PacketWars: A cyber security sport for a cyber age
by Zeljka Zorz - Tuesday, 23 November 2010.
Apart from being the developer, Fite is also "The Packet Master". He facilitates the battles and serves as a commentator by explaining the attacks to the spectators. "It's a throw back to old RPGs, when I played the role of Dungeon Master," he says with a smile.

To participate in a public PacketWars battle all you need is a computer of your own. The organizers sanction players and teams at their discretion, but there are currently no extra fees to pay other than admission to the hosting event - typically hacker and security conventions. Event sponsors pay for the operational costs of the battles and provide prizes.

Battles can be played by individuals and teams. It is assumed all players are law-abiding citizens, and illegal activity of any kind is not tolerated. "That mainly refers to physical attacks on others or on their equipment," he says. "In the real world, physical attacks are certainly an option, but in our simulations they are prohibited. Other than that, the battle unfolds on an isolated network, so pretty much everything else goes."

Typical PacketWars players are security and IT professionals, students, hobbyists, and the occasional hacker. "This is a very accessible sport for beginners. In the past I would say you had to have much more experience. When it comes to organizing teams, we suggest the players to think about covering a varied skill-set," explains Fite.

"TCP/IP and basic networking is probably the only real technological requirement. But you won't get far without good application and OS skills," he says. "We have introduced a player rating system. The more you play - earning league points - the better we are at rating your skill levels. Registered players can accumulate league status and be eligible for special Battle opportunities, including invitational events not open to the public."

The basic idea is to get as many players possible involved, so that a lot of games can be played. Sometimes qualifying events are run or participation is limited due to physical constraints based on the battle venues, but other than that - everyone who intends to follow the rules is welcome.

"We try to hit as many events as possible," Fite explains. "However, we are constrained by time and budget. In order to get more coverage, we sanction some CTF games and run remote games. In addition, we have started building regional franchises. This builds local and global teams for league play - expanding the sport in a cost effective and sustainable way."

Private battles are also organized. The PacketWars platform is often used for training, team-building or QA/product testing sessions. It is a great environment for honing offensive and defensive computing skills and capabilities. Fite is of the opinion that PacketWars could create more and better "cyber warriors" in a shorter period of time than the current practices.

"We have players who work in government or law enforcement roles," he says. "I know of several people who have referenced their involvement with PacketWars on their CV's and still got hired. I like to think it is viewed as a positive indication of a candidates experience." In this day and age when various government agencies around the world are trying to attract knowledgeable individuals that could defend the country's cyberspace if the need arises, I must say that I think he's right.

And PacketWars has the potential of being not only a fun and educational experience for the players, but also to inspire in spectators a wish to learn more about the techniques used and about cyber security in general. All Battles are recorded - audio, video and complete telemetry - and this content is presented to the public under a Creative Commons license.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th