PacketWars: A cyber security sport for a cyber age
by Zeljka Zorz - Tuesday, 23 November 2010.
In this day and (cyber)age, hacking contests are sprouting like mushrooms after the rain - and it's a good thing they do. For what better venue is there for exercising the offensive and defensive cyber skills of future "cyber warriors" than events such as these, where their talent can get noticed and appreciated, and inspire others?

But PacketWars differs somewhat from that formula. Its developers started it with an ambitious goal in mind - to educate people while having fun and to institute Internet's first cyber sport that is also spectator-friendly and offers a fertile ground for establishing local and global leagues.

How the story began

"This is what we need," thought Bryan Fite (aka Angus Blitter), the developer of PacketWars, as he witnessed Ghetto Hackers' projection of a "geisha girl" commenting the gameplay at DefCon's Capture the Flag contest.

"In the mid-to-late 80's late me and my hacker crew HackSecKlan were attending any and all hacker conferences we could get to, and one of our favorite things about them was the various 'capture the flag' style games. We loved them," reminisces Fite. "But, as we saw it, there were downsides to having these contests during the conference."

He soon realized that anyone engaged in these contests would typically have to give up much of their social interaction time and missed presentations, and that most people who ran the games got burned out - whether it was because of the cost of organization or simply because it was a lot less fun to organize such events than participating in them.

Watching a variety of CTF events, he noticed that most hackers tried to attack the game platform instead of actually mastering the objectives. He realized that the game platforms should have two main characteristics: mobility and a design that couldn't or wouldn't be "hacked". But, the real turning point was the "geisha girl". "She was commenting on the game play. I was fascinated. It was so engaging. It sucked people in," he says. "In short - it was the key to making these events 'spectator friendly'".

And that became the last piece of the puzzle. In order to address all of the negative aspect of this contests, he decided that the answer was to turn CTF into a proper sport. "We needed a sustainable structure, that was fun to play, easy to execute and would hold the interest of those who weren't playing. And, with PacketWars, we think that we have accomplished this."

Inside PacketWars

PacketWars events consist of a series of "battles" that pit individual players or teams against each other in a race against time to complete a number of defined objectives. "Two of my favorite battles are "What's My Name?" and "King of the Hill", says Fite.

The first one is a straight up reconnaissance assignment - individuals or teams have a limited amount of time, normally 30 to 60 minutes, to "visit" numerous targets in a specified address space. They must record as many attributes about them as they can: OS, running services, versions, known vulnerabilities, etc. Whoever identifies the most accurate attributes in the shortest period of time wins the battle.

"'King of the Hill' is pure carnage!" recounts Fite. "Battles normally last 2 to 4 hours and create a 'Battle Space' within a specified address space (kill zone). The external attack surface is usually based on difficulty level of the battle and experience and skill level of the combatants. However, once the outer layer of security has been breached, combatants can leverage compromised assets inside of the Battle Space to attack internal assets or even other combatants - just like in the real world."


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th