At first glance, the Watch Dogs video games seem like far-fetched fantasy, depicting a world of constant surveillance, ubiquitous hackability, and authorities eavesdropping on citizens to prevent crimes before they happen. But the more you peer beneath the covers, the more you realize how close the games are to reality and the more you see the hidden dangers that accompany technological advancement.
Watch Dogs and its more polished successor Watch Dogs 2 follow the same basic premise. You play a vigilante hacker in an open-world, semi-fictionalized city (Chicago in the first, San Francisco in the second), taking on governments and corporations by hacking everything around you from traffic lights and automobiles to cell phones and data centers.
Although it sounds like an interconnected Orwellian nightmare, you’d be surprised how much effort went into making the hacking principles and scenarios as realistic as possible. The developers actually took advice from security experts at Kaspersky while designing game mechanics, user interface (UI) screens, and hacking flows. The games also take satirical but well-placed jabs at the grey areas of private information collection and unchecked corporate oversight.
Let’s study how the Watch Dogs games hit the right notes on a few key issues in cybersecurity today.
The Internet of (Potentially Harmful) Things
The Internet of Things has regularly been touted as one of the driving forces for future technological development, and rightly so. But its speed of adoption has not been matched by a speed of willingness to make the system secure. At its best, the Internet of Things can enable a seamless network of smart devices running like clockwork in utopian cities. At its worst, everything can come crashing down with one well-placed hack.
Both Watch Dogs games shine a ruthless light on this. The games’ versions of Chicago and San Francisco are controlled by Central Operating Systems that control all public and surveillance services, something that the protagonists regularly exploit to great effect. They can scramble traffic lights to cause havoc during car chases, manipulate retractable road-blockers to crush police cars, and blindside security cameras to enter clandestine facilities.
These abilities are unnervingly close to reality. Wireless traffic signals in Michigan got hacked in 2014. A year later, Chrysler recalled 1.4 million vehicles after a successful remote hack where attackers took control of the cars through the internet. It’s relatively easy to make and sell devices that “talk” to each other today, but it’s hard and expensive to make them secure across the board. Moreover, all it takes is one device with weak security to compromise the entire network, triggering a deadly domino effect that can spell catastrophe both in video games and in real life.
The Perimeter Is Dead (Long Live the Perimeter?)
Your phone is the most powerful weapon you have in Watch Dogs. Every non-playable character in the game has a phone filled with a digital life that you can hack to your advantage. Lift someone’s bank account details and access their account at an ATM? Check. Spy on private messages? Check. Make a guard’s phone buzz to distract him while you discreetly make your escape? Check. Sic rival gangs on each other so that you don’t get your hands dirty? Check, check, check.
This mirrors the problems experienced by perimeter security caused by developments such as BYOD (Bring Your Own Device) policies and public cloud hosting. The easier it is to bring a hacking vector (your phone) into walled networks, the easier it is to take data out with brute force attacks. No matter how robust firewalls are, the sheer volume of external devices in the proximity of walled networks all the time makes intrusion likely.
Debates rage in the security world about whether perimeter security holds the same clout and resource pull that it once did. Many organizations are starting to invest more in building perimeters around their data rather than just around their endpoint devices.
Endpoint security has two main objectives: protect the user’s own device and data, and prevent the user’s device from acting as an entry point for the attack to infect other systems and their data. Both are good objectives, but note how data protection is central to both. It makes sense to shift some resources to make personal and financial data the focus of protection rather than any one device.
***
Video games are abstractions of reality and players usually find it easy to compartmentalize between what they’re playing and what they’re living. But Watch Dogs focuses on a future that’s almost here; a future that holds things which are simultaneously beneficial and uncomfortable, like a chocolate-flavored cold sore. As players find themselves in a game world that is always connected, always smart, and sometimes malicious, the lines between reality and simulation blur.
About the author: Rishi Bhargava is Vice President and Co-founder of Demisto, a cybersecurity startup with the mission to make security operations “faster, leaner and smarter.” Prior to founding Demisto, he was Vice President and General Manager of the Software Defined Datacenter Group at Intel Security. A visionary and technology enthusiast, he was responsible for delivering Intel integrated Security Solutions for datacenters.
Rishi has over a dozen patents in the area of Computer Security. He holds a BS in Computer Science from Indian Institute of Technology, New Delhi and a Masters in Computer Science from University of Southern California, Los Angeles. He is passionate about new technologies and industry trends and serves as an active advisor to multiple startups in Silicon Valley and India.