A couple of weeks ago, we introduced The Red Teamer’s Go-To Move #1, “The Lifecycle Lens.” It’s time now for the second move in the series: “Con and Hypercon.”
As we suggest in Red Teaming Law #32 (“The Target”), red teaming is all about perception. The superior red teamer is constantly aware of the risks and opportunities inherent in perceptual variations. Why? He or she wants to both avoid and achieve surprise. If we were all Sun Tzu, it might be possible to do this every day without fail. For better or worse, we’re not, so we offer the following framework as an aide-mémoire.
The framework features three states. Each state describes the perceptual relationship between two players. In a red teaming context, these are typically an attacker (RED) and a defender (BLUE).
- Eye-to-Eye. In this state, both players perceive the same “game,” or set of players, strategies, and outcomes. An example here is a straightforward game of chess.
- The Con. In this state, one player (say, RED) is playing a different game designed to exploit BLUE’s belief that the game is still Eye-to-Eye. An example here is a game of chess in which RED covertly receives his moves via a small concealed earphone from a nearby chess master while BLUE still trusts that the game is fair. In short, The Con state is equivalent to the common-sense use of the word “con.”
- The Hypercon. In this state, the nominal “victim” turns the tables on the player who intends to exploit The Con. You might call this “conning the con.” An example here is when BLUE discovers that RED is covertly employing a chess master. Instead of exposing RED’s fraud, BLUE “hypercons” RED by intercepting and subverting the signal, sending RED damaging moves. This is particularly harmful to RED, who moves with false confidence, believing throughout that The Con prevails and his cheating play remain masterful. Putting this in another context, you might employ a hypercon when you discover that your adversary (RED) has deployed an insider into your trusted system. Instead of arresting the insider, you use them to send false or misleading information to RED.
Of course the real world is much more complicated that these three standalone states suggest. What if, for instance, RED and BLUE simultaneously run a con against each other believing that the other trusts the game is still Eye-to-Eye, or what if BLUE believes RED is running a hypercon when RED, in fact, is not? In other words, each player can either perceive or misperceive the prevailing state. To aid the red teamer, last year at Black Hat USA we introduced a “game board” on which to explore the states. Our immediate goal was to help red teamers visualize the possible variety of states. Our broader, longer-term goal, however, is to train red teamers to think intuitively in terms of con and hypercon without the aid of these visual aids. This should yield red teamers who consistently and effortlessly weigh the following questions:
- Is everything as it appears to be?
- Am I being conned?
- Can I turn the con into a hypercon?
- Can my opponent turn the con into a hypercon?
- What if I’m wrong?
As stated initially, this approach helps the red teamer balance risk and opportunity by perceiving how he or she might be surprised and how he or she might execute surprise. And we believe that this, our good red teaming friends, is at least part of the essence of Sun Tzu’s wisdom distilled and bottled for easy red teaming reuse. Enjoy!