Control-Alt-Hack is a game for high schoolers and college students designed to teach them about cybersecurity in a lighthearted way.
LAS VEGAS (CNNMoney) -- Pure stupidity is perhaps the biggest obstacle our society faces in its losing battle against cybercriminals.
No matter how secure a network is, when an employee opens up an obvious phishing e-mails, all that fence-building was for naught. Time and time again, we hear about companies' failure to protect users' passwords with even the most basic database security. And then there are the people who choose "password" for their passwords.
Lax security sometimes stems from laziness or a lack of resources, but it most often really comes down to ignorance. How do we combat cybercriminals when most of the world's computer users don't know anything about security?
"Get 'em while they're young!" Adam Shostack, a Microsoft (Fortune 500) security program manager and collaborator with a University of Washington security research team, proclaimed at the Black Hat cybersecurity conference on Wednesday.,
It's a noble idea, but how exactly do you get kids interested in cybersecurity? Shostack, along with UW researchers Tadayoshi Kohno and Tamara Denning, decided a card game might do the trick.
Yep, a card game. They didn't want to design an "educational game" that beat players over the head with information. Instead, they sought to build a game that high school and college students could play at a party.
"How many of us have carrots in our toolbox?" Shostack said. "We're too concerned about beating people with sticks."
The team went to game stores looking for inspiration and found "Ninja Burger," a popular card game designed by Steve Jackson that seemed exactly what they were after. The game challenges a group of ninjas use their combat, stealth and customer service skills to deliver burgers to customers.
The UW team licensed the game mechanics from Jackson, got some professional designers and publishers on board, and built "Control-Alt-Hack."
In the game, players are White Hat (good) hackers working to fend off security threats at their company. They accept missions and build their "hacker cred" along the way, with the ultimate goal of becoming the CEO -- not the most realistic game, but what can you do?
The game cards are often creative and very funny. One mission card sends the player to consult for a Hollywood film, with the goal of convincing the producer that "hacking doesn't actually look like a speed-typing race."
Along the way, players learn about a batch of hacker techniques, from social engineering to insider attacks. One scenario has someone calling the IT desk, posing as a new employee, and requesting the IP address of one of their servers. Another has someone breaking into a corporate network by posing as a coffee barista. They seem silly, but those kind of attacks happen daily.
"We're trying to help broaden the public's understanding of the word 'hacker,'" said UW's Kohno. "Computer security to the public means laptops, desktops and the Web, but the game shows security matters with any technology."
|What we want Apple to unveil at WWDC|
|Millennials squeezed out of buying a home|
|7 traits the rich have in common|
|Big Data knows you're sick, tired and depressed|
|Your car is a giant computer - and it can be hacked|