Monday, May 29, 2017

Dungeons & Dragons

A year ago, today ...

Some may know it for the film, others for the series and others thanks to one of the latest and most popular series: Stranger Things. Dungeons & Dragons is a role-playing game in which players put themselves in the shoes of knights, magicians, orcs and other fantasy heroes, while a "Dungeon Master" is in charge of narrating the story that channels the game. This figure is vital for the course of the game, as it is in charge of supervising the game and giving it the focus that the game needs. It is like being the director of your own fantasy film. 

The world of cybersecurity can often resemble these role-playing games. To start with, many people pretend to be other people, there are criminals who want to discover the treasures of our dungeons, and of course there is a dungeon master. Today in our return to the past we throw the dice to see what the destiny gave us.

As we have said, the Dungeon Master in RPGs is the one that analyzes the game and marks its course. It is a task that may seem passive, but it is very complicated. In the world of cybersecurity, there are several Dungeon Masters that are responsible for analyzing and redirecting everything that happens and affects users. A year ago we were lucky to interview one of them, Alberto Hernández. He is the one and only director of INCIBE. In the interview we knew a little more closely the person behind the position, and knew about his vision on critical infrastructures, the IoT or the feeling of "security" in the networks.

A feeling of security that that same week was in question after knowing the data that the IC3 (Internet Crime Complaint Center) released. This investigation, carried out by an agency of the FBI, showed that in 2015 there had been a trifle of 288,012 complaints, with a total of more than one billion dollars in losses. The most worrying thing about this news is that if we take into account that only 15% of crimes are reported... it is better not to think about what the real data would be.

A year ago, the colleagues of Tripwire had a role-play very similar to the one of D&D. They changed the game board by one of 8x8 squares, and the dice by 32 pieces of chess. In their study they made a comparison between which chess figures correspond to the different actors in the security scenario. Perhaps you are a horse, unpredictable and always ready to jump the obstacles? Or maybe a pawn, always revealing the rival's strategy?

We also learned how easy it is to become a vile and evil ogre who is ready to destroy everything he finds in his path. For the "modest" sum of $90,000 you can get your own 0day. With that investment, you would have the key to computers that used components like Adoble Flash or Java's Oracle, all by remote access.

Role-playing games can last for hours, even days. Although they are considered as games for nerds, it is understandable that they are so addictive. It is a way to get away from reality and become another person for a limited time. It is just the same thing that happens with the internet. However, just like in the game, the online world is full of all kinds of dangers that are willing to end your game. Better to be careful and to prevent that from happening. Keep your shield always high.


Post a Comment