New card game gives players chance to know how it feels to be a computer-security professional defending against an ever-expanding range of digital threats, has been developed by computer scientists of the University of Washington.
"Control-Alt-Hack" will be presented this week in Las Vegas at Black Hat 2012, an annual information-security meeting.
"Hopefully players will come away thinking differently about computer security," said creator Yoshi Kohno, a UW associate professor of computer science and engineering.
The target audience is 15- to 30-year-olds with some knowledge of computer science, though not necessarily of computer security.
The game could supplement a high school or introductory college-level computer science course, Kohno said, or it could appeal to information technology professionals who may not follow the evolution of computer security.
In the game, players work for Hackers Inc., a small company that performs security audits and consultations for a fee. Three to six players take turns choosing a card that presents a hacking challenge that ranges in difficulty and level of seriousness.
In one mission, a player on a business trip gets bored and hacks the hotel minibar to disrupt its radio-tag payment system, then tells the manager. (A real project being presented at Black Hat this year exposes a security hole in hotel keycard systems.)
"We went out of our way to incorporate humor. We wanted it to be based in reality, but more importantly we want it to be fun for the players," said co-creator Tamara Denning, a UW doctoral student in computer science and engineering.
This is not an educational game that tries to teach something specific, Denning said, but a game that's mainly designed to be fun and contains some real content as a side benefit. The team decided on an old-fashioned tabletop card game to make it social and encourage interaction.
Some scenarios incorporate research from Kohno's Security and Privacy Research Lab, such as security threats to cars, toy robots and implanted medical devices. The missions also touch other hot topics in computer security, such as botnets that use hundreds of hijacked computers to send spam, and vulnerabilities in online medical records.
Characters have various skills they can deploy. In addition to the predictable "software wizardry," skills include "lock picking" (for instance, breaking into a locked server room) and "social engineering" (like tricking somebody into revealing a password).
Graduate students who are current or former members of the UW lab served as loose models for many of the game's characters. Cards depict the characters doing hobbies, such as motorcycling and rock climbing, that their real-life models enjoy.
"We wanted to dispel people's stereotypes about what it means to be a computer scientist," Denning said.
The UW group licensed the game's mechanics from award-winning game designer Steve Jackson of Austin, Texas. The group hired an artist to draw the characters and a Seattle firm to design the graphics. Adam Shostack, a security professional who helped develop a card game at Microsoft in 2010, is a collaborator and co-author.
The game is scheduled to go on sale in the fall for a retail price of about 30 dollars.