Slashdot Mirror

← Back to Stories (view on slashdot.org)

Brazilian Army Gets Hacked After Allegations of Cheating In Security Cyber-Games

Posted by timothy on from the whole-lotta-semantics-goin'-on dept.

An anonymous reader writes: Anonymous hackers breached the servers of the Brazilian Army, and later leaked the personal details of around 7,000 officers. The incident seems to stem from CTF games where security teams try to hack each other. Apparently the Brazilian Army team used forbidden tactics to win its games, and the hackers responded by doxxing some of their officers. A snippet: According to the hackers' statement, the Brazilian Army team used a forbidden technique to win their CTF matches in a local CTF tournament. The technique they used is WiFi deauth, a simplistic attack that jams WiFi traffic, incapacitating the other team. The hackers also seemed upset at the fact that the Brazilian army was bragging about their accomplishments, being particularly angry at the usage of the word "elite."

7 of 34 comments (clear)

  1. Re:"forbidden tactics" ? by ShanghaiBill · · Score: 5, Informative

    No, you use whatever you can. An actual enemy would.

    No. An actual enemy would not jam your WiFi because they would not be on your local network. That rule existed in the game because it was an attack that would not be available in an actual conflict.

  2. Re:"forbidden tactics" ? by TWX · · Score: 2

    I have a very simple solution to prevent this kind of thing from being a problem in a hacker get-together. It's called a cable.

    --
    Do not look into laser with remaining eye.
  3. Re:"forbidden tactics" ? by YrWrstNtmr · · Score: 2

    Really? A small drone flying around, saturating/jamming your WiFi freq. Even if it only lives for 5 minutes before being shot down, that may be enough
    You want realistic games? Nothing is off limits.

  4. Re: "forbidden tactics" ? by Anonymous Coward · · Score: 2, Funny

    So just kill your opponents and you win the game. The other countries would probably not want to participate in games after that...

  5. Re:"forbidden tactics" ? by ShanghaiBill · · Score: 4, Insightful

    Really? A small drone flying around, saturating/jamming your WiFi freq.

    Except they didn't use a drone. They used a stationary jammer inside the facility, which is not realistic. They were also jamming WiFi, but a real military comm center would have cabled connections. WiFi was only being used because it was easier to run the game that way.

    You want realistic games? Nothing is off limits.

    The everyone would bring a shotgun to a chess tournament. Games are designed to test and exercise specific capabilities. There are always compromises that make them different from a real war, and rules to prevent participants from exploiting those compromises to "win" in unrealistic ways that would not work in a real conflict. Cheating to win doesn't make you better. It just corrupts the process, and then game is no longer an effective tool for improvement. So in a real war, you lose.

  6. Re:"forbidden tactics" ? by ShanghaiBill · · Score: 2

    Except when they've rootkitted a laptop near you, or used an antenna

    Defending against these attacks is not the responsibility of the participants in this exercise, and is not the point of these games. The defense against these attacks includes physical security, and better background checks. Those are not skills that are important in a penetration specialist, nor could they be realistically tested in this game scenario. To find a rootkitted laptop, you would walk around disabling wifi on each laptop until you found the offender. Do you think this exercise could work if any team could walk up and physically disable another teams equipment?

    If breaking the rules is allowed, then you are better off simply smashing your competitors' equipment. Soon your "cyber warriors" would all be large muscle men with IQs of 80, because that was the winning strategy in the game. Do you think they would win in a real war?

  7. Re:"forbidden tactics" ? by DRJlaw · · Score: 2

    It was a game of cyber-warfare and there are no rules in a game like this. The only possible rule would be try not to kill anybody but other than that anything goes.

    But you just said there are no rules. In the real world once I knew where you were I could bomb you and/or the computer hosting your link. Therefore I should be able to walk over to you in the tournament and shoot you in the head. Your poor opsec is your problem, not mine.

    You're not saying that there's no rules, you're saying that you'll only obey the rules that you believe should exist. The problem is, I do not have to believe in same rules, or in fact any at all.

    You can either agree to mutual rules, cheat, or admit that there are absolutely no rules. What you can't do is agree to rules, violate those rules, and then claim that you're not a cheat.