“Hacked! An Escape Room Experience” puts you in cybercriminals’ shoes

Posting a picture of your first car on social media might seem harmless. But to a cybercriminal, the make and model of your first car might be the key to breaking into your accounts.

Getting into the mind of a cybercriminal is Joe Magliocca’s goal with Hacked! An Escape Room Experience.

“If people better understood how criminals are trying to hack into their accounts, they could put better safeguards in place,” says Magliocca, the Information Security Training and Awareness Coordinator in Carnegie Mellon’s Information Security Office.

Magliocca likens his program to that of an Escape Room, an experience in which small teams of people are locked in a room and must search for clues on how to get out within a certain amount of time. The way out is typically a door locked with a code; figuring out what that code is becomes the focus of the experience.

If people better understood how criminals are trying to hack into their accounts, they could put better safeguards in place.

Joe Magliocca, Information Security Training and Awareness Coordinator, Carnegie Mellon’s Information Security Office

In Magliocca’s Hacked!, teams are placed into a scenario where they encounter a bag with various items, including a password-protected laptop. Teams are challenged with figuring out the password to the laptop using other clues in the bag, all in under 45 minutes.

“You’re playing the role of a cybercriminal,” Magliocca says. “By participating, you learn some important ways that cybercriminals are trying to break in.”

One common method cybercriminals employ, Magliocca says, is guessing answers to security questions that often pop up when one clicks “Forgot Password” on a login page. Oftentimes, the answers to these questions can be found online. It’s not hard to imagine someone posting a picture of the first car they ever drove—throw in a #TBT—revealing the answer to a common security question, “What was the make and model of your first car?”

Magliocca’s advice? We should lie.

“We should never be truthful in our security questions,” Magliocca says. “If a security question asks you what the make and model of your first car is, why not make it a 1989 Batmobile?”

Cybercriminals have been successful in breaching scores of online accounts, regardless of the owners’ status or position in their community or their company. For that reason, Magliocca believes everyone needs to be trained in cybersecurity, and Hacked! is designed for everyone.

Do you have money in your bank account? Because if so, you matter. They want your money.

Joe Magliocca, Information Security Training and Awareness Coordinator, Carnegie Mellon’s Information Security Office

“I hear a lot of people say, ‘I’m not important. Why would anyone want to attack me?’” Magliocca says. “And I say, ‘Do you have money in your bank account? Because if so, you matter. They want your money.’”

Hacked! An Escape Room Experience will hold one session per day January 28 - 30 from 2:00 - 3:00 p.m. in the Cohon University Center. Each session can handle up to 50 participants, and all students, staff, or faculty at CMU are eligible to participate. Registration is free and can be completed online.