{"id":3687,"date":"2014-07-22T11:18:00","date_gmt":"2014-07-22T15:18:00","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=3687"},"modified":"2020-02-26T18:58:53","modified_gmt":"2020-02-26T14:58:53","slug":"watchdogs-expert","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/watchdogs-expert\/3687\/","title":{"rendered":"Ask the expert: Watch Dogs vs Reality"},"content":{"rendered":"

With record sales of 4 million copies during the first week<\/a>, Watch Dogs instantly entered the top ranks of the videogaming industry, thanks to immersive gameplay and a quite unusual concept. The entire game mechanics are based on hacking smart city devices \u2015 ATMs, gates, traffic lights, surveillance cameras\u00a0 \u2015 to achieve the player\u2019s goals. Ubisoft developers were aiming to be realistic in their script, allowing the player only kinds of hacking that are actually achievable in real life. No wonder they\u2019ve asked Kaspersky Lab experts to assess the game script and adjust the hacking aspect. Now, when the game is out, many players keep asking, what are the IRL analogues of the game hacks, do such hacking tricks really exist. We\u2019ve gathered your questions from our Facebook page<\/a> and asked Igor Soumenkov, a Kaspersky Lab security expert, to tell the truth about Watch Dogs hacks.<\/p>\n

\"sum\"<\/a><\/p>\n

How close is our reality from the fiction in the game?<\/strong><\/p>\n

Although some of the hacks are very similar to those happening in the real world, it\u2019s still a game, a simulation. It\u2019s crucial to understand that Watch Dogs doesn\u2019t teach you hacking, but you can experience how powerful a hacking tool could be.<\/p>\n

Among hacks that we see in the game and that can be met in real life are:<\/p>\n

\u2013\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 interception (Sniff Passwords and Wifi Packets on Android<\/a>),<\/p>\n

\u2013\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ATM\/POS hacks (ATM malware, controlled by a text message, spews cash<\/a>),<\/p>\n

\u2013\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Hacking cars (Charlie Miller and Chris Valasek demonstrated this);<\/p>\n

\u2013\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Controlling the city \u2013 traffic lights \/ blackouts (Has New York\u2019s traffic light system been HACKED?<\/a>)<\/p>

Here is the list of #Watchdogs hacks that can be met in real life: read on<\/p>Tweet<\/a><\/blockquote>\n

Is it really possible to hack all these things using a mobile phone?<\/strong><\/p>\n

Of course, in real life, hacks are about a lot more preparation from the criminals\u2019 side \u2013 it\u2019s not about tapping on smartphone, using ready-to-go exploits.<\/p>\n

For example, how ATM attacks happen: criminals load an exploit and some malware onto a removable USB device. After connecting the USB device to the ATM, the exploit allows the intruders to gain high-level system privileges and launch the malware. It could be a backdoor controlling the ATM\u2019s OS, for instance. After that the ATM is effectively hacked \u2013 all that remains is for the criminals to pick up the money from this ATM. \u00a0The final stage \u2015 making an ATM spill out banknotes \u2015could be activated by a smartphone too.<\/p>\n

\u00a0<\/p>\n

Don`t you think that cybercriminals can use the game for their own ideas to hack and control a big city?<\/strong><\/p>\n

We hope that this game will be a chance for people to think about the security of future city operating systems. Security must be considered seriously in such cases. The game is an interesting simulation of how this might run if it\u2019s misused.<\/p>\n

\u00a0<\/p>\n

Can you name one real-life security incident which can be considered the scariest?<\/strong><\/p>\n

Most of the hacks that you see in the game are about automated control systems being compromised. This is a new and scary trend that started several years ago, since the appearance of the\u00a0Stuxnet worm<\/a>, which hit industrial control systems. It was an example of how a computer program can break things in the real world. They actually broke physical equipment. And that\u2019s what we see in the game. It\u2019s becoming more and more realistic.<\/p>\n

\u00a0<\/p>\n

How high are the possibilities of a cyberattack on an online game<\/strong><\/p>\n

Such a risk does exist, and its graveness depends on the type of the game you are playing and the way you behave both when gaming and in real life. For over 10 years Trojans have been able to steal, for instance, a gamer\u2019s virtual properties of characters. Nowadays, Trojans are incredibly flexible, with numerous options targeting different realms of your digital life: they can choose whether or not they wish to steal you Skype password, or have a separate setting to target specifically game passwords. The latter helps them to hack and hijack gaming accounts<\/a>.\u00a0<\/strong><\/p>\n

It happens so that the hackers aim at game developers<\/a> as well as at gamers, but with a different purpose of stealing intellectual property, creating illegal online gaming servers and so on.<\/p>\n

\u00a0<\/p>\n

In Decryption multiplayer mode\u2026 When different players are close to each other, it speeds up the process of decryption. Can that be done in real life as I\u2019ve heard different devices can pair wirelessly to share their processing power! How\u2019s that?<\/strong><\/p>\n

That is correct. There are computational processes which are handled more quickly when using shared resources. The password attack is a workload of this type. One can distribute a single workload for simultaneous processing on different devices. There is a choice of readily available software, but also it is quite doable to develop a separate app which would help to share the task on a number of devices found on a wireless network.<\/p>\n

\"watchdogs\"<\/a><\/p>\n

What do you think the single biggest obstacle toward implementing a true \u201csmart city\u201d as seen in #Watch Dogs would be?<\/strong><\/p>\n

The obstacles of the technology realm are not that significant. It all boils down to administrative rights. In Watchdogs\u2019 virtual Chicago, stop lights, gas pipes, ATM machines, surveillance systems, and bascule bridges are all interconnected in a single network. What it means is that a single organization is responsible for the entire infrastructure and has a single data center.<\/p>\n

In Watch Dogs, a single organization is responsible for the entire infrastructure and has a single data center. This is not the case in real life.<\/div>\n

In real life, all these systems are managed by different organizations. Take ATM machines: each bank has a separate network of ATMs. So, the biggest obstacle in real life would most likely lie in the process of uniting all these disparate businesses and organizations under the same roof in the same data center.<\/p>\n

On the other hand, on bringing the systems together the soft spot is in the price of a mistake: when hacked, a system runs a higher risk of grave and negative consequences. But at the same time, the interconnected nature of a system makes it easier to protect. There is a concept of \u2018the attack surface\u2019: the less the number of companies, the fewer servers there are, and the less the attack surface. Or, in other words, a security company has to protect a single data center spending fewer resources.<\/p>\n

\u00a0<\/p>\n

Rumor has it that today\u2019s hardware used for hacking requires minimal budget yet can be successfully used for hacking entire city infrastructure. What is your opinion on that?<\/strong><\/p>\n

Speaking about hacking \u2018the entire city infrastructure\u2019, as I have already said, we have no single system to manage the life of a city in its entirety. We have many disparate infrastructures: a network of speed cameras, a network of ATMs, and so on. That makes it impossible to hack the entire city infrastructure. On the question of the hardware, it is in most cases a secondary thing \u2013 a hacker can work even with an entry-level PC that costs $100. What you really need is a monitor, a keyboard, an operational system, and knowledge and tools. The tools are easily found on the Internet, both freeware and premiumware, or otherwise created.<\/p>\n

\u00a0<\/p>\n

Which mobile device is the best one for hacking?<\/strong><\/p>\n

Manipulation of this kind require a smartphone with special privileges to OS, whether a rooted Android phone or a jailbroken iPhone. Such devices allow a hacker to change the MAC address of the line card and, among other things, to work on a deeper level of the network. But it is not the device that matters; the most important thing is a set of apps, and specialized tools are available both for Android and iOS.<\/p>\n

\u00a0<\/p>\n

Do you think it could be possible in the future that one company could control a whole city and a small group of rebels could be trying to hack into their system?<\/strong><\/p>\n

A company taking control over the entire city\u2026 Sounds not likely to me. At least it does not go in line with the interest of the business community: each organization wants to have control over its realm, and is not really into monopolies. So the idea for this kind of future for Chicago is not realistic: granting control over everything to one company contradicts the rules of healthy competition, after all.\u00a0 So there is no reason to think that the idea of the game can be applied in real life.<\/p>\n

But when speaking of the so-called \u2018smart cities\u2019, we are gradually getting there. But this is another thing: even in this case, the infrastructure will be managed by different organizations with difference zones of responsibility.<\/p>\n

\u00a0<\/p>\n

What are your tips for players trying to hack other\u2019s single-player games?<\/strong><\/p>\n

We were responsible for topics covering game and security in the real world, so please address the questions on the gaming process and tips to Ubisoft \ud83d\ude42<\/p>\n

\u00a0<\/p>\n

Do physical hacking devices exist? Like blue boxes from the late 70s.<\/strong><\/p>\n

Of course, and there are many. Take \u2018plug computers\u2019 which are the size of a tablet or old phone chargers! They are just plugged into the electric outlet and connect to Internet. There is a whole family of these devices: guru plug, dream plug, etc. They all are fully functional tiny PCs designed with the purpose of running safety tests for networks, for one instance. There is a so-called \u2018pawn plug\u2019 \u2013 this little box is set to automatically scan the network, find vulnerabilities and prepare reports, respectfully.<\/p>\n

\u00a0<\/p>\n

Is there a difference between hacking a PC and hacking, let\u2019s say, an air conditioner or a traffic light?<\/strong><\/p>\n

All these devices, though not sure about the air conditioner, are connected, in some respect \u2013 and I am talking of stop lights, lift gates, bascule bridges. They are connected to computers, or controllers, which are, in turn, managed by operators. That means hacking the stop light requires hacking the operator\u2019s PC. This is the most feasible approach, and it is, in its essence, applied in Watch Dogs \u2013 it is about hacking operators\u2019 or the managing organization\u2019s computers.<\/p>\n

\u00a0<\/p>\n

Were there any interesting hacks wiped out from the game and why?<\/strong><\/p>\n

Since we specialize in stopping cyber threats and people wishing to manipulate or abuse hyper connectivity\/IT systems, we were able to provide technical consultation and recommendations for the theoretical cyber-scenarios in the game, both during in-game play and in character\/plot developments.\u00a0 We reviewed the script and provided suggestions on what we thought was accurate or what could be tweaked, edited or changed to make the gameplay or plot development more authentic (technically).<\/p>\n

We did not delete anything from the scenario. When we were given a script, there was some set of hacks already in place. We studied it, approved some of them, and corrected some of them, but we never deleted anything. But we cannot speak for Ubisoft, of course.<\/p>\n

\u00a0<\/p>\n

How does it feel to have a professional knowledge of all current and potential cyberthreats? Do you sleep well?<\/strong><\/p>\n

Yes, we sleep well. Everything is alright. Of course, we understand that there cannot be any fully secure systems. That means a hack is a matter of time, budget, and will. There will always be vulnerabilities. One cannot be sure about everything: nor their PCs, nor routers, nor enterprise networks, nor Wi-Fi networks, nor even TVs! But we know how to act when hacked or even have a feeling of being hacked. It makes us more confident.<\/p>\n

\u00a0<\/p>\n

Is there a database that allows such kind of easy \u201cperson look-up\u201d, which is pictured in the game?\u00a0 Or will such a database be created in the next decade?<\/strong><\/p>\n

There are several databases of the kind, and you all know them. They are called Facebook, LinkedIn, and Vkontakte, for instance. It would just take a certain technology to correlate the person to this database to make it happen.<\/p>\n

You don\u2019t have to work for a secret service to be able to do that. There are open source intelligence companies who analyze open data. They create virtual accounts on social networks, urge people to befriend or add them and then, having several thousands of friends, you have access to practically any available profile, as on adding a friend, you can get access to his friends\u2019 profiles. Having several friends with thousands of connections, you can cover, in fact, the entire social network population.<\/p>\n

As you may know, there is a belief that two random individuals on Earth can be connected through six handshakes. What it means, it would take just several friends to find any person on the network \u2013 then you\u2019ll just have to correlate the discovered information to the real world. There are many methods easily accessible to anyone: geolocation, face recognition, voice recognition, etc. When used together, they are quite efficient and are able to get rid of unnecessary information, find a person and identify him of her by profile.<\/p>\n","protected":false},"excerpt":{"rendered":"

Igor Soumenkov, a Kaspersky Lab contributor to the Ubisoft\u2019s Watch Dogs script assessment, explains how close to real life the game world is. <\/p>\n","protected":false},"author":40,"featured_media":3688,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[724,617,575,78,723],"class_list":{"0":"post-3687","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-critical-infrastructure","9":"tag-gamers","10":"tag-great","11":"tag-hackers","12":"tag-watchdogs"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/watchdogs-expert\/3687\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/watchdogs-expert\/3791\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/watchdogs-expert\/4178\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/watchdogs-expert\/4429\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/watchdogs-expert\/4711\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/watchdogs-expert\/4380\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/watchdogs-expert\/5504\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/watchdogs-expert\/3402\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/watchdogs-expert\/4329\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/watchdogs-expert\/4711\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/watchdogs-expert\/5504\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/watchdogs-expert\/5504\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/critical-infrastructure\/","name":"critical infrastructure"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=3687"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3687\/revisions"}],"predecessor-version":[{"id":15867,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3687\/revisions\/15867"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/3688"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=3687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=3687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=3687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}