Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Security Government The Internet News

Details of Cyber Storm War Games Released 96

I Don't Believe in Imaginary Property writes "Apparently, the participants in the U.S. 'Cyber Storm' war games are familiar with the Kobayashi Maru, because some of them tried to cheat by hacking the games themselves. They also prepare for some very interesting scenarios. Among other things, the organizers are worried about having too many people on the 'No Fly' list show up at an airport, finding 'mystery liquids' in the subway, and having bloggers reveal the classified location of railcars with hazardous materials. The Department of Homeland Security has already analyzed the results of the games, and plans to hold 'Cyber Storm 2' in March."
This discussion has been archived. No new comments can be posted.

Details of Cyber Storm War Games Released

Comments Filter:
  • how about a game of global thermo nuclear war?
    • Re: (Score:2, Funny)

      by TheSpengo ( 1148351 )
      Defcon: Everybody Dies by Introversion you mean? :D Which reminds me of another game by the same group that does not simulate what happens as a result of cyber attacks but allows you to play as the attacker: Uplink. It's also a very entertaining game though not entirely realistic.
    • by Shadow Labs ( 807971 ) on Thursday January 31, 2008 @09:30PM (#22256390) Journal
      I find it interesting that they call hacking the game itself "cheating."

      Reminds me of when I was in college and us CS people used to get together and play a computerized version of capture the flag. The premise of the game was simple enough -- players were divided into 4 teams of 2-3 people each, and each team got a machine that came pre-loaded with an older unpatched version of Linux that had well known and published security vulnerabilities (something like Red Hat 7.3). Each machine had 4 services running on it -- typically SSH, Bind, Apache, and telnet (yeah...*sigh*). Each of those services came configured to return a certain string (the so-called flag) when queried by a master scoring server that ran a fairly simple Python script. The script ran once every minute and then displayed up to date team scores on a video projector. The rules of the game stated that we could not patch the machine or use IPtables to lock down the machine. Anything else was fair game. The machines and the scoring server were all networked together on small private network, and each team was given one additional network drop to do with as they pleased.

      Anyway, one night we got together to play CTF and there were only enough people for 3 teams of two. Since that doesn't make for such an interesting game, one of our professors who was just supposed to be observing decided to join in and be on his own team. As soon as the game started, everyone went to work furiously trying to defend their boxen and then the real fun -- the attacking -- began.

      We were all quite surprised when the first round of results came in and our professor hadn't had anyone hijack his machine. He also evidently hadn't attacked anyone else. The night went on and each of the student teams went back and forth, attacking and defending, but our professor stayed the same -- he neither had anyone successfully compromise his box, nor successfully compromised anyone elses.

      The last few minutes of the game saw my team dead last, our professor in third place, and two other teams above us. 5 seconds from the end, our professor's score suddenly increased to an ungodly high (and according to the rules unattainable) score, with the rest of our scores getting set to zero. As the clock ticked down and the game came to an end, we were befuddled as to what happened.

      Suddenly it dawned on us -- our professor had spent the entire time hacking the scoring server (which was supposed to have been an up to date, secure Linux install) and replacing the Python scoring script with one of his own, all to his advantage. At some point during the game, he had actually replaced the running script with his own, without any of us ever noticing. We were all in awe and amazement at his creativity -- the idea to do such a thing had not even occurred to any of us. We learned several valuable lessons that night, one of which was that the mind of a creative attacker may not be confined solely within the nice little security box that you place it in. That, and never mess with your professors!
      • by Tomy ( 34647 ) on Thursday January 31, 2008 @11:37PM (#22257370)
        I've always believed the biggest obstacle to any creative endeavor in general is Functional Fixedness [], the bias that limits us to sort of only playing by the rules. I was at a party once and my psychology professor demonstrated it for me with a challenge to everyone at the party that he could drink wine from one of the unopened bottles of wine on the table without damaging the glass or cork in any way. Once everyone had given up guessing how he would do it, he turned the unopened bottle upside down, and poured wine from an opened bottle into the depression in the bottom of the unopened bottle and drank it. Our cognitive bias kept us from thinking outside the box, or bottle as it may be.
      • by glwtta ( 532858 ) on Friday February 01, 2008 @12:09AM (#22257546) Homepage
        Well, the point of war games is to simulate real-life scenarios, so cheating is not constructive, no matter how clever it is.
        • by darkmeridian ( 119044 ) <(moc.liamg) (ta) (gnauhc.mailliw)> on Friday February 01, 2008 @12:57AM (#22257842) Homepage
          That's a very naive view of the world. The real world is unexpectedly complicated and there's lot of room for thinking outside the box. For example, in a U.S. war game, the American forces supposedly had the benefit of a jamming operation that prevented the enemy from communicating at all. The OpFor leader in charge of attacking the American forces used clarion calls from mosques and civilian motorcycle messengers to communicate despite the hypothetical jamming operation. The observers disallowed his communication saying it was outside the rules.

          Well, in the real-world in Iraq, the insurgents are hiding behind civilians and mosques. An exercise that makes you reconsider the rules of the game is very important in the real world, where you have to expect the unexpected.
          • Re: (Score:3, Insightful)

            by glwtta ( 532858 )
            That's a very naive view of the world.

            Which is a little odd, since I only expressed a view of an exercise.

            An exercise that makes you reconsider the rules of the game is very important in the real world, where you have to expect the unexpected.

            Which is all well and good, but there is plenty of other types of exercises that are equally as useful. Besides, in your example it sounds like they were using perfectly legitimate tactics that were deemed outside the scope of some fairly specific exercise, w
          • Re: (Score:2, Interesting)

            by Nocterro ( 648910 )
            the American forces supposedly had the benefit of a jamming operation that prevented the enemy from communicating at all

            No offence, but any criticism of the war-game after that would be just redundant, surely you give the enemy the huge advantage and make your own forces work around it? If that's a true story then there's some strange thinking in play. Able to give us a source?

        • But a simulated war game should see all options.

          The enemy can, and quite likely will, do something unexpected.

          Consider this ground combat scenario.

          If I see an enemy platoon flanking us on the right, and an enemy platoon holding their position in front of us, normal strategy would be to assume that the platoon flanking to the right is going to come in on the right, or possibly the rear but risk crossfire.

          So, I'd rearrange MY troops to guard the fr
        • Well, the point of war games is to simulate real-life scenarios, so cheating is not constructive, no matter how clever it is.

          ...and the point of war is to win, by any means nessecary. The only rules that wargames should have is to protect the physical safety of the participants. (otherwise it would't be wargames but just simply war.)

          You cannot 'cheat' at war. Anything goes, that is the point. So, the only 'cheating' that could occur in a wargame, would be doing something unsafe. Say like using live am
          • Re: (Score:2, Insightful)

            by gr8scot ( 1172435 )

            You cannot 'cheat' at war. Anything goes, that is the point. So, the only 'cheating' that could occur in a wargame, would be doing something unsafe. Say like using live ammunition rather than blanks.

            The point of wargames is to prepare for possible situations, and train people how to react to them. If you fail to anticipate a situation, you have a weakness that can be exploited.

            I agree in general, but not with this particular cheat.
            Michael Chertoff, in Wired:

            "They point out where your expectations of your capabilities may be overstated," Homeland Security Secretary Michael Chertoff told the AP. "They may reveal to you things you haven't thought about. It's a good way of testing that you're going to do the job the way you think you were. It's the difference between doing drills and doing a scrimmage."

            I don't see the article saying that particular computer vulnerability was previously unknown. In fact, requesting that everybody not target the server suggests that the particular exploit is a known weakness, thus use of it is redundant to the organizers & lazy on the part of the cheaters, not insightful & informative & funny, & all-around, it's definitely not worthy of the prize. Of course, somebody among t

      • Does this class and professor still exist, where do I sign up!

            : )

        Sounds like my kind of fun
      • Mathworks runs a Matlab programming contest. After the contest is over, they write an analysis of the competition. I was surprised to read what they said about the hacking of one contest []:

        the first 'hacking' started just after the contest went into daylight, when Hannes Naude was able to clear the beam count via use of a regexp. This started a whole different 'contest' for some of the competitors, who were able to find some very ingenious methods for either returning information from the test suite or cras

    • With Side do you want?

      1. U.S.A

      2. U.S.S.R
      • Third option (Score:5, Interesting)

        by TapeCutter ( 624760 ) on Thursday January 31, 2008 @11:07PM (#22257172) Journal
        What about China's reaction to unforseen disaster? Currently they are suffering a huge week long bizzard that has stranded millions of people who were travelling home for Chinese new year. At one station alone there were several hundered thousand people waiting several days for the trains to restart.

        People stuck in a blizzard is nothing new in China, what I found interesting was the government has made a rare official appology to the people for being unprepared for the magnitude of this particular storm. Politicians are turning up at train stations and adressing the massive crowds with bullhorns, appologising profusely while explaining that the trains can't run until the power lines are back up and the tracks are cleared.

        Some people were complaining, but the majority were spontaneously applauding and cheering the guy with the bullhorn.

        BTW: I realise that the news from China is tainted with propoganda and a poloitician with a blowhorn won't get the trains back any faster. However, since they have a million troops working on the clean up, have hailed 6 electrical workers who died trying to restore power as national heros, plus the afforementioned apology for something they could not realistically prevent, I think the applause is not entirely hollow.
        • I have mod points, but since I can't mod this simultaneously off topic and interesting I'll just comment and say that was cool to read.
        • Re: (Score:3, Interesting)

          by jamar0303 ( 896820 )
          This blizzard also resulted in my school having its first ever snow day. Ah, the joys of Shanghai in the winter.
  • Does anyone (Score:3, Interesting)

    by kcbanner ( 929309 ) * on Thursday January 31, 2008 @08:45PM (#22255916) Homepage Journal
    Have any details on how these "games" are actually run? I'm interested in how they simulate it just a mock control room with a game server hooked up to everything instead of the real world, or do they actually use real world utilities and networks to do this? I read the article but it was more newspaper-speak than technical details.
  • Good Gravy (Score:5, Funny)

    by AbsoluteXyro ( 1048620 ) on Thursday January 31, 2008 @09:09PM (#22256186)
    Does anyone else feel like a huge nerd for knowing what the Kobayashi Maru is?
    • Re:Good Gravy (Score:5, Insightful)

      by Chandon Seldon ( 43083 ) on Thursday January 31, 2008 @09:17PM (#22256278) Homepage

      No. Recognizing fictional references is an example of "cultural literacy". When the reference is a popular TV show, it's more like "basic cultural literacy".

      • by Unoti ( 731964 )
        I like to call culture references to television Illiterary Allusion.
      • Maybe, if we're talking about 20 years ago, and the quote was "beam me up, Scotty!" But a detail from a 40 years old TV show/25 year old movie, that most people have forgotten? The vast majority of the world won't get the reference - it's sub-culture literacy, at most.
        • But a detail from a 40 years old TV show/25 year old movie, that most people have forgotten?

          That's factually incorrect. It's a detail from a 40 year old TV setting that was last referenced in a new episode seven or eight years ago. And yes, all of the Star Trek offshoots have still been "popular TV shows", in spite of the fact that both fans and anti-nerds rip on them.

          The vast majority of the world won't get the reference - it's sub-culture literacy, at most.

          The vast majority of the world wouldn't get *a

      • by exley ( 221867 )
        "Basic cultural literacy." Yeah, that'll get ya laid when Star Trek is involved.

        Speaking of getting laid, when I first saw this on the front page, my eyes fixed on the linked phrase "hacking the games themselves" and I thought "Kobayashi Maru" before I even read it in the summary. Take that cultural illiteracy!
    • by hondo77 ( 324058 )

      Doesn't everybody know? Heck, that movie, only 25 years old.

      Hmm. I think I should feel old rather than nerdy since I first saw it in a theater. :-)

    • Well, that depends. If you mean that in a bad way, hell no. I feel proud of my geekdom. If you mean it in a good way, then yes. Like I said, I'm proud to know this one, it's a reminder that I'm an awesome person. :)
  • ...there are spies, profiteers, and anarchists that would do things like that. So I guess it was a successful experiment to see what just might happen.
  • by jd ( 1658 ) <> on Thursday January 31, 2008 @09:21PM (#22256306) Homepage Journal
    Otherwise, how will you conduct evacuations, correct containment procedures, etc? Emergency service personnel are massively underpaid and under-equipt, sometimes under-trained as well, and usually suffering from mental disorders or addictions, making them more than a little vulnerable. Anyone who has been to a security briefing knows these are the very people you're advised to watch out for as the greatest potential security risks. So, either massive population centres are in extreme danger from emergency services not being suitably aware, OR massive population centres are in extreme danger from emergency services being aware.

    Seems to me that the two cases would have equal consequences and equal risk levels, and that no other individual could possibly modify those values significantly, reducing the security through obscurity to someone's job security through obscurity. Tell me, why should I care about this person's job more than I care about any potential risk to my wellbeing?

    • Could you please point me to the data or scholarly journal article that states that EMS personnel are likely to have mental disorders and addictions? More likely than say, office workers, construction workers, food-service industry personnel, or perl hackers?
      • by Unoti ( 731964 )
        I don't know about EMT's, but you're clearly trolling here, because everybody knows that perl hackers are more likely to have mental disorders and chemical additions. Scholarly research on that would be like researching whether fish are wet.
        • by Paolone ( 939023 )

          everybody knows that perl hackers are more likely to have mental disorders and chemical additions
          It wouldn't be a problem if not that is that my other self doesn't like drugs.
      • A book which might help is "the Hurting Healer" by Steven Apthorp, which details several years of interviews with "Caring Professionials" all of whom turned out to have, or percieved themselves to have, been affected by alcohol, drug or sexual abuse. The scary part is their percieved "right" to use their possitions to "make up" for what they went through. Put these people in a high stress situations and watch the fun. Usually on you tube, sometimes on the six o'clock news.
  • by Dachannien ( 617929 ) on Thursday January 31, 2008 @09:26PM (#22256354)
    People find mystery liquids on the subway all the time. It's called "urine".
  • Frightning... (Score:5, Insightful)

    by Lumpy ( 12016 ) on Thursday January 31, 2008 @09:31PM (#22256406) Homepage
    I love how the Feds find uncensored and uncontrolled free press a "threat".

    Reading that article really opens eyes as to the real inside of our government. The founding fathesr have got to be spinning at 30-40 thousand RPM in their graves by now.
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      From the article:

      Other simulated reporters were duped into spreading "believable but misleading" information that confused the public and financial markets, according to the government's documents.

      From the Center for Public Integrity []

      On at least 532 separate occasions (in speeches, briefings, interviews, testimony, and the like), Bush and these three key officials, along with Secretary of State Colin Powell, Depu

    • Re:Frightning... (Score:5, Insightful)

      by plover ( 150551 ) * on Friday February 01, 2008 @01:46AM (#22258116) Homepage Journal
      It looks like you're making a basic mistake. Don't confuse recognizing a "threat" with the outlawing of it.

      In the real world, almost anything could be a threat. Your child could knock a salad fork off the table, and it could land tines-up wedged into a crack in the floor, and you could then slip from your chair trying to pick it up, and put your eye out. By means of an implausible scenario, the fork has become a threat. But you don't address such a threat by outlawing salad forks, or all dining implements, or feeding your children only spoon food. Instead you analyze the risk of having salad forks on your dining room table, and realize it's silly to worry about such ridiculous scenarios.

      For a variant, consider placing steak knives on the table. Now, if your child were to knock one off it becomes somewhat more serious. Perhaps you mitigate the risk by sensibly not placing sharp knives within reach of your child; but you don't outlaw knives from the kitchen nor do you stop eating steak. You simply keep them out of your child's reach.

      Now move to a slightly more sinister threat or risk, that of a free press or possibly an extremist group publishing the location of every chlorine tanker in America. Could that be a threat to our security? Of course, it might even herald the initial coordination of a nationwide attack. But just like the above stories, you don't outlaw bloggers or their right to publish (nor can you.) Instead you look at potentially dangerous objects or information, you analyze the potential risks, and you find a way to mitigate them. Step 0 might sensibly be "don't publicly publish lists of hazardous tankers" except to those persons with a need to know. Step 1 might be to keep any such lists as small as possible -- the Seattle fire department doesn't need to have the schedule for the Atlanta chlorine train. Step 2 might be to publish a generic set of instructions, "How to safeguard chemical tankers". Step 3 might be a communications plan to the rail lines informing them of a security breach. And so on.

      Almost anything can be a threat. What defines an appropriate reaction is recognition of the risks, planning and mitigation strategies. Over the top reactions like saying "OMG they're trying to silence the press and Jefferson is rolling in his grave" are completely missing the point. Nowhere in TFA are they even suggesting they suppress the blogs; they're just recognizing a potential threat, and figuring out what plans (if any) they need to make.

    • Re: (Score:3, Interesting)

      Any mass information disemination is obviously a risk during national emergencies and there is no reason to beleive that if the press isn't controlled by the government then it is uncensored and uncontrolled. There are plenty of other organisations with huge media influence and their own agenda to push so you have to consider the view that its someone else's propaganda.

      Treating the media as a risk isn't the same as taking away the freedoms of the media. The media and by extension the general public doesn
    • Indeed - there have been plans to generate power from the corpses of America's founding fathers, but there are a few issues with the drivetrain and transmission - The big one is, how would you attach a flywheel to a power plant that doesn't fall below 25krpm, even at night? Once that's dealt with, the transmission can be rev-matched to the power plant using a series of starter engines (the power plant, being composed primarily of rotting organic material, WILL NOT stand up to any shock), finally with a "sta
  • I just want to know:

    1. How much does it cost per month to play?

    2. Does it support DirectX 10, and

    3. Where do I sign up for the Cyber Storm Goonswarm?
  • I've been in a position to analyze various infrastructure systems for several large cities in my life, and I can tell you that they are not thinking this through correctly. The best cyber storm possible is one that you have not prepared for, nor thought of, and to even begin to contemplate them, like a chess playing program, you have to know ALL possible moves. As an example of what I'm hinting at, the recent cable cut that killed the Internet pipe to a large part of the middle east was NOT anticipated. Sur
    • by mwlewis ( 794711 ) on Thursday January 31, 2008 @10:04PM (#22256706)

      So, to summarize your post:

      A successful exercise must consider every possible threat. They didn't think about every possible threat. It's not possible to think of every possible threat. An exercise that doesn't consider every possible threat doesn't help anything at all


      You obviously missed the whole point, which was really to work on the cooperation and communication. They weren't testing specific countermeasures, but stressing the people and the organizations involved to see what happens. Even if it weren't, being more prepared or knowledgeable about some threats is better than being knowledgeable than no threats.

    • accident? (Score:2, Interesting)

      by zogger ( 617870 )
      I haven't seen anything but their say so that the cut was an accident. It could have been deliberate to slow down middle eastern stock market transactions, to try and avert a meltdown...just sayin'.... or something else. Could be a lot of things. I don't know but so far ain't buying the story as advertised. It might be true, but it smells bad. We have one report that says ships got "ordered" to go anchor in an unusual place..this is a clear WTF? episode then. Why they do that? Plausible deniability excuse s
  • by Joe The Dragon ( 967727 ) on Thursday January 31, 2008 @09:51PM (#22256588)
    Why does did sound like the plot to war games 2? []

    the movie has a system that sounds alot like the one talked about hear.

  • by acvh ( 120205 ) <geek.mscigars@com> on Thursday January 31, 2008 @10:58PM (#22257128) Homepage
    as does everyone who drives on the NJ Turnpike. do I win?
    • as does everyone who drives on the NJ Turnpike. do I win?

      On the rails??

      *does not drive on the NJ Turnpike*
    • Re: (Score:1, Funny)

      by Anonymous Coward

      as does everyone who drives on the NJ Turnpike. do I win?

      No, silly, you drive on the NJ Turnpike. You lose.
  • by Tom ( 822 )
    The question is what the goal of the exercise was.

    Sometimes, these exercises are "free for all". There's a scoring system and you win if you get the highest score, good luck.

    Sometimes, though, there are more refined goals. If the goal of the exercise is to evaluate different reactions to a given threat, for example, then taking away that threat by whatever creativity you bring isn't a "smart move", it's breaking the game because removing the threat wasn't the goal, and by doing so you make it impossible for
    • And sometimes, the goals that are given are pulled out of someone's ass and completely unrealistic.

      I don't know what the goals of that wargame were, nor whether the goals were realistic or fit into a certain strategy. What I do know is that the strategy that the general used is the EXACT strategy that was used by Al-Qaeda, and which nearly kicked the US forces out of Iraq. The saving grace was some very unorthodox thinking of the commanders on the ground, who managed to change the minds of a number of Iraqi
      • Errr...

        I call BS. If you don't know enough about the situation to know what the goals of the wargame were, how do you have sufficiently detailed knowledge of the general's strategy to claim that it is identical to that used by Al-Qaeda (given, of course, that one accepts the premise that it was AQ and not Iraqi Sunni tribal leaders who were responsible for the resistance)?

        • I'll give you I was glib in me lumping all the current fighting as being under control of AQ. There are plenty of other elements in there.

          As for needing to know the details of the strategy.... tell me, what does this sound like: hit and run tactics, ambushes, use of irregular forces, urban combat and bombings. Sounds pretty much like what's happening now, right? If the gp is right, that's what the general used... and I vaguely remember stories of that wargame in a similar fashion.

          Sometimes, the details don'
      • Completely expelling US forces from Iraq would require confronting them as a massed force in non-urban terrain. That would also be sheer suicide for virtually any army on the planet, let alone irregular AQ or Sunni resistance fighters. Let's be realistic here.

        Urban combat is very tough for US forces - no doubt - but saying the US was almost kicked out is a farce. So far the US is willing to accept the casualties associated with operating in urban environments. If that willingness goes away, the US may w
        • To quote Clausewitz (I think), war is merely politics pursued with other means. All wars are political decisions, as are decisions on how to pursue a war. A retreat from Iraq would have been a political decision. And yes, the US was very, very close to "losing" this Iraq war. If the "surge" (in quotes because I don't believe it is the primary cause of the improvement in the situation on the ground) would not have been successful, I can guarantee you we would have left.

          In your initial assessment, you made th
          • I am not surprised at all that US forces encountered resistance in urban environments. Somalia taught all our enemies how vulnerable US soldiers can be in on the ground in mixed civilian/combatant areas.

            Massed combat oustide urban centers would be necessary to drive US soldiers completely out of Iraq. The US has bases out in the desert with equipment and supplies for precisely this reason.
  • My big question is, how do *I* get involved in the game?

    It's nice and all to hire private 'security' companies, and have all the agencies beating up on it, but it's already been proven that the most dangerous folks out there are just regular folks (regardless of age). Regular people are the ones finding the exploits to break perfectly good security. It's not a 'security' company with a library of those works who are the most dangerous threats, it's the kid who just figured out an exploit
    • Re: (Score:2, Insightful)

      by charlesnw ( 843045 )
      The cyber storm war game is not about penetration testing. Its about response coordination. The US government has plenty of people who network in the security community and keep up on exploits etc. They have SNORT and SHADOW and who knows what other IDS systems all over the net watching for new exploit code.

      The key element of these war games is to test response capabilities. Testing existing exploits would be pointless. An exploit could come out tomorrow that allows someone to control every Cisco router on
  • I'm sure that a cyber game test of this magnitude would reveal weaknesses; the shear number of players, incidents, options.... the senario would be infatismal... Just wonder what changes are going to be put in place to improve results of #2? Wonder if 'master control' has a view similar to the link below, except with much more detail?...... [] one2busy07

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (9) Dammit, little-endian systems *are* more consistent!