• You play an Uplink Agent who makes a living by performing jobs for
major corporations. Your tasks involve hacking into rival computer
systems, stealing research data, sabotaging other companies,
laundering money, erasing evidence, or framing innocent people.
• You use the money you earn to upgrade your computer systems,
and to buy new software and tools. As your experience level
increases you find more dangerous and profitable missions become
available. You can speculate on a fully working stock market (and
even influence its outcome). You can modify peoples academic or
criminal records. You can divert money from bank transfers into
your own accounts. You can even take part in the construction of
the most deadly computer virus ever designed.

Existing Games
Uplink
http://youtu.be/xmqvoFfVbAo

Existing Games
Uplink
• Availability
– Windows/Linux
• $15 download; $20 Delivery
– iPad
• $4.99
• http://bit.ly/uplinkipad
– Mac
• $10
• http://bit.ly/uplinkmac
– Android (coming)
• Kid Review

Existing Games
CryptoClub
• Type: Website
• History
– Created by University of Illinois & Partners
– cryptoclub.math.uic.edu
– CryptoClub.org
• Objective
– Teach Basic Crypto Concepts
– Test Skills with Games & Challenges

Existing Games
CryptoClub
http://www.cryptoclub.org/

Existing Games
CryptoClub
• More Detail
– “The CryptoClub Project develops
classroom and web-based material
to teach cryptography and related
mathematics, as well as material to
support teachers of these topics. The
project is a collaboration between
UIC's Learning Sciences Research
Institute, Department of
Mathematics, Statistics, and
Computer Science, and School of Art
and Design.”
• Kid Review

Other
• Games
– NSA CryptoChallenge (http://bit.ly/nsacryptochallenge)
– VIM Adventures (http://bit.ly/vim-adventures)
• Computers/Programming
– Qimo and Edubuntu (http://bit.ly/learningthecomputer)
– Scratch, Logo (http://bit.ly/learningtoprogram)
• Conferences/Presentations
– HacKid
– Hak4Kidz (http://bit.ly/hak4kidz)
– r00tz (http://bit.ly/defconkids)
– “Teaching Kids Cyber Security” – Reuben Paul
(http://bit.ly/teachingkidscyber)
– “Minecraft Security” by Riese Goerlich
(http://bit.ly/minecraftsecurity)

Other
• Books/Podcasts/Blogs
– InventWithPython.com
• Hacking Secret Ciphers with Python
• Invent Your Own Computer Games with Python
• Making Games with Python and Pygame
– Super Scratch Programming Adventure
– Python for Kids
– “HackerTikes Podcast” - mubix (http://bit.ly/hackertikes)
• Curriculums/Competitions
– CyberPatriot (teams from elementary through high school)
– CyberAces
– Hacker High School (http://bit.ly/hackerhighschool)
– CyberQuest Challenges
– CCDC-like Teams

KidHack Project
• Platform
– Blog Page:
http://bit.ly/kidhac
k
• Categories
– Games
– Computers/Progra
mming
– Conferences/Presen
tations
– Books/Podcasts/Blo
gs
– Curriculums/Compe
titions

WHAT’S NEXT
Age-Based Curriculum
Effectiveness Survey
Reviewing New Games
Accepting Comm. Contributions
Have Fun

What’s Next
Age-Based Curriculum
Games Computers/Pr
ogramming
Cons/Presenta
tions
Books/Podcasts/
Blogs
Curriculums/Competi
tions
3-5 • Hackers & Agents
(12+)
• Qimo (3+)
6-8 • Pwn • Edubuntu • HacKid (5+) • Super Scratch
Programming
Adventure (9+)
9-11 • [d0x3d!]
• Uplink
• CryptoClub
• Scratch (8+) • Hak4Kidz (8+) • Python for Kids
(10+)
• CyberPatriot (ES
coming)
12-14 • Control-Alt-Hack
(14+)
• r00tz • Hacking Secret
Ciphers w/ Python
• CyberPatriot Teams
(MS)
15-17 • Hacker High School
• CyberPatriot Teams (HS)
• CyberAces
18-20 • CyberQuest Challenges
• CCDC Teams

What’s Next
Effectiveness Survey
• Demographics (e.g., age, sex, …)
• Prior “Cyber” Experience (e.g., games, school
programs)
• Game Being Surveyed On
– Time Spent Playing
– Ranking 1 – 10 on Various Characteristics
• General: “Funness, ” Play Again?
• Security: Firewalls, Encryption, Malware, …

What’s Next
• Finding New Games & Reviewing Them
• …
• Accepting Contributions from Community ;)
– Comments on KidHack Page: http://bit.ly/kidhack
– Contact Us Form: http://bit.ly/nispcontact
• …
• Have Fun!

Conclusion
• Introduction
• Background
• Existing Games
• KidHack Project
• What’s Next
• Conclusion

Questions?
• Twitter @grecs
• Website NovaInfosec.com, @novainfosec
• Contact http://bit.ly/nispcontact
o Questions/Consulting

Teaching Cybersecurity through Gaming

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (9)

Similar to Teaching Cybersecurity through Gaming

Similar to Teaching Cybersecurity through Gaming (20)

Recently uploaded

Recently uploaded (20)

Teaching Cybersecurity through Gaming