ABOUT THE GAME
THE IDEA & THE VISION BEHIND ‘THE SOCIAL ENGINEER’
The Social Engineer is an immersive agent game that works without weapons and violence. Instead, players must use social engineering attack methods to get confidential information or gain access to restricted locations by exploiting the human factor as a weak point. This fascinates millions of people in Hollywood productions such as the Ocean’s series as well as in tv shows like Mr. Robot, while classic stealth games like Hitman, Thief and Invisible have a large fan base. The Social Engineer now combines these two worlds for the first time. Through the use of virtual reality, players get the opportunity to experience the work of a social engineering agent in an immersive way, be it in one-to-one conversations with employees, sneaking into a building or spying on company secrets.
We created The Social Engineer, an immersive educational game in virtual reality, to raise awareness and to sensitize players about social engineering. Players impersonate agents and conduct security audits in a virtually simulated company. The game consists of a detailed game world and different missions that require players to apply different social engineering attack methods. The Social Engineer can potentially benefit companies as an immersive self-training tool for their employees, support security experts in teaching social engineering awareness as part of a comprehensive training course, and entertain interested individuals by leveraging fun and innovative gameplay mechanics. The game is suitable for all target groups and requires no prior technical or content knowledge.
THE CONCEPT BEHIND ‘THE SOCIAL ENGINEER’
We want to use The Social Engineer to raise awareness against SE by demonstrating the immediate effect of SE attacks in a company while playing from an attackers’ perspective. As shown by research this is a legitimate and effective way of raising awareness. After each mission, an overview of revealed vulnerabilities alongside tips to avoid SE attacks in the form of Do’s and Don’ts is presented to reinforce the learning effect. No specific computer skills or knowledge about SE are required to master the game successfully. A tutorial takes place in several individual rooms where an instructor Non-Player-Character (NPC) explains all game interactions and SE attack methods.
During a mission the player can always access information about all applicable SE attack methods in a collection of knowledge that is integrated into the game. Additionally, when being stuck, a player can request help in the form of short instructions that recommend possible approaches to choose or apply the correct SE attack method.
Within The Social Engineer players slip into the role of a penetration tester on behalf of a security company. The mission of this penetration tester is to do a security check in compaies that have ordered a security check. The focus of this security check is on finding and applying public known and often used SE attacks. For this the penetration tester has to go
into the company without being exposed. In the company nobody except of a responsible person knows that the security check is taking place.
The mission consists of different tasks. A task is considered fulfilled when one or more security flaws have been revealed. Therefore the goal of each task is to receive confidential information that normally should not be accessible by persons from outside the company. Inside the company, the player can walk around and talk with gender and cultural diverse employees or interact with objects. Some of the game mechanics are inspired by well-known sandbox stealth games and combined with real SE attack methods to create an unique player experience.
TRAILER & GAME PLAY WALKTHROUGH
Gameplay Demo and Walkthrough
GAME NOMINATIONS & AWARDS
Audience Choice Award Winner - Student Game Design Competition - CHI PLAY 2020
The concept of The Social Engineer was accepted as a contribution to the Student Game Design Competition at CHI PLAY 2020. It was presented in a virtual conference that was held between November 2nd and 5th, 2020.
The game competed against twelve teams from all over the world to win the Audience Choice Award.
Young Talent Award Finalist - Best Prototype - German Computer Game Award 2021
The prototype of The Social Engineer was nominated in the category Young Talent Award – Best Prototype at the German Computer Game Award 2021 (Deutscher Computerspielepreis 2021). It was presented in a virtual ceremony on April 13th, 2021.
As part of the nomination the game could win a promotion that helps to further develop the game.
Best Student Game Finalist - Games for Change Awards 2022
The prototype of The Social Engineer was nominated in the category Best Student Game at the Games for Change Awards 2022. The G4C Awards celebrate the year’s best games and XR experiences for social impact and learning. The Social Engineer was presented in a virtual ceremony on July 15th, 2022.
RESEARCH PAPERS & EDUCATIONAL CONTEXT
The conecpt of The Social Engineer was developed in cooperation with the Institute of Media Informatics at Ulm University. The prototyp of the game was developed as part of a student project. The concept of the game was published in form of a short paper at CHI PLAY 2020.
The goal of The Social Engineer is to sensitize employees as well as private players to the topic of Social Engineering (SE) by taking up the role of a SE penetration tester in a virtually simulated company. While exploiting common vulnerabilities to conduct frequently used SE attack methods, players can gain sustainable awareness for SE. The concept of the game has been designed with the help of SE experts from a cybersecurity company to ensure the technical and theoretical accuracy of the SE attack methods and tasks included in the game. In addition to the educational aspect, The Social Engineer should attract the interest of the player and the replay value of the game by including entertaining stories and varied tasks. Our concept enables the game to be highly extensible and flexible regarding different playable scenarios and settings.
- Companies can use the game as an interactive self-training tool to raise awareness about SE among employees and improve the company’s information security.
- Security experts can let participants of SE training sessions play the game supplementary to traditional classroom lectures.
- Interested individuals can play the game for entertainment purposes at home and get sensitized about SE along the way.
Related Research Papers:
🔗 P. Jansen and F. Fischbach, “The Social Engineer: An Immersive Virtual Reality Educational Game to Raise Social Engineering Awareness”, CHI PLAY ’20: Extended Abstracts of the 2020 Annual Symposium on Computer-Human Interaction in Play, Nov. 2020. ACM.
🔗 T. Drey, P. Jansen, F. Fischbach, J. Frommel and E. Rukzio, “Towards Progress Assessment for Adaptive Hints in Educational Virtual Reality Games”, In Extended Abstracts of CHI 2020 (SIGCHI Conference on Human Factors in Computing Systems), Apr. 2020. ACM.
ADDITIONAL LINKS & DOWNLOADS