To thank our wonderful followers, here's a treat: free social engineering playing cards! Print out the Nixu hACME playing cards HERE, read these tips from the game creator Victor Sant'Anna, and start playing! May the best social engineer win!
What is this Social Engineering game about?
Social engineering is the act of manipulating people into making decisions/actions that they might not normally do. This manipulation can take many different shapes: creating a sense of urgency, triggering curiosity so that a malicious "Salary raises 2020" Excel attachment is opened, or even creating a distraction so that trespassing isn't noticed, etc. We at Nixu created Nixu hACME game for practicing these psychological scenarios to help people be more resistant and aware of social engineering attacks. It's an important issue, because social engineering is happening all the time, online and offline.
The aim of the game is to demonstrate to people the possibilities of creating tailored attacks by using publicly available information. These attacks can be very credible and believable. The victim will most likely be influenced into supporting the attacker into getting closer to his target, whether it is to collect something valuable (money), or information or to gain access, etc. Learning how these attacks can be created helps people to understand how to be resistant to them.
The players will interact and experience the closest to a social engineering scenario possible in a safe environment. Turning this lesson into a game has been a very good way to teach others in a fun and entertaining manner. And it has been indeed fun for the players − I have seen everyone smiling during the sessions.
Who can play the game?
At least 2 participants can play the game, one will be a victim and one will be the attacker. This is the mini-version of the game. With the complete deck of 40 cards, it supports up to 12 people, 6 attackers and 6 victims. The game can be scaled with multiple decks. The current record is 56 people in a conference earlier this autumn.
Okay, I printed the cards. Now what?
The main steps are:
- The victim chooses an occupation role and 2 personality cards.
- Based on the cards chosen, the victim will fill in the Victim's notes that include a collection of publicly available information. It is called the Social Footprint.
- The attacker learns the occupation of the victim and decides what kind of attacker skills they will have.
- The attacker investigates the victim's social footprint and plans an attack.
- The attacker finally meets the victim and performs their attack, improvising and changing their strategy as the attack is performed.
- The best attacker/victim pair wins! This way, attacker and victim are really focused on helping each other as the points are based on how well they perform during the game.
How to win the game?
Points are collected in pairs. There are no attacker vs. victim scores for this game. Otherwise, nobody would learn anything. The victim helps the attacker to perform a better attack, the attacker helps the victim to provide good information about the character. Working together, learning increases.
Is there some pro tips you could reveal?
Be creative and remember to engineer a simple, plausible scenario. It usually brings better results! Good luck!
Want to keep track of the latest news in cybersecurity? Sign up for Nixu Newsletter.