Security Lessons from the Game of Werewolf

I can't believe I haven't posted this before.

Posted on April 8, 2016 at 12:27 PM • 16 Comments

Comments

K.S.April 8, 2016 12:51 PM

While linked article is interesting reading, it is largely inapplicable to information security. During the game werewolves follow the rules, during compromise attackers are only restrained by what is physically possible.

I don't imagine that a game of werewolves where arbitrary amount of villagers could be killed during first night would be any fun.

mozApril 8, 2016 1:21 PM

It's a great example. I think the idea of noise is really 100% right for lots of commercial and even state sponsored spying issues. There's no way to completely stop leaking information and still use the internet. Even if you used very short lived temporary identities you stand out as the only IP address those are coming from. The only solution which will work is to start to use and swap around temporary identities so that the wrong labels get applied to different places.

The strategy described for the seers seems to me a to have an error. As described in Ian M Bank's Excession, you just aim for the centre of the group (the voting block in this case).

@K.S. even the NSA has to follow the rules of physics. Sometimes a limited game is more educational than a more realistic one.

ACORNApril 8, 2016 2:13 PM

Everyone needs an App that does random searches, makes random calls, goes to random web pages. This would exponentially increase the work function of the meta-data analysis algorithms. It would hide a person's true communications and characteristics in a thick cloud of bogus interactions and queries. As Churchill said, "... truth should be accompanied by a bodyguard of lies". This is the App that strikes fear into the hearts of lazy law enforcement, nosy advertising and those that profit by selling information about you and me.

DaveApril 8, 2016 3:26 PM

It seems that we play Werewolf rather differently.

The first rule of Werewolf, as we play it, is that everybody must be inebriated. If anyone is sober, they may start to take the game seriously. Such players will be voted out immediately.

The second rule of Werewolf is that the first lynching is pretty much random. Therefore you need to persuade the other players with a convincing argument - the more ludicrous the better. A typical opening gambit might be, "Bruce is obviously a werewolf because he has a beard, and statistics show that 83% of werewolves have beards". Players are encouraged to inflate the arguments from such a sensible starting point.

In later rounds, one can open with the perfectly reasonable argument that since Bruce was a werewolf last time, he must be this time as well. Or, with equal validity, that the law of averages means that Bruce is extremely unlikely to be a werewolf twice in a row, so we should lynch someone else.

Heated disagreements are encouraged. (Actual rudeness is not).

Anyone who wins twice in row is obviously cheating somehow and will be first to be lynched in the next round.

Until reading this article, I was entirely unaware that anyone played the game seriously.

Ergo SumApril 8, 2016 3:56 PM

@K.S... Agreed...
In today's world, the software is the villagers, hackers are the werewolfs and we are the sheeps caught in the crossfire. The actions of the villagers and werewolfs are pretty much beyond our control, there isn't much security lesson to be learned from this game.

If we played this game right, we should not trust the software at all and force them to die. That would kill the werewolf as well. But then, we have no reason to have a monitor on our desks....

tyrApril 8, 2016 5:44 PM

"Until reading this article, I was entirely unaware that anyone played the game seriously."

You need to spend more time around gamers.

Particularly during the pre-game rules lawyering
preliminary interface sessions arguments.

Other games...April 8, 2016 6:27 PM

There are quite a few games that teach human behavior and security like this...

For example, the company that makes Eve Online encourages its players to use infiltration tactics to get an alt into an opposing team's ranks, to spy on them and take them down from the inside out... (makes them more money, because people have to pay monthly for more accounts)

One way I found to combat this was to make sure every teammate got to know every other teammate really well... If they won't get on voice coms, always lurk and won't chat, won't play often (except during important battles! doh!), and don't allow anyone to get to know them really well.... then it raises suspicion. Because if you're highly involved and interactive with the team, it's hard to keep a lie going and keep the tangled web you weave straight... It's like the classic "keep your friends close, and your enemies closer"....

Also it's really hard for a highly experienced person to truly act like a newbie without doing something too suspicious. So concentrate on recruiting and training newbies. The game is very complex, and there's much to teach a newbie. The more different an enemy spy is attempting to act from his true self, the easier he is to catch. (and if he really is a newbie spy, well, haha, we can eat newbies for lunch anyway, come and get us... or even better just recruit them all...)

The third way was to actually treat everyone really well. Be fun. Make it more fun to be on your team than any other team in the game. If a spy comes into a situation like that, and gets past the above two methods, he may easily be "turned" and become a double agent... And that's ok too. Play for the fun, not just to win. Winning is part of fun, sure, but not all there is to it, the people make it really fun. And it's even more fun to be the underdog full of noobs that somehow wins anyway (or survives anyway...) via some sort of clever tactics... Our catch phrase was "we only train the best spais" (and yes, that can be taken multiple ways, that was the joke).

Besides this, you learned basic opsec and to compartmentalize and to be suspicious of everything on the one hand, yet not let it get to you much on the other if you wanted to stay and have fun...

There are a few real life lessons here I'm sure...

Cameron CanineApril 9, 2016 6:15 AM

There are rules often involved with compromising software running on devices brought about by the circumstances of life that software and devices exist in.
A phone may be in a certain place for a limited time each weekday then be out of range once the owner goes home and leaves mobile coverage.
A brute force attack on passwords may have a limited amount of time before security personnel or software notice, or the device is locked down.
The architecture or protocol used by software will confine it to a limited number of functions that can be exploited.

Before trying to compromise software or a device one must study it, what you learn is effectively the rules you will have to work within. Occasionally you will get a lucky break outside of the rules, but generally you will have to work within certain rules to most efficiently utilise your time and compromise your target as quick as possible. Any extra time taken up inefficiently could increase the chance of either your detection or failure.

EddieApril 9, 2016 11:30 AM

@ Cameron Canine, "Before trying to compromise software or a device one must study it, what you learn is effectively the rules you will have to work within."

This is kind of interesting comment. It sort of fits in with common use cases of the web. When you peek, there's intent. When you click thru, there's drill downs. So thereotically as "game makers" study what you study, it can pre-emptively modify itself to suit new rules, kind of like targeted advertisements.

FrogmanApril 11, 2016 6:56 AM

There is a couple of problems with the "Seer noise" tactic, namely that a) other villagers might mistake the seer's communication with neighbours for werewolf "whom to eat next" communication, and vote them out, and b) werewolves being able to mimic this behavior, rallying the villagers by their side to vote against other villagers, which might go unnoticed for a few decisive nights.

blakeApril 12, 2016 10:33 AM

@Frogman

> There is a couple of problems with the "Seer noise" tactic

Well, good. If there was a strategy to which there was no available counter, it would cease to be an interesting game.

The strategies need to have counters, and those counters need to be counter-able too, and then the game is which of these to pursue, which is called "Yomi layer 3" by Sirlin.

http://www.sirlin.net/ptw-book/7-spies-of-the-mind

(This is more of a departure from the security lessons, and more about what makes a game a game.)

BJ April 13, 2016 8:10 PM

My most favorite game ever!

I play it at Dragon Con every year, it's the only reason I even attend Dragon Con.

I love it so much that I created and ran my own Con this February called Decepta Con. It's an amazing study into human behavior.

BjoernSeptember 2, 2016 5:16 AM

Even more security and social engineering lessons you can find in this brand new take on the hidden-identity game genre: Secret Hitler

It's free if you're happy with print-and-cut-your-own-printout-quality, for the polished game release non-Kickstarter backers have to wait a bit. The rules are also available online.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.