A Drexel professor wants to help you think like a cybercriminal.
Why? Well, as pervasive as cybercrime is — from portable card scanners picking up your personal and financial information via remote radio frequencies, to full-scale assaults on large corporations and agencies — the U.S. government thinks everyone could stand to pick up a little cyber self-defense, and Drexel’s Frank Lee is doing what he does best — making a game of it.
Think of it like learning a little about how pickpockets and scam artists operate before traveling to an unfamiliar place where such malfeasance is prevalent.
Lee, who is the director of Drexel’s Entrepreneurial Game Studio, is trying to make the learning process a bit more fun and a lot more effective by turning defense against the cyber arts into an augmented reality game at the behest of the National Science Foundation.
“We’re not trying to make everyone a cybersecurity pro, but there’s a base level of savvy we should probably all have moving forward,” said Lee, who is leading an NSF Early-concept Grant for Exploratory Research to look at cybersecurity education through pervasive mixed-reality gaming. “Cybercriminals are getting increasingly cunning, but we’re also very easy targets because many of us aren’t thinking about how we could become victims of a cybercrime. So just becoming a little more aware of our vulnerabilities will make it a whole lot harder for cybercriminals to carry out their nefarious deeds.”
The game, which they’re calling “Hacktion,” is being designed, conceptually, to build on the popularity of the augmented reality game Pokémon Go. Hacktion actually has a lot more in common with Go’s precursor, Ingress – an augmented reality game by Google X that was used to verify the accuracy of GPS coordinates by directing its more than 11 million players in what amounted to an intricate, location-based version of capture the flag.
“Augmented, or mixed-reality gaming is a great way to learn about cybersecurity because it helps us realize that these threats are literally all around us,” Lee said. “Instead of playing at their laptops, players can utilize their mobile phones and take to the streets.”
Hacktion will be played on smartphones using a GPS interface to direct players toward physical landmarks, like buildings, bus stops, and coffee shops that are hackable “servers.” Once players are in close proximity to the target, they will be able to ascertain its specific set vulnerabilities — prescribed by the game — which they will have to correctly exploit, without being detected, in order to win.
Successful hacks earn the players assets — currency and additional hacking lessons so that they can take down more sophisticated targets. Unsuccessful, or incorrect, hacks will get a player detected and cause them to lose resources.
The Federal Trade Commission has been working to gamify cyber and online security education for years, and offers a number of educational games via its web resource OnGuardOnline. But their design misses the mark for getting the information across in a way that makes users want to play, according to Lee.
“The government’s web resource features many games that rely exclusively on drill and practice methods. These animated quizzes are informational but are not engaging or fun games,” Lee said. “What players are doing — simply choosing ‘true’ or ‘false’ for example — does not relate to the educational goals of the game.”
In addition to designing the game, the Entrepreneurial Game Studio is using the project to understand how pervasive mixed-reality games — the technical classification for games like Pokémon Go — can be used for education. Results from user testing, involving gameplay and achievement of educational objectives, will be published in educational and game design research journals.
The team plans to test a prototype version of the game, set in Philadelphia, for iOS and Android by 2018.
For media inquiries contact Britt Faulstick, assistant director of media relations, email@example.com or 215-895-2617.