Wanna teach your kid to be a hacker but don’t know where to start? Security is a fairly complex topic but games offer the best way for kids to learn the basics. This presentation not only reviews a sample of existing games that teach security fundamentals to a younger audience but also discusses a new crowdsourced project to catalog similar fun and entertaining ways to teach kids security. This project could help spur interest in later university and other programs and potentially a career … or at least make our children a more security-conscience adult in whatever field they choose.
2. Disclaimer
• Opinions expressed do not express the views
or opinions of my
– my employers
– my customers,
– my wife,
– my kids,
– my parents
– my in-laws
– my high school girlfriend from Canada
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
15. Background
Why
Feds Need 10,000 Cyber Security Experts (6/7/2009)
Cybersecurity business, jobs expected to grow through 2016 (10/21/12)
Fewer Cyber Pros, More Cyber Problems (9/1/14)
16. Background
Why
• NSA Tapping Schools of Excellence
• Wait … Wait … Don’t Need Degrees
• More Technical Skills
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
17. Background
Why
• Preparing Next Generation of
Infosec Pros by Getting Interested Early
– Seeing if My Kids into Infosec
• Recent Trainer Role
– Contemplating Best Ways to Teach
– Lecture, Socratic, Active, Rote, …
• Focus on Simulation with Gaming
– Versus Setting Up Real Environment
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
18. Background
Inspiration
• CTFs (for years)
• Bruce Potter – DerbyCon 2013
– It’s Only a Game: Learning Security through Gaming
• History of CTF Contests & Other Games Hardcore Security Pros Play
• Games that Can Be Used to Engage Non-Security Pros More Focused on
Theory vs Collecting List of Games
• http://bit.ly/pottergaming
• MrsYIsY – Network Computing
– Want To Develop Information Security Skills?
Capture The Flag
• Simulation of Real-World Security Operations
• http://bit.ly/mrsyctf
• Ender’s Game
– Military Tactics
– Simulations/Drills
21. Existing Games
Hacker
• Type: Card
• History
– 1990: Secret Service Raided Steve Jackson Games
• Confiscated Equipment, including Illuminati BBS.
– 1992: Made Game of It
• Satirizing Secret Service, Hackers, Phone Companies, etc.
– 1993: Hacker II – The Dark Side - more players & new rules
– 2001: Hacker – Deluxe Edition – Combined All Above into
Box Set
• Objective
– Players Act as Hackers
– Compete Against Each Other to Control Most Systems
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
22. Existing Games
Hacker
• Hacker uses a variation of the Illuminati system; players lay
out cards (representing systems) to create the Net, which is
never the same twice. But instead of separate “power
structures” for each player, there is only one Net, and
players place tokens to indicate what systems they have
invaded and how completely they control them.
• For 3 to 6 players; takes from 90 minutes to 2 1/2 hours.
The supplement, Hacker II, lets you add two more players.
• Components include rulebook, 110 cards, 172 marker
chips, 6 console units, lots of “system upgrades,” and other
markers.
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
23. Existing Games
Hacker
• Hacker II
– Supplement to Hacker (not playable alone)
– New Rules: Viruses, the Internet Worm, outdials, multiple accounts,
Black Ice, and Military Hardware.
– Consoles & Tokens for 2 More Players
• Hacker – Deluxe Edition
– Can you break into the world’s toughest computer systems? In Hacker,
players sail through the Net, competing to invade the most systems.
The more systems you crack, the more you learn, and the easier your
next target is. You can find back doors and secret phone lines, and
even crash the systems your rivals are using. But be careful. There’s a
Secret Service Raid waiting for you!
– Designed by Steve Jackson, Hacker requires guile and diplomacy. To
win, you must trade favors with your fellow hackers – and get more
than you give away. But jealous rivals will try to bust you. Three busts
and you’re out of the game!
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
24. Existing Games
Hacker
• Availability
– Out of Print
– Dealers In Out-Of-Print Games
• http://www.sjgames.com/general/outofprint.html
• Kid Review
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
25. Existing Games
[d0x3d!]
• Type: Board
• History
– Inspired by 2010 Game
Forbidden Island
– Introduces Attack & Defend Mechanics and Other
Basic Computer Security Constructs
• Objective
– Teaching Non-Techies Computer Security
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
26. Existing Games
[d0x3d!]
• In [d0x3d!], you and up to three other players take on the role of an 1337 hacker
syndicate, infiltrating a network to reclaim valuable digital assets that have been
stolen from them. What are these assets? There are four types—financial data,
personally identifiable information, authentication credentials, and intellectual
property—but what exactly these represents is your little secret. Embarrassing
photos? The recipe for the best BBQ in the world? You decide.
• As you seek out these valuable digital assets, the network admins respond:
patching compromised machines, raising alarms, sometimes changing its very
topology to impede your movement. You and your team work together,
compromising and looting machines on the network, trying to not alert the
network admins of your presence. If the admins feel too threatened by the activity
they see on their network, they will take your stolen personal data and release it
onto the internet! In other words, you’ll get d0x3d!
• You all win together, or you all lose together. Brave the network and protect your
data!
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
28. Existing Games
[d0x3d!]
• Availability
– Open-Source & Freely Available
• https://github.com/TableTopSecurity/d0x3d-the-game
• Download & Print
– $25 Boxed Set from TheGameCrafter.com
• https://www.thegamecrafter.com/games/-d0x3d-
• Kid Review
29. Existing Games
Control-Alt-Hack
• Type: Card
• History
– Announced DefCon 2012
– Available Nov 2012 (Amazon)
– Designed by Tamara Denning, Tadayoshi Kohno,
Adam Shostack
• Objective
– Teaching Non-Techies Computer Security
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
30. Existing Games
Control-Alt-Hack
• Based on a game mechanic by gaming powerhouse Steve Jackson Games
(Munchkin and GURPS), Control-Alt-Hack™ is a tabletop card game about
white hat hacking.
• You and your fellow players work for Hackers, Inc.: a small, elite computer
security company of ethical (a.k.a. white hat) hackers who perform
security audits and provide consultation services. Their motto? “You Pay
Us to Hack You.”
• Your job is centered around Missions-tasks that require you to apply your
hacker skills (and a bit of luck) in order to succeed. Use your Social
Engineering and Network Ninja skills to break the Pacific Northwest’s
power grid, or apply a bit of Hardware Hacking and Software Wizardry to
convert your robotic vacuum cleaner into an interactive pet toy…no two
jobs are the same. So pick up the dice, and get hacking!
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
33. Existing Games
Pwn: Combat Hacking
• Type: Video
• History
– Released March 2013
– Designed by 82 Apps, Inc.
• Objective
– Take Over All Competitor Nodes
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
34. Existing Games
Pwn: Combat Hacking
• Engage in fast-paced computer hacking wars against
your cyberpunk rivals like you were in a retro-futuristic
hacking movie.
• PWN is a fast-paced, real-time strategy game where
you face off against other hackers within 3D virtual
networks and take each other out using wits, skill, and
computer viruses. Place devious hidden trojans and
backdoors, while strategically defending yourself with
encrypted nodes and firewalls. PWN lets you feel like
the hero (or villain) of your favorite computer hacking
action movies.
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
37. Existing Games
Uplink
• Type: Video
• History
– 2001: Released for Windows &
Linux by Introversion Software
– 2006: Valve's Steam
– 2011: Ubuntu Software Center
– 2012: iPad & Android
• Objective
– Standard One-Off Missions
– Storyline with Player Receiving an E-Mail from
Deceased Uplink Agent
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
38. Existing Games
Uplink
• You play an Uplink Agent who makes a living by performing jobs for
major corporations. Your tasks involve hacking into rival computer
systems, stealing research data, sabotaging other companies,
laundering money, erasing evidence, or framing innocent people.
• You use the money you earn to upgrade your computer systems,
and to buy new software and tools. As your experience level
increases you find more dangerous and profitable missions become
available. You can speculate on a fully working stock market (and
even influence its outcome). You can modify peoples academic or
criminal records. You can divert money from bank transfers into
your own accounts. You can even take part in the construction of
the most deadly computer virus ever designed.
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
41. Existing Games
CryptoClub
• Type: Website
• History
– Created by University of Illinois & Partners
– cryptoclub.math.uic.edu
– CryptoClub.org
• Objective
– Teach Basic Crypto Concepts
– Test Skills with Games & Challenges
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
43. Existing Games
NSA CryptoChallenge
• Type: Most Mobile Devices
• History
– No such story exists
– So I can not tell you much
– But here you go
• Objective
– Teach Basic Crypto Concepts
– Test Skills with Games & Challenges
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,
45. Existing Games
VIM Adventures
• Type: Website
• History
– Few Years Ago – 3 Levels
– Recently Finalized – 13 Levels
• Objective
– Learn VIM through Gaming
– “It’s the ‘Zelda meets text editing’ game.”
Project KidHack: Teaching Kids Security through Gaming NovaInfosec.com@grecs,