You and your fellow players work for Hackers, Inc.: a small, elite computer security company of ethical, white hat hackers that perform security audits and provide consultation services. Their Motto: You Pay Us to Hack You.
In 1992, Steve Jackson Games published the game Hacker, satirizing the Secret Service raid that seized drafts of GURPS Cyberpunk. The Hacker game manual helpfully states, "Important Notice To Secret Service! This Is Only A Game! These Are Not Real Hacking Instructions! You Cannot Hack Into Real Computers By Rolling Little Dice!" Now, 20 years later, we wish to announce a new card game that's fun, yes, but also designed to illustrate important aspects of computer security. We licensed our game mechanics (Ninja Burger) from none other than Steve Jackson Games, then created all-new content--complete with illustrations and graphic design--to deal with computer security topics.
Each person plays as a white hat hacker at a company that performs security audits and provides consulting services. Your job is centered around Missions -- tasks that require you to apply your hacker skills (Hardware Hacking, Software Wizardry, Network Ninja, Social Engineering, Cryptanalysis, Forensics, and more) and a bit of luck in order to succeed. You gain Hacker Cred by successfully completing Missions ("Disinformation Debacle," "Mr. Botneto", "e-Theft Auto") and you lose Hacker Cred when you fail. Entropy cards help you along the way with advantages that you can purchase ("Superlative Visualization Software") and unexpected obstacles that you can use to thwart other players ("Failed to Document"). Gain enough Hacker Cred, and you win fame and fortune as the CEO of your very own consulting company.
Why a game? Entertainment provides an engaging medium with which to raise awareness of the diversity of technologies impacted by security breaches and the creativity of techniques employed by attackers. In this talk, we will describe our goals in creating the game, discuss trials involved in the game design process, and discuss the potential applications of security-themed games. Come observe a game demo, look for a free copy to give away
Tadayoshi Kohno is an Associate Professor of Computer Science and Engineering at the University of Washington. His work focuses on finding vulnerabilities in insecure systems, and building secure systems. In 2003 he was part of the team that conducted the first security review of the Diebold electronic voting machine software, and he also conducted the first public experimental security analysis of a modern implantable cardiac device (2008) and a complete automobile (2010 and 2011). His group also framed a networked printer for copyright infringement, with the printer receiving a DMCA takedown notice for illegally downloading Iron Man. Prior to academia, Kohno worked as a cryptographer and security consultant at Counterpane Systems and Cigital. Kohno is the co-author of Cryptography Engineering, with Niels Ferguson and Bruce Schneier, and is chairing the 2012 USENIX Security Symposium.
Tamara Denning is a fifth year PhD student at the University of Washington working with Tadayoshi Kohno in the Security and Privacy Research Lab. She received her B.S. in Computer Science from the University of California, San Diego in 2007 and her Master's degree from the University of Washington in 2009. Her main area of focus is the intersection of humans and computer security with a focus on emerging technologies.
Shostack helped found the CVE, the Privacy Enhancing Technologies Symposium and the International Financial Cryptography Association. He has been a leader at a number of successful information security and privacy startups, and is co-author of the widely acclaimed book, The New School of Information Security. Shostack is currently a principal program manager on the Microsoft Trustworthy Computing Usable Security team, where among other accomplishments, he's Shostack helped found the CVE, the Privacy Enhancing Technologies Symposium and the International Financial Cryptography Association. He has been a leader at a number of successful information security and privacy startups, and is co-author of the widely acclaimed book, The New School of Information Security. Shostack is currently a principal program manager on the Microsoft Trustworthy Computing Usable Security team, where among other accomplishments, he shipped the Microsoft Security Development Lifecycle (SDL) Threat Modeling Tool and the Elevation of Privilege threat modeling game as a member of the SDL team.