In this week’s episode, #118: modern computer games are like mini economies and that makes them a big target for hackers. We talk with four leading researchers from Bug Crowd about how even popular games fall down on security. Also: Srinivas Mukkamala, the CEO of RiskSense about how artificial intelligence and risk based approaches to securing elections systems could pay off.
Bug Hunter Eye on the Gaming Guy
But first: the massively multiplayer online game FortNite isn’t just the most popular thing in the under 15 set. It’s a massive money maker for its publisher Epic games. For cyber criminals, its the gift that keeps on giving. Recent weeks have brought stories about malicious mobile downloads posing as Fortnite apps, while hackers have been fencing stolen Fortnite accounts on Instagram and in underground forums.
The fact is: games are big business and the most successful among them now resemble mini economies with marketplaces, buyers, sellers and a vast array of virtual goods worth billions of (real) dollars. That puts a premium on security for game software and infrastructure. But our guests this week say that – despite that – security is often an afterthought for game publishers under intense pressure to meet delivery dates for their creations.
In our first segment we invited four top vulnerability researchers from the firm Bugcrowd in to talk about their work on games and gaming platforms. Jason Haddix, is Bugcrowd’s VP of Trust and Security – this is his second time back in the SL studios. He’s joined by JP Villanueva, trust and security engineer, Dan Trauner, security engineer and Adam David, software engineer at Bugcrowd. In this conversation, we talk about how popular games often fall down on security, what game makers can do to improve the security of their creations and how the best and most successful gamers might have second careers as bug hunters.
Election Security: It’s the Risk, Stupid!
Securing election systems is often presented as an intractable mess: a system so hopelessly flawed that middle schoolers can make short work of a sophisticated vote counting console. But Srinivas Mukkamala, the CEO of RiskSense notes that the US election system has a couple things going for it. For one, it is distributed – run by states and localities. Second, the system is – mostly – offline. Both those act as insulation against the worst possible hacking scenarios.
“You can influence an election and create local biases, but you can’t change the election,” Mukkamala said.
That doesn’t mean there’s no threat to election integrity, especially when you look at the influence of a few, swing districts in predicting the outcome of the election, he told me. From an infrastructure standpoint, Mukkamala said that we’re in better shape than before, but that voter registration systems are an area of major concern.
Rather than panic, however, he said that officials should take a risk based approach to security. Elections, he notes, are the sum of multiple systems that manage the lifecycle of an election – from registration through to voting. AI and machine learning can be a big help: narrowing the scope of attention for officials to the most likely sources of compromise.
In this interview, Srinivas and I talk about the state of play in the U.S. election system and what a risk based approach to election and voting security may look like. Have a listen!