{"id":15529,"date":"2019-06-07T10:10:15","date_gmt":"2019-06-07T18:10:15","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/06\/07\/news-9278\/"},"modified":"2019-06-07T10:10:15","modified_gmt":"2019-06-07T18:10:15","slug":"news-9278","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/06\/07\/news-9278\/","title":{"rendered":"Video game portrayals of hacking: NITE Team 4"},"content":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Fri, 07 Jun 2019 16:52:41 +0000<\/strong><\/p>\n<p><em>Note: The developers of NITE Team 4 granted the blog author access to the game plus DLC content.<\/em><\/p>\n<p>A little while ago, an online acquaintance of mine asked if a new video game based on hacking called <a href=\"https:\/\/store.steampowered.com\/app\/544390\/NITE_Team_4\/\" target=\"_blank\" rel=\"noopener noreferrer\">NITE Team 4<\/a> was in any way realistic, or \u201cdoable\u201d in terms of the types of hacking it portrayed (accounting for the necessary divergences from how things would work outside of a scripted, plot-goes-here environment).<\/p>\n<p>The developers, AliceandSmith, generously gave me a key for the game, so I\u2019ve spent the last month or so slowly working my way through the content. I\u2019ve not completed it yet, but what I\u2019ve explored is enough to feel confident in making several observations. This isn\u2019t a review; I\u2019m primarily interested in the question: \u201cHow realistic is this?\u201d<\/p>\n<h3>What is it?<\/h3>\n<p>NITE Team 4 is an attempt at making a grounded game focused on a variety of hacking techniques\u2014some of which researchers of various coloured hats may (or may not!) experience daily. It does this by allowing you full use of the so-called \u201cStinger OS,\u201d their portrayal of a dedicated hacking system able to run queries and operate advanced hacking tools as you take the role of a computer expert in a government-driven secret organisation.<\/p>\n<p><iframe  src='https:\/\/www.youtube.com\/embed\/bUa7AJv1V_g?version=3&#038;rel=1&#038;fs=1&#038;autohide=2&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;wmode=transparent' width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/p>\n<h3>Is it like other hacking games?<\/h3>\n<p>Surprisingly, it isn\u2019t. I\u2019ve played a lot of hacking games through the years. They generally fall into two camps. The first are terrible mini-games jammed into unrelated titles that don\u2019t have any resemblance to \u201chacking\u201d in any way whatsoever. You know what I\u2019m talking about: They\u2019re the bits flagged as \u201cworst part of the game\u201d whenever you talk to a friend about any form of digital entertainment.<\/p>\n<p>The second camp is the full-fledged hacking game, the type based entirely around some sort of stab at a hacking title. The quality is variable, but often they have a specific look and act a certain way.<\/p>\n<p>Put simply, the developers usually emigrate to cyberpunk dystopia land and never come back. Every hacker clich\u00e9 in the book is wheeled out, and as for the actual hacking content, it usually comes down to abstractions of what the developer assumes hacking might be like, rather than something that it actually resembles.<\/p>\n<p>In other words: You\u2019re not really hacking or doing something resembling hacking. It\u2019s really just numbers replacing health bars. Your in-game computer is essentially just another role-playing character, only instead of a magic pool you have a \u201chacking strength meter\u201d or something similar. Your modem is your stamina bar, your health bar is replaced by something to do with GPU strength, and so on.<\/p>\n<p>They\u2019re fun, but it\u2019s a little samey after a while.<\/p>\n<p>Meanwhile, in NITE Team 4: I compromised Wi-Fi enabled billboards to track the path of the potentially kidnapped owner of a mobile phone.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/cars.jpeg\" data-rel=\"lightbox-0\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"38951\" data-permalink=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/attachment\/cars\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/cars.jpeg\" data-orig-size=\"1056,843\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Tracking a car\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/cars-300x239.jpeg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/cars-600x479.jpeg\" class=\"aligncenter size-medium wp-image-38951\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/cars-300x239.jpeg\" alt=\"Tracking a car\" width=\"300\" height=\"239\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/cars-300x239.jpeg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/cars-600x479.jpeg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/cars.jpeg 1056w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Click to enlarge<\/p>\n<p>I used government tools to figure out the connection between supposedly random individuals by cross referencing taxi records and payment stubs. I figured out which mobile phone a suspect owns by using nearby Wi-Fi points to build a picture of their daily routine.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/wificrack.jpeg\" data-rel=\"lightbox-1\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"38952\" data-permalink=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/attachment\/wificrack\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/wificrack.jpeg\" data-orig-size=\"911,627\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Cracking Wi-Fi\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/wificrack-300x206.jpeg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/wificrack-600x413.jpeg\" class=\"aligncenter size-medium wp-image-38952\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/wificrack-300x206.jpeg\" alt=\"Cracking Wi-Fi\" width=\"300\" height=\"206\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/wificrack-300x206.jpeg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/wificrack-600x413.jpeg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/wificrack.jpeg 911w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Click to enlarge<\/p>\n<p>I made use of misconfigured server settings to view ID cards belonging to multiple companies looking for an insider threat.<\/p>\n<p>I performed a <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/man-in-the-middle-mitm\/\" target=\"_blank\" rel=\"noopener noreferrer\">Man-in-the-Middle<\/a> attack to sniff network traffic and made use of the Internet of Things to flag a high-level criminal suspect on a heatmap.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/iothouse.jpeg\" data-rel=\"lightbox-2\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"38954\" data-permalink=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/attachment\/iothouse\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/iothouse.jpeg\" data-orig-size=\"1135,493\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"IoT compromise\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/iothouse-300x130.jpeg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/iothouse-600x261.jpeg\" class=\"aligncenter size-medium wp-image-38954\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/iothouse-300x130.jpeg\" alt=\"IoT compromise\" width=\"300\" height=\"130\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/iothouse-300x130.jpeg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/iothouse-600x261.jpeg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/iothouse-195x85.jpeg 195w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/iothouse.jpeg 1135w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Click to enlarge<\/p>\n<p>If it sounds a little different, that&#8217;s because it is. We&#8217;re way beyond the old &#8220;<a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2014\/06\/press-h-to-hack-hacking-in-videogames\/\" target=\"_blank\" rel=\"noopener noreferrer\">Press H to Hack<\/a>&#8221; here.<\/p>\n<h3>Logging on<\/h3>\n<p>Even the title screen forced me to weigh up some serious security choices: Do I allow the terminal to store my account username and password? Will there be in game repercussions for this down the line? Or do I store my fictitious not-real video game login in a text file on my very-real desktop?<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311141353_1.jpg\" data-rel=\"lightbox-3\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"38959\" data-permalink=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/attachment\/20190311141353_1\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311141353_1.jpg\" data-orig-size=\"1920,1080\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Title screen\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311141353_1-300x169.jpg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311141353_1-600x338.jpg\" class=\"aligncenter size-medium wp-image-38959\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311141353_1-300x169.jpg\" alt=\"Title screen\" width=\"300\" height=\"169\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311141353_1-300x169.jpg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311141353_1-600x338.jpg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311141353_1-900x506.jpg 900w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311141353_1-400x225.jpg 400w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Click to enlarge<\/p>\n<p>All important decisions. (If you must know, I wrote the password on a post-it note. I figure if someone breaks in, I have more pressing concerns than a video game login. You\u2019re not hacking my Gibson, fictitious nation state attackers).<\/p>\n<h3><b>Getting this show on the road<\/b><\/h3>\n<p>Your introduction to digital shenanigans isn\u2019t for the faint of heart. As with many games of this nature, there\u2019s a tutorial\u2014and <em>what<\/em> a tutorial.<\/p>\n<p>Spread across three sections covering basic terminal operations, digital forensics, and network intrusion, there\u2019s no fewer than 15 specific tutorials, and each of those contains multiple components.<\/p>\n<p>I can\u2019t think of any other hacking-themed game where, before I could even consider touching the first mission, I had to tackle:<\/p>\n<p>Basic command line tools, basic and advanced OSINT (open source intelligence), mobile forensics, Wi-Fi compromise, social engineering via the art of phishing toolkits, MiTM (Man in the Middle), making use of exploit databases, and even a gamified version of the infamous NSA tool <a href=\"https:\/\/en.wikipedia.org\/wiki\/XKeyscore\" target=\"_blank\" rel=\"noopener noreferrer\">Xkeyscore<\/a>.<\/p>\n<p>When you take part in a game tutorial that suggests users of Kali and Metasploit may be familiar with some aspects of the interface, or happily links to real-world examples of tools and incidents, you know you\u2019re dealing with something that has a solid grounding in \u201chow this stuff actually works.\u201d<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311142242_1.jpg\" data-rel=\"lightbox-4\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"38955\" data-permalink=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/attachment\/20190311142242_1\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311142242_1.jpg\" data-orig-size=\"1920,1080\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Tutorial intro\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311142242_1-300x169.jpg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311142242_1-600x338.jpg\" class=\"aligncenter size-medium wp-image-38955\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311142242_1-300x169.jpg\" alt=\"Tutorial intro\" width=\"300\" height=\"169\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311142242_1-300x169.jpg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311142242_1-600x338.jpg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311142242_1-900x506.jpg 900w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190311142242_1-400x225.jpg 400w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Click to enlarge<\/p>\n<p>In fact, a large portion of my time was spent happily cycling through the tutorial sections and figuring out how to complete each mini objective. If you\u2019d told me the entire game was those tutorials, I\u2019d probably have been happy with that.<\/p>\n<h3><b>What play styles are available?<\/b><\/h3>\n<p>The game is fairly aligned to certain types of <a href=\"https:\/\/en.wikipedia.org\/wiki\/Red_team\" target=\"_blank\" rel=\"noopener noreferrer\">Red Team<\/a> actions, primarily reconnaissance and <a href=\"https:\/\/resources.infosecinstitute.com\/what-is-enumeration\" target=\"_blank\" rel=\"noopener noreferrer\">enumeration<\/a>. You could honestly just read an article <a href=\"https:\/\/resources.infosecinstitute.com\/red-team-assessment-phases-overview\/\" target=\"_blank\" rel=\"noopener noreferrer\">such as this<\/a> and have a good idea of how the game is expected to pan out. Now, a lot of other titles do this to some degree. What\u2019s novel here is the variety of approaches on offer to the budding hacker.<\/p>\n<p>There are several primary mission types: The (so far) four chapter long main mission story, which seems to shape at least certain aspects based on choices made earlier on. This is where the most\u2026Hollywood?&#8230;aspects of the story surrounding the hacking seem to reside. In fairness, they do assign a \u201creal life\u201d rating to each scenario and most of them tend to err on the side of \u201cprobably not happening,\u201d which is fair enough.<\/p>\n<p>The second type of mission is the daily bounties, where various government agencies offer you rewards for hacking various systems or gathering intel on specific targets. I won&#8217;t lie: The interface has defeated me here, and I can\u2019t figure out how to start one. It\u2019s probably something incredibly obvious. They&#8217;ll probably make me turn in my hacker badge and hacker gun.<\/p>\n<p>Last of all\u2014and most interesting\u2014are the real world scenarios. These roughly resemble the main missions, but with the added spice of having to leave the game to go fact finding. You may have to hunt around in Google, or look for clues scattered across the Internet by the game developers.<\/p>\n<p>Each mission comes with a briefing document explaining what you have to do, and from there on in, it\u2019s time to grab what information you can lying around online (for real) and pop your findings back into the game.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/manila.jpeg\" data-rel=\"lightbox-5\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"38956\" data-permalink=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/attachment\/manila\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/manila.jpeg\" data-orig-size=\"693,817\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Manila documents\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/manila-254x300.jpeg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/manila-509x600.jpeg\" class=\"aligncenter size-medium wp-image-38956\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/manila-254x300.jpeg\" alt=\"Manila documents\" width=\"254\" height=\"300\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/manila-254x300.jpeg 254w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/manila-509x600.jpeg 509w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/manila.jpeg 693w\" sizes=\"auto, (max-width: 254px) 100vw, 254px\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Click to enlarge<\/p>\n<p>In keeping with the somewhat less Hollywood approach, the tasks and mission backgrounds are surprisingly serious and the monthly releases seem to follow \u201cwhat if\u201d stories about current events.<\/p>\n<p>They deal with everything from infiltrating Emannuel Macron\u2019s files (topical!) to tackling methamphetamine shipments in South Korea, and helping to extract missing journalists investigating the internment of religious minorities in China. As I said&#8230;surprisingly serious.<\/p>\n<h3><b>Getting your gameface on<\/b><\/h3>\n<p>Most tasks begin by doing what you\u2019d expect\u2014poking around on the Internet for clues. When hackers want to compromise websites or servers, they often go <a href=\"https:\/\/en.wikipedia.org\/wiki\/Google_hacking\" target=\"_blank\" rel=\"noopener noreferrer\">Google Dorking<\/a>. This is essentially hunting round in search engines for telltale signs of passwords, or exposed databases, or other things a website or server should keep hidden, but the admin hasn&#8217;t been paying enough attention.<\/p>\n<p>The idea in NITE Team 4 is to rummage around for subdomains and other points of interest that should\u2019ve been hidden from sight and then exploit them ruthlessly. Different combinations of search and different tools provided by Stinger OS produce different results.<\/p>\n<p>Once you have half a dozen subdomains, then you begin to <a href=\"https:\/\/www.tutorialspoint.com\/ethical_hacking\/ethical_hacking_fingerprinting.htm\" target=\"_blank\" rel=\"noopener noreferrer\">fingerprint<\/a> each one and check for vulnerabilities. As is common throughout the game, you don\u2019t get any sort of step-by-step walkthrough on how to break into servers for real. Many key tasks are missed out because it probably wouldn\u2019t make for an interesting game, and frankly there\u2019s already more than enough here to try and figure out while keeping it accessible to newcomers.<\/p>\n<p>Should you find a vulnerable subdomain, it\u2019s then time to run the custom-made vulnerability database provided by Stinger OS, and then fire up the compromise tool (possibly the most \u201cgamey\u201d part of the process) that involves dragging and dropping aspects of the described vulnerability into the hacking tool and breaking into the computer\/server\/mobile phone.<\/p>\n<p>From there, the mission usually diverges into aspects of security not typically covered in games. If anything, the nuts and bolts terminal stuff is less of a focus than working out how to exploit the fictitious targets away from your Stinger terminal. It feels a lot more realistic to me as a result.<\/p>\n<h3><b>What else can you do?<\/b><\/h3>\n<p>Before long, you\u2019ll be trying various combinations of data about targets, and their day-to-day life, in the game\u2019s XKeyscore tool to figure out patterns and reveal more information.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190530121409_1.jpg\" data-rel=\"lightbox-6\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"38957\" data-permalink=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/attachment\/20190530121409_1\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190530121409_1.jpg\" data-orig-size=\"1920,1080\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"XKeyscore\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190530121409_1-300x169.jpg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190530121409_1-600x338.jpg\" class=\"aligncenter size-medium wp-image-38957\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190530121409_1-300x169.jpg\" alt=\"XKeyscore\" width=\"300\" height=\"169\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190530121409_1-300x169.jpg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190530121409_1-600x338.jpg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190530121409_1-900x506.jpg 900w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/20190530121409_1-400x225.jpg 400w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Click to enlarge<\/p>\n<p>You\u2019ll be using one of your VPNs to access a compromised network and use several techniques to crack a password. Maybe you won\u2019t need to do that at all, because the target\u2019s phone you just compromised has the<span class=\"Apple-converted-space\">\u00a0<\/span>password in plaintext in an SMS they sent their boss. What will you do if the password isn&#8217;t a password, but a <em>clue<\/em> to the password?<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phone.jpeg\" data-rel=\"lightbox-7\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"38970\" data-permalink=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/attachment\/phone-4\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phone.jpeg\" data-orig-size=\"943,633\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"phone time\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phone-300x201.jpeg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phone-600x403.jpeg\" class=\"aligncenter size-medium wp-image-38970\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phone-300x201.jpeg\" alt=\"phone time\" width=\"300\" height=\"201\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phone-300x201.jpeg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phone-600x403.jpeg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phone.jpeg 943w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Click to enlarge<\/p>\n<p>Once obtained, it might help reveal the location of a rogue business helping an insider threat hijack legitimate networks. How will you take them down? Will you try and break into their server? Could that be a trap? Perhaps you grabbed an email from the business card you downloaded. Is it worth firing up the phishing toolkit and trying to craft a boobytrapped email?<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phish.jpeg\" data-rel=\"lightbox-8\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"38971\" data-permalink=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/attachment\/phish-9\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phish.jpeg\" data-orig-size=\"963,556\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"phish kit\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phish-300x173.jpeg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phish-600x346.jpeg\" class=\"aligncenter size-medium wp-image-38971\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phish-300x173.jpeg\" alt=\"phish kit\" width=\"300\" height=\"173\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phish-300x173.jpeg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phish-600x346.jpeg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/phish.jpeg 963w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Click to enlarge<\/p>\n<p>Would they be more likely to fall for a Word document or a Flash file? Should the body text resemble an accounting missive, or would a legal threat be more effective?<\/p>\n<p>I hear those IoT smart homes are somewhat vulnerable these days. Anyone for BBQ?<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/bbq.jpeg\" data-rel=\"lightbox-9\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"38973\" data-permalink=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/attachment\/bbq\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/bbq.jpeg\" data-orig-size=\"1006,546\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"BBQ\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/bbq-300x163.jpeg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/bbq-600x326.jpeg\" class=\"aligncenter size-medium wp-image-38973\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/bbq-300x163.jpeg\" alt=\"BBQ\" width=\"300\" height=\"163\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/bbq-300x163.jpeg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/bbq-600x326.jpeg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/bbq.jpeg 1006w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: center;\">Click to enlarge<\/p>\n<p>\u2026and so on.<\/p>\n<p>I don\u2019t want to give too much away, as it\u2019s really worth discovering these things for yourself.<\/p>\n<h3>Hack the planet?<\/h3>\n<p>I mentioned earlier that I\u2019d have been happy with just the tutorials to play around in. You\u2019re not going to pop a shell or steal millions from a bank account by playing this game because ultimately it\u2019s just that\u2014a game. You\u2019re dropped into specific scenarios, told to get from X to Y, and then you\u2019re left to your own devices inside the hacker sandbox. If you genuinely want to try and tackle some of the basics of the trade, you should talk to security pros, ask for advice, go to conferences, take up a few courses, or try and grab the regular <a href=\"https:\/\/www.humblebundle.com\/books\/hacking-no-starch-press-books\" target=\"_blank\" rel=\"noopener noreferrer\">Humble Hacking Bundles<\/a>.<\/p>\n<p>Occasionally I got stuck and couldn\u2019t figure out if I was doing something wrong, or the game was. Sometimes it expected you to input something as it presented it to you but didn\u2019t mention you\u2019d need to leave off the \u201c\/\u201d at the end. Elsewhere, I was supposed to crack a password but despite following the instructions to the letter, it simply wouldn&#8217;t work\u2014until it did.<\/p>\n<p>Despite this, I don\u2019t think I\u2019ve played a game based on hacking with so many diverse aspects to it.<\/p>\n<h3>Bottom line: Is it realistic?<\/h3>\n<p>The various storyline scenarios are by necessity a little \u201cout there.\u201d You\u2019re probably not going to see someone blowing up a house in Germany via remote controlled Hellfire missile strike anytime soon. But in terms of illustrating how many tools people working in this area use, how they use lateral thinking and clever connections to solve a puzzle and get something done, it\u2019s fantastic. There are multiple aspects of this\u2014particularly where dealing with OSINT, making connections, figuring out who did what and where are concerned\u2014that I recognise.<\/p>\n<p>While I was tying up this blog post, I discovered the developers are <a href=\"https:\/\/venturebeat.com\/2018\/12\/13\/nite-team-4-is-a-deep-dive-into-the-world-of-cyberwarfare\/\" target=\"_blank\" rel=\"noopener noreferrer\">producing special versions of it for training<\/a>. This doesn\u2019t surprise me; I could imagine this has many applications, including making in-house custom security policy training a lot more fun and interesting for non infosec employees.<\/p>\n<p>Is this the best hacking game ever made? I couldn\u2019t possibly say. Is it the most fleshed out? I would say so, and anyone looking for an occasionally tricky gamified introduction to digital jousting should give it a look. I\u2019d have loved something like this when I was growing up, and if it helps encourage teenagers (or anyone else, for that matter) to look at security as a career option, then that can only be a bonus.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/\">Video game portrayals of hacking: NITE Team 4<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Fri, 07 Jun 2019 16:52:41 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/' title='Video game portrayals of hacking: NITE Team 4'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/06\/shutterstock_1253457796.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>We take a look at a game aimed at giving players the most realistic interpretation of hacking possible. How well does it stack up to the real thing?<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/hacking-2\/\" rel=\"category tag\">Hacking<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/gaming\/\" rel=\"tag\">gaming<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/hacking\/\" rel=\"tag\">hacking<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/nite-team-4\/\" rel=\"tag\">NITE Team 4<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/press-h-to-hack\/\" rel=\"tag\">press h to hack<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/videogames\/\" rel=\"tag\">videogames<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/' title='Video game portrayals of hacking: NITE Team 4'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/06\/video-game-portrayals-of-hacking-nite-team-4\/\">Video game portrayals of hacking: NITE Team 4<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[1445,3919,21992,21993,18517],"class_list":["post-15529","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-gaming","tag-hacking","tag-nite-team-4","tag-press-h-to-hack","tag-videogames"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15529"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15529\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}