HOME /

NCSAM 2020 Digital Scavenger Hunt

Welcome to the 2020 Cyber Security Scavenger Hunt. We have teamed up with the Harvard University Archives, a department of the Harvard Library, to bring you interesting bits of history from the University along with useful cyber security tips. Answer the questions in each of the four sections to discover that section's secret word. When you have all four secret words, use them to find a hidden webpage where you can download an exclusive digital reward. You can follow along with a piece of paper, but the easiest way to play is with our worksheet.

worksheetGet Started Button

 

Choose a section below and get searching!

Click Wisely

Intro

Phishing is a scam in which someone sends you a message trying to get you to open a file, click a link, or follow provided instructions. Their goal is to steal your personal information or money. Our goal is for you to Click Wisely. If something seems off, trust your gut. Don’t click links or follow instructions from suspicious emails. Instead, skip the links and contact the sender or the official website directly.

1. Identify a Fish

Phishing is a trick to get a person to click an unsafe link or file. They usually lure you with a message that seems urgent. Back in William Dandridge Peck’s day, the only fish you had to watch out for were in the water. Before he became Harvard’s first Massachusetts Professor of Natural History, he made a sketch of a fish known as the Cyprinus Catostromus. You could feel like one of these if you fall for a scam, but you shouldn't be so hard on yourself. Use the Digital Collection to find out the common name for the fish he sketched. (6 Letters)

2. Identify a Phish

Let’s move from Professor Peck’s fish sketch to the sketchy cyber criminals who send phishing messages. These messages can trick you into giving up your password, installing software, or following instructions that can cost you money and data. Visit security.harvard.edu and find the phishing infographic. Use this to know how to identify a phish. What sort of SOMEONE would send something like this? (8 Letters)

3. Good Requests

It is nice to get a message from a familiar someone. You might even send instructions via letter to ask them to keep writing you. John Hancock sent such a letter to his sister, Mary Hancock Perkins, when he was a senior in college. Find the request in colonialnorthamerica.library.harvard.edu. While you’re there, what was the name of the college he was attending when he sent the letter? (7 letters)

4. Bad Requests

Not all instructions are so wholesome, some are downright nefarious. Cyber criminals can request gift cards, solicit wire transfers or convince you to install dangerous software. If they steal a password to an email account, they may use that for a BEC scam. Check out the FBI’s Common Scams and Crimes (fbi.gov/scams-and-safety/common-scams-and-crimes/) to learn what BEC is. While you’re reading about the BEC, record what the C stands for (10 Letters)

5. Keeping it Metal

Protecting your money from being compromised has always been a popular notion. In fact, a group of young people at Harvard once did as all young people do and formed a club. Theirs was based around the politics of the gold standard. These Goldbugs even had a special logo made. Check the digital collections to see a poster promoting them and find out what kind of money they wanted. (5 Letters)

6. Alarming!

If you do spot a phishing email, it’s time to sound the alarm. For personal accounts like Gmail or Yahoo, you'll find a menu option to report an email as a possible phish. For your Harvard email, you should forward the suspicious message to the security team. According to the infographic mentioned in clue 2,  where should you forward the suspicious message?  _______________ @harvard.edu. (8 Letters)

Solve This Section!

Time to solve this section. The easiest way is by using our worksheet here.

If you want to solve without the worksheet, use the specified letters in your answers to find the secret word.

  1. Word 1: 1st Letter
  2. Word 2: 7th Letter
  3. Word 3: 4th Letter
  4. Word 4: 8th Letter
  5. Word 5: 4th Letter
  6. Word 6: 8th Letter

Once you've finished this section, choose another. If you've finished all four sections, use the secret words to find the hidden webpage and claim your digital prize.

 

Apply Updates

Intro

Millions of lines of code are written every day. With so much code, there are bound to be bugs- but some bugs put your data at risk. We call those vulnerabilities. Software updates fix the code that makes us vulnerable.

1. Small Changes Over Time

For those of us who have been working remotely for the last six months,the Cambridge and Allston neighborhoods are bound to look both familiar and different when we return. Over time, these changes add up. Imagine how different the area must have appeared a hundred years ago. Thankfully, we don’t need to imagine. Check the Digital Collections for a View of Harvard Stadium, Larz Anderson Bridge, and Newell Boat House across Charles River with Weld Boat House in foreground. What kind of view do you find? (6 Letters)

2. Small Updates Overnight

For phones, updates can come over the air through your wireless provider. For Harvard computers, they come via update packages. Putting your computer to sleep saves energy, but a full restart ensures that your updates take effect. At security.harvard.edu/apply-updates you’ll find tips for keeping your computer secure with the latest updates. According to that page, how often should you reboot your computer? (6 Letters)

3. Configuration Consideration

Weak configurations can put you at risk, but secure ones can protect you and the University. Enabling automatic updates is an important part of configuring your personal devices. Check the Personal Device Security Guides on the security webpage. There you can find tips for securely configuring your computers and phones. We have guides for Android, iOS, Windows and which other type of device? (3 Letters)

4. The More Things Change...

They say an apple a day keeps the doctor away. That may be the case, but sleep and fresh air can help too. During one particular outbreak, a book was distributed to encourage people to stay outside and avoid being indoors with people. It had tips for converting outdoor areas into livable space to limit the spread of the sickness. You can find it in the Digital Collections. The book is titled Sleeping and Sitting in the Open Air. What disease was it meant to combat? (12 Letters)

5. ...The More They Stay The Same

When the MP3 player came out, I remember how out-of-date my CD player seemed. Technology keeps advancing, and it becomes difficult to even access old media. In 2017 the Harvard Library digitized an etched aluminum disk to find the earliest known recording of a famous Harvard student. This Audio Recording contains his thoughts on the contentious Supreme Court appointment of Hugo Black. Search the Digital collections to listen to the audio and find out the last name of the famous student. (7 Letters)

6. End of Life

That aluminum disk player wasn’t the last piece of technology to go out of date. When phones, computers, and software are no longer supported, they no longer get updates. This means that any security flaws found in that device will no longer receive updates. These products should be replaced. A short list of these unsupported products are available at security.harvard.edu/apply-updates, including Windows 7 and which other Windows version? (2 Letters)

Solve This Section!

Time to solve this section. The easiest way is by using our worksheet here.

If you want to solve without the worksheet, use the specified letters in your answers to find the secret word.

  1. Word 1: 1st Letter
  2. Word 2: 1st Letter
  3. Word 3: 2nd Letter
  4. Word 4: 5th Letter
  5. Word 5: 2nd Letter
  6. Word 6:  No secret letter for this clue.

Once you've finished this section, choose another. If you've finished all four sections, use the secret words to find the hidden webpage and claim your digital prize.

Use Strong Passwords

Intro

A password is how you prove you are you. Technology has gotten better and better. Our passwords should get better too. We should choose strong passphrases, manage all our passwords in a password manager, and enable two-step verification to protect against account theft.

1. A Pet Named Sue

In the early days of computing, people would use their pets' names as passwords. While you won’t forget your pet, people all too frequently share this information. And as we know, this information sticks around. For example, Robert Woods Bliss and Mildred Barnes Bliss, the founders of Dumbarton Oaks, were photographed in 1925 with their pet named Sue. What kind of animal was it? (3 Letters)

2. How to Phrase It

If we are barking up the wrong tree with pet names, what should we choose for our password? The best option for most people is a passphrase. Instead of remembering a long random string, remember four words. If you check our security webpage and look for “How to Make a Passphrase” you’ll find a guide that can help. How many complete cupcakes are there on that infographic? (4 Letters)

3. Keep it to Yourself

Passwords are only secure if you don’t share them, but how could a person be tricked into giving up their password? (https://youtu.be/opRMrEfAIiI) What is the second woman’s password? (Ten Characters)

4. It's How You Say It

Passwords and Passphrases identify us by something we know, but there are two other commonly used ways to identify people. One of them is biometrics, which measures something about you, such as a fingerprint, the way you walk, or the way you speak. An early form of biometrics was a Shibboleth. In Hebrew, Shibboleth is the word meaning the part of a plant containing grain. It was pronounced differently by region and allowed soldiers to identify someone trying to hide their regional identity. Of course, careful study of the language could overcome this form of authentication and luckily for our students, the first instructor of the Hebrew Language taught at Harvard. If you search for his Rabbinical Manuscripts from the 1700s, you can find out his last name and see his work. (5 Letters)

5. A Step in the Right Direction

Besides something you know (Passwords) and something you are (Biometrics) there are tokens, or something you have. If you have a HarvardKey, you’re already familiar with the concept. You log in with your password and verify the log in with your phone. This second factor ensures that the person logging in is you, not just someone who happens to have your password. This security feature is available on many platforms. Visit twofactorauth.org to learn more. While you’re there, what letters are in the parentheses on this page? (3 Letters)

6. Stay Strong

Why do we make sure our passwords are strong? Strong passwords are tough for criminals to crack. The password strength checker at howsecureismypassword.net can give you an idea of how strong different kinds of passwords are. Compare a pet name like "Fluffy" or a word with a few numbers and special characters at the end like "password123!" Now, try the passphrase from the infographic in clue number 2. How many years would it take to crack that passphrase? 6 _______ Years (10 Letters)

Solve This Section!

Time to solve this section. The easiest way is by using our worksheet here.

If you want to solve without the worksheet, use the specified letters in your answers to find the secret word.

  • Word 1: 3rd Letter
  • Word 2: 4th Letter
  • Word 3: No secret letter for this clue.
  • Word 4: 4th Letter
  • Word 5: 2nd Letter
  • Word 6:  4th Letter

Once you've finished this section, choose another. If you've finished all four sections, use the secret words to find the hidden webpage and claim your digital prize.

Know Your Data

Intro

You generate lots of information, but do you treat it all the same way? Of course not. Some types of information you want to share with the world, other information needs to be kept private. In the same way, Harvard has categories of information. There are important rules for each level of data to help you use it securely.

1. Fair to Share

Part of Harvard’s mission is to collect, share, create and distribute information. Protecting that information doesn’t mean we try to keep it secret. Most of our data we want shared with the entire world, and what better place to do that than at the World’s Fair? In 1893, Harvard sent Wax Specimens to a Columbian Exposition. Check the digital collections to find out what city hosted that event (7 Letters)

2. It's Classified

From wax displays in the Windy City to direct deposit information for our staff, all of Harvard’s information can be classified into one of five security levels. To understand what kind of data you have and the steps needed to protect it, Harvard Information Security has a released an Information Security Quick Reference Guide. Use this guide to determine what the security level would be for information put on Display at the World’s Fair. (2 Characters)

3. Collaborators

One of the most important parts of being a research university is collaboration. Working together makes extraordinary things possible. One of the most important collaborative efforts in modern history was the formation of the Allied military of the 1940s. Did you know Winston Churchill himself visited Harvard University? Look in the Digital Collections to learn what letter of the alphabet he waved when he stood on the steps of Memorial Church? (One Letter)

4. Where to Share

To ensure victory for your collaborative efforts, you must use secure tools, platforms and services. Good news, Harvard provides these services to the community. Even better news, you can find a listing of them on our security website. The Collaboration Tools Matrix puts the service and the approved security levels right there. According to the page, what versions are not recommended for University business?  (8 Letters)

5. Harvard's Network Anywhere

If you’re a consumer of Harvard network services, you’ll want to be able to access it anywhere. Perhaps you’d like the added privacy of having your own virtual network. Harvard’s VPN is just that, a Virtual Private Network. Whenever you’re doing Harvard work, simply click to connect and enjoy the added security and privacy. According to the Why Use VPN infographic on the security page, using HTTPS is pretty good. What is connecting to Harvard’s VPN considered? (9 Letters)

6. Computers at Harvard

Excellent work! You’ve come this far and learned so much about the services and systems available to you for collecting, sharing, and collaborating with data securely. If should come as no surprise that the University is committed to providing quality IT. After all, Harvard has had rooms full of computers since 1885. Search the collections for Photographic Views of Harvard College Observatory 1885 to learn more. While you’re there, what celestial items were on the tables in the laboratory? (6 Letters)

Solve This Section!

Time to solve this section. The easiest way is by using our worksheet here.

If you want to solve without the worksheet, use the specified letters in your answers to find the secret word.

  • Word 1: 1st Letter
  • Word 2: 1st Letter
  • Word 3: No secret letter for this clue
  • Word 4: 5th Letter
  • Word 5: 1st Letter
  • Word 6: 6th Letter

Once you've finished this section, choose another. If you've finished all four sections, use the secret words to find the hidden webpage and claim your digital prize.

Find the Hidden Webpage

Have all of the secret words from each section? Fill them in to complete the address for the hidden webpage, then paste it into your browser to complete the scavenger hunt and download your digital prize!

security.harvard.edu/ (word 1) - (word 2) - (word 3) - (word 4) 

No punctuation, just a dash between each word.