Get Paid To Crack?

John Klein writes "Corporate Technologies USA, Inc. is offering hackers $250US and up as part of the Hacker Wargame Research Project. Participants are given sufficient time to hack three primary goals on real Windows 2000 servers on an internet connected wargame network. The servers are updated with fairly current Windows patches, so this is not necessarily an easy task. The difficulty is part of the point. The Project is studying how hackers think, called cognitive research, in an effort to better understand how future IDSs might identify the target of an attack during it's early stages. The Project guarantees complete anonymity for those that want to participate without pay, or complete privacy protection to those that choose to get paid."

Wargame Servers

[sabNetwork]

Wargames are interesting, maybe even fun, but they shouldn't be used for cognitive research. You simply can't replicate the environment of a real corporate network.

Where is the poor tech support agent that I call to inform of the "new authentication procedures"? Where are the client boxes sending out cleartext FTP passwords over a compromised proxy server?

Seriously, this isn't a great way to study "cracker patterns". Most crackers aren't creative enough to gain access to a box that lacks the common weaknesses of a corporate server. It's easy to setup a server that no one is supposed to use, but the challenges (and weaknesses) come from the balance between security and usability.