Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government The Military

Brazilian Army Gets Hacked After Allegations of Cheating In Security Cyber-Games 34

An anonymous reader writes: Anonymous hackers breached the servers of the Brazilian Army, and later leaked the personal details of around 7,000 officers. The incident seems to stem from CTF games where security teams try to hack each other. Apparently the Brazilian Army team used forbidden tactics to win its games, and the hackers responded by doxxing some of their officers. A snippet: According to the hackers' statement, the Brazilian Army team used a forbidden technique to win their CTF matches in a local CTF tournament. The technique they used is WiFi deauth, a simplistic attack that jams WiFi traffic, incapacitating the other team. The hackers also seemed upset at the fact that the Brazilian army was bragging about their accomplishments, being particularly angry at the usage of the word "elite."
This discussion has been archived. No new comments can be posted.

Brazilian Army Gets Hacked After Allegations of Cheating In Security Cyber-Games

Comments Filter:
  • No, you use whatever you can. An actual enemy would.
    If you are constrained by 'rules' of how you can operate and what tools you can use, you are deluded and have already lost. The 'exercise' is simply a dog and pony show.
    • by ShanghaiBill ( 739463 ) on Saturday November 14, 2015 @12:19PM (#50930533)

      No, you use whatever you can. An actual enemy would.

      No. An actual enemy would not jam your WiFi because they would not be on your local network. That rule existed in the game because it was an attack that would not be available in an actual conflict.

      • by TWX ( 665546 )
        I have a very simple solution to prevent this kind of thing from being a problem in a hacker get-together. It's called a cable.
      • Really? A small drone flying around, saturating/jamming your WiFi freq. Even if it only lives for 5 minutes before being shot down, that may be enough
        You want realistic games? Nothing is off limits.
        • by Anonymous Coward

          So just kill your opponents and you win the game. The other countries would probably not want to participate in games after that...

        • by ShanghaiBill ( 739463 ) on Saturday November 14, 2015 @12:51PM (#50930691)

          Really? A small drone flying around, saturating/jamming your WiFi freq.

          Except they didn't use a drone. They used a stationary jammer inside the facility, which is not realistic. They were also jamming WiFi, but a real military comm center would have cabled connections. WiFi was only being used because it was easier to run the game that way.

          You want realistic games? Nothing is off limits.

          The everyone would bring a shotgun to a chess tournament. Games are designed to test and exercise specific capabilities. There are always compromises that make them different from a real war, and rules to prevent participants from exploiting those compromises to "win" in unrealistic ways that would not work in a real conflict. Cheating to win doesn't make you better. It just corrupts the process, and then game is no longer an effective tool for improvement. So in a real war, you lose.

          • You want realistic games? Nothing is off limits.

            Then everyone would bring a shotgun to a chess tournament.

            now that's my kind of chess tournament!

          • We are not talking about a chess game here. It was a game of cyber-warfare and there are no rules in a game like this. The only possible rule would be try not to kill anybody but other than that anything goes. In the real world a drone could be used to take down the Wi-Fi or someone could infiltrate the facility and place a device inside the facility. I am sure the Iranians thought their nuclear centrifuges were safe from outside interference until someone infiltrated one of their most secure facilities in

            • by Anonymous Coward

              I used to organize that kind of tournament and we had basically three contest specific rules, teams are forbidden to go to the other teams area, keep your malicious traffic inside (no hacking on the real internet) and don't hack our infrastructure (the score keeping machine, the firewal/gateway to the net, the free wifi,the jukebox). We also had a code of conduct we evident rules like no fighting, no vandalism, no stealing etc....

            • by DRJlaw ( 946416 )

              It was a game of cyber-warfare and there are no rules in a game like this. The only possible rule would be try not to kill anybody but other than that anything goes.

              But you just said there are no rules. In the real world once I knew where you were I could bomb you and/or the computer hosting your link. Therefore I should be able to walk over to you in the tournament and shoot you in the head. Your poor opsec is your problem, not mine.

              You're not saying that there's no rules, you're saying that you'll only o

        • You want realistic games?

          CTF is not realistic. It's lots of fun, but plenty of "realism" has been cut so you can test skills in realtime. It can take several months to find a zero-day exploit in real life, but in a CTF contest, you might find several of them in a single day.

      • > No. An actual enemy would not jam your WiFi because they would not be on your local network

        Except when they've rootkitted a laptop near you, or used an antenna or a locally planted repeater to access your network from slightly offsite, or planted a wifi gateway inside your network. This is the difficulty of setting up defenses based what you think an "actual enemy" would do, rather than based on what real attackers do. Real attackers use the cheaper, simpler attack methods because they work, but they a

        • Except when they've rootkitted a laptop near you, or used an antenna

          Defending against these attacks is not the responsibility of the participants in this exercise, and is not the point of these games. The defense against these attacks includes physical security, and better background checks. Those are not skills that are important in a penetration specialist, nor could they be realistically tested in this game scenario. To find a rootkitted laptop, you would walk around disabling wifi on each laptop until you found the offender. Do you think this exercise could work if

          • > Defending against these attacks is not the responsibility of the participants in this exercise,

            I agree. The rules test certain types of defined attack vectors. But the concept that "No. An actual enemy would not jam your WiFi because they would not be on your local network" is not a well founded one, and it's what I meant to object to. Many attackers can, and will, gain access to your local network. Many successful or partially successful attackers can, and will brag about or exchange details on exact

          • If breaking the rules is allowed, then you are better off simply smashing your competitors' equipment.

            Or their heads. I doubt the fine upstanding South American military chaps would ever do anything like that though.

        • by DarkOx ( 621550 )

          Except when they've rootkitted a laptop near you

          Now why in hells name after you have successful root a laptop in the enemies defense services would go and do a stupid thing like that. You might as well pop up a dialog that says, "HEY THIS MACHINE IS PROBABLY COMPROMISED LOOK HERE". No thank you if I was an attacker I rather keep my compromised box to help me ensure persistence rather than sacrifice it on what will be at most a minor disruption of a small number of people for a few moments.

    • by Anonymous Coward

      CTFs have two rules: control the system, and keep the system online. Maximizing up-time is the entire point of a CTF.

      The army couldn't beat the hackers so they jammed the connection with a wireless DoS. That defeats the purpose of the exercise. They might as well have turned off the computers.

      Turning around and claiming victory after essentially admitting defeat was a lamer move. I'm not surprised bragging about their "elite" response triggered retribution.

  • by Anonymous Coward

    They went full cyber [twimg.com]. Never go full cyber.

  • All's fair in love and war.

  • If you're doing cyber-security hacking, the _whole point_ is cheating.

  • So they pulled a Kobayashi Maru and Slashdotters are upset? I did not expect that.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...