Home News Insight Builder Reviews Jobs Downloads newsletters
Sony Ericsson giveaway | Server Toolkit | Builder Conference 2004 | Digital photography | Internet2
Hackers plan global game of 'capture the flag'
By Robert Lemos, Special to ZDNet
02 August 2004
Add your opinionTalkBack!
Forward in E-mail this story! Format for Printer Friendly

If everything goes as planned, for 72 hours next February hackers from all over the United States will hit targets across the Internet in the largest mass attack to date.

But the affected systems won't be corporate Web servers or networks, they'll be computers set up and maintained by other hackers as part of a capture-the-flag game. When the digital dust clears, the team from either the East Coast or the West Coast will be named winner.

"We have people take over someone's box and play the game from there," said "D.D.," a member of the Seattle-based security group Ghetto Hackers, which kicked off a smaller version of the game, Root Fu, at the Defcon hacking convention in Las Vegas on Friday. "In terms of our machines, we are pretty confident that we can contain it." The Ghetto Hackers have run the smaller capture-the-flag-type game, where eight teams hack each other on a closed network, for three years at the convention.

Next year, the group of hacking hobbyists hopes to take the game global. Dubbed Mega Root Fu, the new game will be the first large-scale hacking contest played over the public Internet. The group is allowing teams throughout the United States to sign up at its Web site and hopes to have a thousand players come February.

Getting the teams on board will likely be the easy part, especially with the group advertising the contest at the nation's largest hacking convention. Preventing the game from spilling over to the Internet may not be as simple. The Ghetto Hackers plan to create a network separate from, but running on, the Internet, using routing and encryption technology known as a virtual private network, or VPN.

The prospect of mass attacks by hackers, surprisingly, does not worry security experts much at all.

"It will pretty likely be contained," said Bruce Schneier, a well-known computer security expert and founder of network-monitoring service Counterpane Internet Security. "Sure, it's possible that some stuff will get out, but people are not going to be doing large-scale, uncontrollable attacks, like worms or viruses."

In fact, the contest could help security experts learn more about online attackers' techniques and how to defend against them.

Last year, the University of California at Berkeley teamed up with the Information Sciences Institute at the University of Southern California and the ISI's sister institute in Virginia to start work on a large, 1,000-node network that modeled the Internet. Called the Cyber Defense Technology Research (DETER) network, the initiative will let researchers study online attacks and defenses and reset the network to a clean state easily.

"It's a pretty interesting experiment that they are trying," said Doug Tygar, professor of computer science and information management at the University of California at Berkeley and a principal researcher on the DETER Project. "I hope they are very careful about containment and being ethical."

Tygar added that though the contest could be an interesting learning experience, it would likely not be very valuable to academicians.

"We are interested in repeatable scientific experiments of what will happen on the Internet," he said. "What they are doing is interesting, but I'm not sure how controlled it will be."

Legally, the contest will be in a grey area, said Jennifer Granick, clinical director of Stanford University's Center for Internet Law and Society. If a virulent attack escaped the virtual private network and caused damage, it could be grounds for a lawsuit.

"Theoretically, it is possible that you would be legally negligent," Granick said.

The pursuit of the larger project may mark the evolution of the Ghetto Hackers capture-the-flag contest away from Def Con. The current eight-team format does not allow more amateur hackers to play, said Jeff Moss, the conference's founder and organiser.

"This is the longest that we have had one group do the capture-the-flag event," he said. "It used to be that any of the attendees could walk up and play."

The contests have also garnered support from nonhackers, who see it as a good outlet and not as a threat.

"I think it is very hard to shut this type of activity down, and I don't think that would be desirable at all," Berkeley's Tygar said.

Forward in E-mail this story! Format for Printer Friendly
Related stories
Google a favourite among hackers too

E-voting critic calls on hackers to expose flaws

One virus writer 'responsible for 70 percent of infections'

Better tools let hackers strike more quickly

Tell us your opinion
Talkback: Post your comment here
Real hackers do not spread viruses, i'm sick of this crap st... Dustin Destree

Shouldn't we worry about malicious hackers using this as a c... Anonymous

Rupert Goodwins
How spam may feed the thinking machine
Fran Foo
Offshoring: Don't shoot the messenger
Vodafone, Optus to share 3G network
Linux 10 times more expensive? Get the facts, watchdog tells Microsoft
KDE developers focus on accessibility
Microsoft's MOM goes out the door
Death of the Internet greatly exaggerated
Justice Dept. probes for pirates
EU to probe Microsoft-Time Warner buy
How spam may feed the thinking machine
Tech News Bulletin
News Perspectives
Week In Review
HP delivers Linux laptop

See video
Samsung chases iPod

See video
More video
seek
Tech Job Search



Keyword (optional):
Or use our full Job Search
Powered by SEEK

Click here to find out more!

Sponsored Links
Don't beg ignorance Gain a Competitive Compliance Advantage-Register for the webcast now!
NetIQ Unleash the Power of AD. Download NetIQ's Group Policy Catalog.
Toshiba Tecra A2 Powerful desktop replacement solution at only 2.8kg
Seagate 5yr warranty For more warranty information, click here
Featured Links
K700i giveawayTell us which three gadgets you can't live without, and we might just give you a Sony Ericsson K700i.
Builder ConferenceLearn from world famous tech specialists. Register now.
Gear EnvyTell us what you think of some of the coolest technology.
Mobile phonesWe review the latest and greatest mobile phones.
Home News Insight Builder Reviews Jobs Downloads Newsletters
CNET Networks AU: Builder AU | CNET.com.au | Technology and Business
Security & Privacy Policy | Terms of Use | Advertise | Contact | About Us
Copyright 2004 CNET Networks, Inc. All rights reserved. ZDNet is a registered service mark of CNET Networks, Inc. ZDNet Logo is service mark of CNET Networks, Inc.