«Hack The Hacker» - The SWITCH Security Awareness Experience

A criminal hacker has infected the computer system of your organization with ransomware. All data is encrypted. Your team has to outwit the hacker and rescue the data. Will you discover the decryption code?

Gain the knowledge. Face the threat. Hack The Hacker.

 

 

A training to remember 

 

Ransomware in your organization

A click on a link in an email infects the computer system of your organization with ransonmware. It's up to you and your colleagues to rescue the data. You have to put down the attack of the criminal hacker. 

The mission of your team is to discover the code that revokes the encryption executed by the malicious software. Together with up to 6 people you have to search the hacker's den for hidden hints and clues. 

In order to find them and to solve all the puzzles you have to turn into hackers yourselves. Outwit the hacker and save your organization!

Hands-on security

«Hack The Hacker» offers a hands-on security awareness experience. In the style of an escape room, the participants have to solve puzzles in an analog game environment as a team.

Introduction, game, debriefing 

The introduction provides the participants with basic knowledge about security which they further need to apply during the game. In a debriefing, the experienced security aspects are strengthened by referring back to the initially discussed topics.

Sustainability through fun

«Hack The Hacker» is security training with fun and sustainable success. The mix of theory and practice, fiction and reality as well as the teamwork approach, makes the learning experience memorable and motivates to have some further discussions. 

 

The participants learn more about the following topics:

Phisher fish for information of value. Using faked e-mails they try to steal passwords and credit card data or distribute malicious software.

More information and tips: 

Did you ever spill coffee over your laptop? Or did you hear about ransomware? These are only two of several scenarios in which a data backup would save you and your data from the worst consequences. 

More information and tipps:

Even trash can be interesting for data thiefs. In order to find sensitive information, criminals also search through wastepaper baskets. That's why documents containing sensitive information should be shredded before dumping. USB drives or hard drives should be deleted properly and brought to the appropriate disposal places.

More information and tips:

Using social engineering techniques criminal hackers hack people. With the help of psychological tricks, they want to push their victim into revealing sensitive information, such as passwords.

More information and tricks:

  • book to read: The Art of Deception by Kevin Mitnick (e/f/d/i)
  • movie to watch: Catch me if you can with Leonardo DiCaprio and Tom Hanks (e/f/d/i)

The brute-force approach is a problem solving method for computer science, cryptology and game theory. Hacking a password using brute-force consists in trying all possible character combinations until the correct one is found.

More information and tips:

To protect your data you need strong passwords. Those consist of at least 10 characters and contain numbers, upper and lower cases as well as special characters.

Additionally they should be unique. Every online account is worthy of its own password: Instagram, Twitter, Ricardo, E-Mail and E-Banking.

More information and tips:

Encryption or "ciphering" is the conversion of a normal text into a secret one. This secret text can only be read by persons that have the "key" or "code" to revoke the encryption.

Encryption is fundamental for a all security measures. 

What is ransomware?  


Ransomware is malware that encrypts all the data on the infected computer. Without the correct decryption code the data is lost. The attacker is making money out of it, through blackmailing the data owner: money in exchange for the code. 

It is advised not to pay the ransom because there is no guarantee for getting back the data.

Between April 2016 and March 2017 more than 2.5 Mio. users have been confronted with ransomware. 2017 every second company was affected. The average damage per organization adds up to around CHF 123'000 per case. 

 

More Hacker-tainment

 

TV shows

"Mr. Robot" is an US-american thriller TV series written by Sam Esmail and broadcasted on USA Network since 2015. 

The main character is Elliot Alderson, a young IT security specialist with a split personality. Together with a mysterious Mr. Robot he is working for an anarchistic hacker group to destabilize the global economy.

The third season was broadcasted in October 2017; a fourth season is in the making.

"The IT Crowd" is a British sitcom written by Graham Linehan.

The series is about the everyday life of the three employees of the IT department at Reynholm Industries. Moss, Roy and Jen have to deal with stereotypical prejudices and almost too realistic problems of an IT department in a bigger company.

The series started in 2006 and went on for four seasons with six episodes each.

Movies

Genre: Science Fiction

Year of release: 1999

Directed by: The Wachowski Brothers

Summary: Reality is only an illusion. The truth is, human kind is enslaved by machines that use the human body as a source for energy. The programmer Neo is freed and gets to know the true reality. As a part of a rebellious group he starts to fight against the machines.

Genre: Spy thriller

Year of release: 2016

Directed by: Oliver Stone and Kieran Fitzgerald

Summary: Based on "The Snowden Files" by Luke Harding and "Time of the Octopus" by Anatoly Kucherena the movie pictures the true story of the CIA- and NSA-employee and whistleblower Edward Snowden. Publishing thousands of secret documents that proof the existence of US-american and English programs for total surveillance of the internet traffic, Snowden caused the global surveillance and espionage scandal. Still today his action has impact on international politics and makes him one of the most wanted men of the world. 

Genre: Thriller

Year of release: 2014

Directed by: Baran bo Odar

Summary: The movie tells the story of a hacker group that longs for global fame. The title of the movie is a reference to the Unix command "whoami".

Genre: Thriller

Year of release: 2001

Directed by: Dominic Sena

Summary: A hidden counterterrorist unit called "Black Cell" needs money to finance war against international terrorism. Hacker Stanley Jobson is forced to help. 

Genre: Comedy, Drama

Year of release: 1995

Directed by: Iain Softley

Summary: Enthusiastic computer geeks are blamed for malicious hacker attacks they didn't commit. To defend themselves and in order to stop the real evil hacker they fight back.

Genre: Thriller

Year of release: 1975

Directed by: Sidney Pollack

Summary: Coming back to the office one day, CIA Agent Joseph Turner finds all his colleagues murdered. To proof his innocence he starts investigating on his own. Soon it becomes clear that the attack was planned inside the CIA...

Genre: Thriller

Year of release: 1983

Directed by: John Badham

Summary: A young man finds a back door into a military central computer in which reality is confused with game-playing, possibly starting World War III.

Published in 1949 the novel pictures a dystopian future in the year 1984. Winston Smith lives in a totalitarian surveillance society that doesn't not allow any form of individualism or independent thinking. Looking for some privacy and information about the past, he comes into conflict with the system.

Terms and concepts like "Big brother", "newspeak", "thoughtcrime" or "doublethink" are used frequently outside of the novel's context and became part of our culture. 

"I, Robot" is a science fiction novel published in 1950. In the middle of the 21st century Dr. Susan Calvin, specialist on robopsychology, tells a reporter about the beginnings of robo science looking back to the decades around the year 2000.

The Three Laws of Robotics that Asimov introduces in one of the chapters are referenced in numerous novels, movies or other media and influenced the thoughts on ethics in the context of artificial intelligence.

"Blackout" is a technology thriller published in 2012. The story takes place in the near future where a cyber attack cut the power supply on most of the European continent. The novel illustrates our society's and infrastructure's dependence on computers and harsh consequences of loosing their support.

Marc Elsberg interviewed employees of the intelligence service and IT security experts to design the scenario as realistic as possible.

"Ready Player One", published in 2011, is a science fiction novel. It takes place in the 2040s and pictures a dystopian world. The main character Wade Watts is looking for an Easter Egg in a global Virtual Reality-Game. The rules of the game determine the finder to be the heir of the game creator's fortune.

"A Hitchiker's Guide to the Galaxy" is a fictional guide for travelers that hitchhike through the galaxy. Published 1979 the novel unites science fiction, comedy and satire. 

It is the story of Arthur Dent, an average English man, who supported by his friend Ford Prefect saves the earth from being destroyed by the Vogons.

For this game the players have to turn into computer hackers that steal data without leaving traces.

The player with the fewest points wins. He/She left the fewest traces while hacking.

http://www.spielkult.de/blackhat.htm

Android: Netrunner is a two-player cardgame and takes place in a dystopian cyber punk future. Huge enterprises control and possess almost everything.

On the one side there are the enterprises and on the other the elite hacker groups (Netrunners). The enterprises try to protect their information while the hackers try to steal it.

https://www.fantasyflightgames.com/en/products/android-netrunner-the-card-game/

http://www.hacknet-os.com/

"Hacknet is a modern, super immersive terminal-driven hacking game with a fully internally-consistent network simulation and an interface so real you shouldn't play it in an airport.
It follows the story of recently deceased hacker 'Bit', whose death may not be the 'accident' the media reports."

http://www.zachtronics.com/exapunks/

"The year is 1997. You used to be a hacker, but now you have the phage. You made a deal: one hack, one dose. There’s nothing left to lose… except your life."

https://www.kickstarter.com/projects/mainlining/mainlining

"Mainlining - The Cyber Espionage Hacking Sim, mixes dark and dry humour with gameplay that echoes old school point and click adventures. Following the government's introduction of the BLU Pill Act and the Secret Intelligence Service's reintroduction of MI7, all online personal data is accessible by the powers that be."

This is what happens when you reply to spam email

https://www.youtube.com/watch?v=_QdPW8JrYzQ (e)

James Veitch – Comedian and writer; Geneva, 2015 December 

LATE UPDATE im SRF

Michael Elsener mit der versteckten Kamera auf Kundendatenfang in einer Bäckerei:

https://www.youtube.com/watch?v=sUbs_AfZQEs (d)

Der Backup-Reminder vom Browser Ballett

Bohemian Browser Ballett

https://www.youtube.com/watch?v=jN5mICXIG9M&t=3 (d)

Investigating Tech & Cash Flip Scams

kitboga 

https://www.twitch.tv/kitboga (en)

Datensammeln im Müllcontainer - "Google Garbage View"

Bohemian Browser Ballett

https://www.youtube.com/watch?v=N2nprSIVEiQ&t=24s (d)

SWITCH-CERT
Security Awareness

Hack The Hacker

 

Duration: ca. 2 h
Number of participants: max. 6 pers.
Target group: employees of all fields, students
Location:  SWITCH
Werdstrasse 2
8004 Zurich
Price: on request

The website "No More Ransom!" helps victims of ransomware decrypting the data without paying the ransom to the criminals.