Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Details of Cyber Storm War Games Released

Soulskill posted more than 6 years ago | from the defending-against-gravitic-mines dept.

Security 96

I Don't Believe in Imaginary Property writes "Apparently, the participants in the U.S. 'Cyber Storm' war games are familiar with the Kobayashi Maru, because some of them tried to cheat by hacking the games themselves. They also prepare for some very interesting scenarios. Among other things, the organizers are worried about having too many people on the 'No Fly' list show up at an airport, finding 'mystery liquids' in the subway, and having bloggers reveal the classified location of railcars with hazardous materials. The Department of Homeland Security has already analyzed the results of the games, and plans to hold 'Cyber Storm 2' in March."

Sorry! There are no comments related to the filter you selected.

I just can't wait for Diablo III (-1, Offtopic)

Fat Wang (1230914) | more than 6 years ago | (#22255790)

These hacking games are a great way to put the latest in security technology to the test, but I am more concerned with games such as Diablo III. When will Blizzard announce Diablo III. I hope they don't make it into an MMORPG like World of Warcraft. That would just ruin the Diablo franchise. If they did that, it would really only be serving the fans of WoW and there will still be all of those Diablo fans left with nothing new to chew on. I want Diablo III damnit!

Re:I just can't wait for Diablo III (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22255940)

I wish I had mod points to mod you -2 offtopic.

Give AC mod points you haters.

Re:I just can't wait for Diablo III (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22256094)

I wish I had mod points to mod you -90000000000000000 FLAMING FAGGOT.

Give AC mod points you haters.

Re:I just can't wait for Diablo III (0, Offtopic)

Fat Wang (1230914) | more than 6 years ago | (#22256246)

It isn't off topic. We are talking about games here.

FUCK DALLAS (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#22255810)

I am so fucking sick of Dallas sleazebags.

Latin for Slashfags (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22255828)

Greetings (or salve) Slashfags. As most of you were educated in public schools, you probably missed out on Latin lessons, along with anything other than advanced welfare claiming skills and AP Ebonics. Well, now's the chance to rectify your pitiful proletarian preparation. To start with, we'll be looking at line 1 of Catullus 16:

Pedicabo ego vos et irrumabo,
Or, in English
I'm going to fuck you in the ass and make you suck my dick

The first word is pedicabo - this is the indicative future of the verb pedicare, literally to sodomize, something that Apple users and furries will be familiar with.

ego - I, myself. Not the latter day reference to the arrogance/confidence displayed by the jocks who flushed your head down cubicles and then screwed your sister, but a simple first person reference.

vos - you (plural). Similar to when you'd say "you" addressing a group of friends, if you had any that is.

et and. You (plural) are autistic and of poor hygiene and moral fibre.

immurabo - Future indicative again, this time for the verb immurare - to skull fuck, what those jocks did to your sister (and probably to you in the cubicle, truth be told).

Keep practising, and remember - just because you were born working class scum, doesn't mean you'll die as anything else.

Helpful. (1)

mnemonic_ (164550) | more than 6 years ago | (#22255944)


Re:Latin for Slashfags (0)

Anonymous Coward | more than 6 years ago | (#22256190)

Paedicabo vos, et immurabo...

Re:Latin for Slashfags (1)

jamar0303 (896820) | more than 6 years ago | (#22259010)

Thank you for reminding me why I learn Japanese instead.

reminds me of (1) (1209032) | more than 6 years ago | (#22255830)

how about a game of global thermo nuclear war?

Re:reminds me of (2, Funny)

TheSpengo (1148351) | more than 6 years ago | (#22255898)

Defcon: Everybody Dies by Introversion you mean? :D Which reminds me of another game by the same group that does not simulate what happens as a result of cyber attacks but allows you to play as the attacker: Uplink. It's also a very entertaining game though not entirely realistic.

Re:reminds me of (0)

Anonymous Coward | more than 6 years ago | (#22256052)

You never have really had to face death, have you ? You've always cheated it, eluded it, escaped it.

Hacking the game is cheating? (5, Interesting)

Shadow Labs (807971) | more than 6 years ago | (#22256390)

I find it interesting that they call hacking the game itself "cheating."

Reminds me of when I was in college and us CS people used to get together and play a computerized version of capture the flag. The premise of the game was simple enough -- players were divided into 4 teams of 2-3 people each, and each team got a machine that came pre-loaded with an older unpatched version of Linux that had well known and published security vulnerabilities (something like Red Hat 7.3). Each machine had 4 services running on it -- typically SSH, Bind, Apache, and telnet (yeah...*sigh*). Each of those services came configured to return a certain string (the so-called flag) when queried by a master scoring server that ran a fairly simple Python script. The script ran once every minute and then displayed up to date team scores on a video projector. The rules of the game stated that we could not patch the machine or use IPtables to lock down the machine. Anything else was fair game. The machines and the scoring server were all networked together on small private network, and each team was given one additional network drop to do with as they pleased.

Anyway, one night we got together to play CTF and there were only enough people for 3 teams of two. Since that doesn't make for such an interesting game, one of our professors who was just supposed to be observing decided to join in and be on his own team. As soon as the game started, everyone went to work furiously trying to defend their boxen and then the real fun -- the attacking -- began.

We were all quite surprised when the first round of results came in and our professor hadn't had anyone hijack his machine. He also evidently hadn't attacked anyone else. The night went on and each of the student teams went back and forth, attacking and defending, but our professor stayed the same -- he neither had anyone successfully compromise his box, nor successfully compromised anyone elses.

The last few minutes of the game saw my team dead last, our professor in third place, and two other teams above us. 5 seconds from the end, our professor's score suddenly increased to an ungodly high (and according to the rules unattainable) score, with the rest of our scores getting set to zero. As the clock ticked down and the game came to an end, we were befuddled as to what happened.

Suddenly it dawned on us -- our professor had spent the entire time hacking the scoring server (which was supposed to have been an up to date, secure Linux install) and replacing the Python scoring script with one of his own, all to his advantage. At some point during the game, he had actually replaced the running script with his own, without any of us ever noticing. We were all in awe and amazement at his creativity -- the idea to do such a thing had not even occurred to any of us. We learned several valuable lessons that night, one of which was that the mind of a creative attacker may not be confined solely within the nice little security box that you place it in. That, and never mess with your professors!

Re:Hacking the game is cheating? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22257068)

I assume you did not get laid in college.

Re:Hacking the game is cheating? (3, Insightful)

Tomy (34647) | more than 6 years ago | (#22257370)

I've always believed the biggest obstacle to any creative endeavor in general is Functional Fixedness [] , the bias that limits us to sort of only playing by the rules. I was at a party once and my psychology professor demonstrated it for me with a challenge to everyone at the party that he could drink wine from one of the unopened bottles of wine on the table without damaging the glass or cork in any way. Once everyone had given up guessing how he would do it, he turned the unopened bottle upside down, and poured wine from an opened bottle into the depression in the bottom of the unopened bottle and drank it. Our cognitive bias kept us from thinking outside the box, or bottle as it may be.

Re:Hacking the game is cheating? (0)

Anonymous Coward | more than 6 years ago | (#22264122)

I think it's at least a little different here, as they're attacking things that, in a real situation, would not exist. There's no "central server" running every national service everywhere, but for the sake of the exercise they had to emulate them all on machines that added a layer that would not normally exist

Re:Hacking the game is cheating? (3, Insightful)

glwtta (532858) | more than 6 years ago | (#22257546)

Well, the point of war games is to simulate real-life scenarios, so cheating is not constructive, no matter how clever it is.

Re:Hacking the game is cheating? (4, Interesting)

darkmeridian (119044) | more than 6 years ago | (#22257842)

That's a very naive view of the world. The real world is unexpectedly complicated and there's lot of room for thinking outside the box. For example, in a U.S. war game, the American forces supposedly had the benefit of a jamming operation that prevented the enemy from communicating at all. The OpFor leader in charge of attacking the American forces used clarion calls from mosques and civilian motorcycle messengers to communicate despite the hypothetical jamming operation. The observers disallowed his communication saying it was outside the rules.

Well, in the real-world in Iraq, the insurgents are hiding behind civilians and mosques. An exercise that makes you reconsider the rules of the game is very important in the real world, where you have to expect the unexpected.

Re:Hacking the game is cheating? (2, Insightful)

glwtta (532858) | more than 6 years ago | (#22258078)

That's a very naive view of the world.

Which is a little odd, since I only expressed a view of an exercise.

An exercise that makes you reconsider the rules of the game is very important in the real world, where you have to expect the unexpected.

Which is all well and good, but there is plenty of other types of exercises that are equally as useful. Besides, in your example it sounds like they were using perfectly legitimate tactics that were deemed outside the scope of some fairly specific exercise, whereas here, TFA makes it seem like they were just screwing with the monitoring systems for poops and giggles. Even taking into account all the vagaries of the real world, that is not productive.

Re:Hacking the game is cheating? (2, Interesting)

Nocterro (648910) | more than 6 years ago | (#22259060)

the American forces supposedly had the benefit of a jamming operation that prevented the enemy from communicating at all

No offence, but any criticism of the war-game after that would be just redundant, surely you give the enemy the huge advantage and make your own forces work around it? If that's a true story then there's some strange thinking in play. Able to give us a source?

Re:Hacking the game is cheating? (0)

Anonymous Coward | more than 6 years ago | (#22259122)

That example shows that in simulations we should never "deal in absolutes" ("only Sith Lords..."), but use finite parameters for everything instead. I.e. communication should be parametrically described with latency (fixed part + distance x signal speed) and information bandwidth. Absolute jamming should degrade opponents communication parameters (disable usage of radio), but total isolation should never be assumed.

Besides, for critical processes, such as battles, Murphy should be respected: make practices hard and "unfair" to your own side, then you'll win with ease in real situation. Practice with heavy, blunt sword, fight your battles with light and sharp one. Patting oneself on the shoulder usually proves worthless, or even dangerous.

Re:Hacking the game is cheating? (1)

RSquaredW (969317) | more than 6 years ago | (#22263796)

That's BS. Practice with a weapon as similar to the one you fight with as possible. That way, when you get to the real fight, you are comfortable and familiar with it in your hand. It's like training for Vietnam jungle and then shipping off to Iraq.

What you should practice against (and what you're trying to say) is to make your opponents as varied as possible in practice, or preferably (extension of the above principle) as near to your actual opponents as possible. cf. Sun Tzu: "Know thyself, and know thy enemy, and of a hundred battles you will be the victor. Know thyself, but not thy enemy, and even will be your losses and victories. Do not know thyself, and wallow in defeat forever."

The interesting thing about that particular wargame wasn't the communications, but the blue team "unsinking" a carrier that had been taken out by a massed small boat attack. Submarines...and targets.

Re:Hacking the game is cheating? (1)

JWSmythe (446288) | more than 6 years ago | (#22264278)

But a simulated war game should see all options.

    The enemy can, and quite likely will, do something unexpected.

    Consider this ground combat scenario.

    If I see an enemy platoon flanking us on the right, and an enemy platoon holding their position in front of us, normal strategy would be to assume that the platoon flanking to the right is going to come in on the right, or possibly the rear but risk crossfire.

    So, I'd rearrange MY troops to guard the front and right positions, with sentries watching the rear and left.

    Normally, this would be a valid case, assuming we were equipped well enough to handle the enemy forces.

    If they knew we did not have the firepower to hold them off, they may be trying to force us into a retreat to the rear or left, with an ambush waiting.

    We may be calling in reinforcements, or digging in for a fight.

    As it may turn out, it was 4 members of their platoon making a lot of noise to appear to be 2 full platoons, and they were really just distracting us, as a bombing run takes out the dam at the top of the valley.

    In war, there's no such thing as cheating, there are only winners, losers, and casualty counts. It's all an attempt to keep you on the winning side, and keep your casualty count as low as possible, while making the enemy casualty count as high as possible.


Re:Hacking the game is cheating? (0)

Anonymous Coward | more than 6 years ago | (#22264898)

Are you saying there are no cheaters in real life?

No scenario is "real life" unless there is something on the edge or breaking the rules of the scenario.

War cannot be 'cheated'. (1)

TiggertheMad (556308) | more than 6 years ago | (#22265912)

Well, the point of war games is to simulate real-life scenarios, so cheating is not constructive, no matter how clever it is.

...and the point of war is to win, by any means nessecary. The only rules that wargames should have is to protect the physical safety of the participants. (otherwise it would't be wargames but just simply war.)

You cannot 'cheat' at war. Anything goes, that is the point. So, the only 'cheating' that could occur in a wargame, would be doing something unsafe. Say like using live ammunition rather than blanks.

The point of wargames is to prepare for possible situations, and train people how to react to them. If you fail to anticipate a situation, you have a weakness that can be exploited.

I think this was a great ploy by the attackers, and a valid case to considder: what happens if in cyber-warfare, the attackers choose to attack your information gathering organs on the internet, rather than just selected assets?

Bravo, red team, bravo.

Re:War cannot be 'cheated'. (2, Insightful)

gr8scot (1172435) | more than 6 years ago | (#22277822)

You cannot 'cheat' at war. Anything goes, that is the point. So, the only 'cheating' that could occur in a wargame, would be doing something unsafe. Say like using live ammunition rather than blanks.

The point of wargames is to prepare for possible situations, and train people how to react to them. If you fail to anticipate a situation, you have a weakness that can be exploited.
I agree in general, but not with this particular cheat.
Michael Chertoff, in Wired:

"They point out where your expectations of your capabilities may be overstated," Homeland Security Secretary Michael Chertoff told the AP. "They may reveal to you things you haven't thought about. It's a good way of testing that you're going to do the job the way you think you were. It's the difference between doing drills and doing a scrimmage."
I don't see the article saying that particular computer vulnerability was previously unknown. In fact, requesting that everybody not target the server suggests that the particular exploit is a known weakness, thus use of it is redundant to the organizers & lazy on the part of the cheaters, not insightful & informative & funny, & all-around, it's definitely not worthy of the prize. Of course, somebody among the organizers probably thought of that, and somebody else really should have listened more attentively.

Perplexed organizers sent everyone an urgent e-mail marked "IMPORTANT!" instructing them not to probe or attack the game's control computers.

"Any time you get a group of (information technology) experts together, there's always a desire, 'Let's show them what we can do,'" said George Foresman, a former senior Homeland Security official. "Whether its intent was embarrassment or a prank, we had to temper the enthusiasm of the players."

The exercise was a big deal for all concerned.

The $3 million, invitation-only war game simulated what the U.S. describes as plausible attacks over five days in February 2006 against the technology industry, transportation lines and energy utilities by anti-globalization hackers. The government is organizing a multimillion-dollar "Cyber Storm 2," to take place in early March.
They offered $3 million to the winner, left playing by the rules to "the honor system," and the organizers were "perplexed" that somebody cheated? That is stupid! They'll need to make it an "invitation, to use our-crippled-terminals-only war game" next time, and simulate the whole thing on an isolated LAN, if they want that kind of controlled simulation. Or, they can just repeat the same mistake, I guess, and hope it works better this time.

Re:where is this class (1)

hesaigo999ca (786966) | more than 6 years ago | (#22260162)

Does this class and professor still exist, where do I sign up!

    : )

Sounds like my kind of fun

Re:Hacking the game is cheating? (1)

Chris Shannon (897827) | more than 6 years ago | (#22264548)

Mathworks runs a Matlab programming contest. After the contest is over, they write an analysis of the competition. I was surprised to read what they said about the hacking of one contest [] :

the first 'hacking' started just after the contest went into daylight, when Hannes Naude was able to clear the beam count via use of a regexp. This started a whole different 'contest' for some of the competitors, who were able to find some very ingenious methods for either returning information from the test suite or crashing the queue. Understanding these attempts can be very educational, and thus I've listed many of them below...
They go on to explain in detail how each of the hacks works. This programming contest encourages learning from others, and the details of these hacks are in the spirit of the open source philosophy. One could learn from code tricks that cheats in this contest to do something else useful.

With Side do you want? (1)

Joe The Dragon (967727) | more than 6 years ago | (#22256608)

With Side do you want?

1. U.S.A

2. U.S.S.R

Third option (4, Interesting)

TapeCutter (624760) | more than 6 years ago | (#22257172)

What about China's reaction to unforseen disaster? Currently they are suffering a huge week long bizzard that has stranded millions of people who were travelling home for Chinese new year. At one station alone there were several hundered thousand people waiting several days for the trains to restart.

People stuck in a blizzard is nothing new in China, what I found interesting was the government has made a rare official appology to the people for being unprepared for the magnitude of this particular storm. Politicians are turning up at train stations and adressing the massive crowds with bullhorns, appologising profusely while explaining that the trains can't run until the power lines are back up and the tracks are cleared.

Some people were complaining, but the majority were spontaneously applauding and cheering the guy with the bullhorn.

BTW: I realise that the news from China is tainted with propoganda and a poloitician with a blowhorn won't get the trains back any faster. However, since they have a million troops working on the clean up, have hailed 6 electrical workers who died trying to restore power as national heros, plus the afforementioned apology for something they could not realistically prevent, I think the applause is not entirely hollow.

Re:Third option (1)

Number14 (168707) | more than 6 years ago | (#22257626)

I have mod points, but since I can't mod this simultaneously off topic and interesting I'll just comment and say that was cool to read.

Re:Third option (2, Interesting)

jamar0303 (896820) | more than 6 years ago | (#22259090)

This blizzard also resulted in my school having its first ever snow day. Ah, the joys of Shanghai in the winter.

Does anyone (3, Interesting)

kcbanner (929309) | more than 6 years ago | (#22255916)

Have any details on how these "games" are actually run? I'm interested in how they simulate it just a mock control room with a game server hooked up to everything instead of the real world, or do they actually use real world utilities and networks to do this? I read the article but it was more newspaper-speak than technical details.

Re:Does anyone (2, Informative)

Kesch (943326) | more than 6 years ago | (#22256120)

Towards the end they mentioned it was done on isolated computers run from the Secret Service basement.

Re:Does anyone (4, Informative)

FleaPlus (6935) | more than 6 years ago | (#22256368)

Here's a link to the actual report: [] []

From the report, it looks like everything was simulated.

Re:Does anyone (1)

kcbanner (929309) | more than 6 years ago | (#22256514)

Ah I see, thanks.

Very funny (1)

rs79 (71822) | more than 6 years ago | (#22256780)


From the report, it looks like everything was simulated.

Oooooooook, which of you jerks put goatse boy there?

Re:Does anyone (3, Informative)

bleh-of-the-huns (17740) | more than 6 years ago | (#22256678)

I was involved in the last CyberStorm exercise. It is almost all simulated. Essentially the members from all the critical goverment entities meet (last time it was at a DHS facility, not sure where this one was held) at a designated location (google NCRCG).... A control center (the non player control center) throws scenarios out, they start innocent, and the members respond, sometimes reaching back to their respective security personnel or organizations (those in the meeting room are usually federal employees in the decision making process, high level feds). Sometimes they intercommunicate with the other gov orgs as well. From there the scenarios, which are all interlinked, get progressively more serious. The last few days of the exercise are table tops that show what went wrong, and how things turned out.

Beyond that, I cannot explain anymore.

Re:Does anyone (1)

mdmkolbe (944892) | more than 6 years ago | (#22256972)

Hmm, sounds alot like an RPG or a LARP.

Re:Does anyone (1)

Paolone (939023) | more than 6 years ago | (#22259950)

Hmm, sounds alot like an RPG or a LARP.
No, actually RPGs are based on hobbyist wargames, which are based on armies' war simulations, which are ultimately based on Kriekgspiel ( [] )

Re:Does anyone (1)

The_reformant (777653) | more than 6 years ago | (#22259786)

So they just sat around and fwd'ed email between each other? You could set up a perl script to do this. Hell the Bcc list would do.

I think its a bit of a stretch to call this a cyber storm wargame.

Good Gravy (4, Funny)

AbsoluteXyro (1048620) | more than 6 years ago | (#22256186)

Does anyone else feel like a huge nerd for knowing what the Kobayashi Maru is?

Re:Good Gravy (4, Insightful)

Chandon Seldon (43083) | more than 6 years ago | (#22256278)

No. Recognizing fictional references is an example of "cultural literacy". When the reference is a popular TV show, it's more like "basic cultural literacy".

Re:Good Gravy (1)

Unoti (731964) | more than 6 years ago | (#22257510)

I like to call culture references to television Illiterary Allusion.

Re:Good Gravy (0)

Anonymous Coward | more than 6 years ago | (#22257584)

Or alternatively, literary illusion.

Re:Good Gravy (1)

kamapuaa (555446) | more than 6 years ago | (#22257882)

Maybe, if we're talking about 20 years ago, and the quote was "beam me up, Scotty!" But a detail from a 40 years old TV show/25 year old movie, that most people have forgotten? The vast majority of the world won't get the reference - it's sub-culture literacy, at most.

Re:Good Gravy (1)

Chandon Seldon (43083) | more than 6 years ago | (#22263176)

But a detail from a 40 years old TV show/25 year old movie, that most people have forgotten?

That's factually incorrect. It's a detail from a 40 year old TV setting that was last referenced in a new episode seven or eight years ago. And yes, all of the Star Trek offshoots have still been "popular TV shows", in spite of the fact that both fans and anti-nerds rip on them.

The vast majority of the world won't get the reference - it's sub-culture literacy, at most.

The vast majority of the world wouldn't get *any* single literary reference. That doesn't mean that literate people won't pick up literary references from their own culture. For Star Trek, that culture is pretty wide: people who have TVs and watch American shows.

Re:Good Gravy (0)

Anonymous Coward | more than 6 years ago | (#22270382)

Well, not to get all nerd, but it was a reference to Cpt Kirk and Star Trek II.

And for most people (including myself) Star Trek II is junk culture. Being "culturally literate" is a sign of intelligence and good education. Being "Star Trek literate" is a sign of being an obsessive fan of a nerdy TV show. Nobody has respect for people who goes to Star Trek conventions.


Re:Good Gravy (1)

Chandon Seldon (43083) | more than 6 years ago | (#22271010)

Well, not to get all nerd, but it was a reference to Cpt Kirk and Star Trek II.

Which was then re-referenced throughout the franchise. And then referenced by fans of the show commonly enough that I'd expect some people to pick up on it without ever having seen any Star Trek. Sure, it's a moderately obscure reference - but it's not something that you'd have to be an obsessive Star Trek fan to recognize.

And for most people (including myself) Star Trek II is junk culture.

That's just boorish snobbery (which is one of the most annoying forms of nerdiness, btw). There are no worthwhile cultural works that someone won't dismiss offhand as "junk culture" or similar. Sure, Star Trek isn't any sort of high art - but ignoring its cultural impact is foolish. Cultural literacy isn't about whether you've read the works of Shakespeare or whatever (unless you're talking about the English professor subculture), it's about sharing cultural experiences with other actual people.

Re:Good Gravy (1)

exley (221867) | more than 6 years ago | (#22257892)

"Basic cultural literacy." Yeah, that'll get ya laid when Star Trek is involved.

Speaking of getting laid, when I first saw this on the front page, my eyes fixed on the linked phrase "hacking the games themselves" and I thought "Kobayashi Maru" before I even read it in the summary. Take that cultural illiteracy!

Re:Good Gravy (2)

hondo77 (324058) | more than 6 years ago | (#22256286)

Doesn't everybody know? Heck, that movie, only 25 years old.

Hmm. I think I should feel old rather than nerdy since I first saw it in a theater. :-)

Re:Good Gravy (1)

bigstrat2003 (1058574) | more than 6 years ago | (#22256356)

Well, that depends. If you mean that in a bad way, hell no. I feel proud of my geekdom. If you mean it in a good way, then yes. Like I said, I'm proud to know this one, it's a reminder that I'm an awesome person. :)

Re:Good Gravy (0)

Anonymous Coward | more than 6 years ago | (#22257378)

No. I felt bad because I couldn't figure out what anime that was and had to Google.

And yeah, it was bloody Star Trek, apparently one of the movies, so I guess you should feel Mainstream?

[No offense - enjoy what you enjoy. I've just found Star Trek tedious for forty years now, so have largely avoided it despite being a huge nerd. Koar, y'all.]

You in%sensitive clod! (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22256260)

took pre3edence

In Real Life... (2, Insightful)

Republican Gun (1174953) | more than 6 years ago | (#22256300)

...there are spies, profiteers, and anarchists that would do things like that. So I guess it was a successful experiment to see what just might happen.

Someone has to know where the trains are (2, Insightful)

jd (1658) | more than 6 years ago | (#22256306)

Otherwise, how will you conduct evacuations, correct containment procedures, etc? Emergency service personnel are massively underpaid and under-equipt, sometimes under-trained as well, and usually suffering from mental disorders or addictions, making them more than a little vulnerable. Anyone who has been to a security briefing knows these are the very people you're advised to watch out for as the greatest potential security risks. So, either massive population centres are in extreme danger from emergency services not being suitably aware, OR massive population centres are in extreme danger from emergency services being aware.

Seems to me that the two cases would have equal consequences and equal risk levels, and that no other individual could possibly modify those values significantly, reducing the security through obscurity to someone's job security through obscurity. Tell me, why should I care about this person's job more than I care about any potential risk to my wellbeing?

Re:Someone has to know where the trains are (1)

gandhi_2 (1108023) | more than 6 years ago | (#22256494)

Could you please point me to the data or scholarly journal article that states that EMS personnel are likely to have mental disorders and addictions? More likely than say, office workers, construction workers, food-service industry personnel, or perl hackers?

Re:Someone has to know where the trains are (0)

Anonymous Coward | more than 6 years ago | (#22256600)

Most of my friends work as paramedics and EMTs. They are certainly underpaid, but seem competent. They are adrenaline addicts, but other than that I don't think anything the GPP said applies, at least to them.

Re:Someone has to know where the trains are (1)

Unoti (731964) | more than 6 years ago | (#22257534)

I don't know about EMT's, but you're clearly trolling here, because everybody knows that perl hackers are more likely to have mental disorders and chemical additions. Scholarly research on that would be like researching whether fish are wet.

Re:Someone has to know where the trains are (1)

Paolone (939023) | more than 6 years ago | (#22259970)

everybody knows that perl hackers are more likely to have mental disorders and chemical additions
It wouldn't be a problem if not that is that my other self doesn't like drugs.

Re:Someone has to know where the trains are (1)

Burntfinger (1090515) | more than 6 years ago | (#22264930)

A book which might help is "the Hurting Healer" by Steven Apthorp, which details several years of interviews with "Caring Professionials" all of whom turned out to have, or percieved themselves to have, been affected by alcohol, drug or sexual abuse. The scary part is their percieved "right" to use their possitions to "make up" for what they went through. Put these people in a high stress situations and watch the fun. Usually on you tube, sometimes on the six o'clock news.

Mystery liquids (4, Funny)

Dachannien (617929) | more than 6 years ago | (#22256354)

People find mystery liquids on the subway all the time. It's called "urine".

Re:Mystery liquids (2)

milsoRgen (1016505) | more than 6 years ago | (#22256408)

Or semen! Don't forget about semen!

Re:Mystery liquids (1)

O_4 (1130979) | more than 6 years ago | (#22257080)

Except neither of those are really very mysterious.

Re:Mystery liquids (1)

argiedot (1035754) | more than 6 years ago | (#22260126)

My penis is blocked, you insensitive clod.

Frightning... (4, Insightful)

Lumpy (12016) | more than 6 years ago | (#22256406)

I love how the Feds find uncensored and uncontrolled free press a "threat".

Reading that article really opens eyes as to the real inside of our government. The founding fathesr have got to be spinning at 30-40 thousand RPM in their graves by now.

Re:Frightning... (2, Interesting)

Anonymous Coward | more than 6 years ago | (#22257928)

From the article:

Other simulated reporters were duped into spreading "believable but misleading" information that confused the public and financial markets, according to the government's documents.
From the Center for Public Integrity []

On at least 532 separate occasions (in speeches, briefings, interviews, testimony, and the like), Bush and these three key officials, along with Secretary of State Colin Powell, Deputy Defense Secretary Paul Wolfowitz, and White House press secretaries Ari Fleischer and Scott McClellan, stated unequivocally that Iraq had weapons of mass destruction (or was trying to produce or obtain them), links to Al Qaeda, or both.
False Statements by Month: []

Nice to know that they were simulating a plausible scenario...

Re:Frightning... (4, Insightful)

plover (150551) | more than 6 years ago | (#22258116)

It looks like you're making a basic mistake. Don't confuse recognizing a "threat" with the outlawing of it.

In the real world, almost anything could be a threat. Your child could knock a salad fork off the table, and it could land tines-up wedged into a crack in the floor, and you could then slip from your chair trying to pick it up, and put your eye out. By means of an implausible scenario, the fork has become a threat. But you don't address such a threat by outlawing salad forks, or all dining implements, or feeding your children only spoon food. Instead you analyze the risk of having salad forks on your dining room table, and realize it's silly to worry about such ridiculous scenarios.

For a variant, consider placing steak knives on the table. Now, if your child were to knock one off it becomes somewhat more serious. Perhaps you mitigate the risk by sensibly not placing sharp knives within reach of your child; but you don't outlaw knives from the kitchen nor do you stop eating steak. You simply keep them out of your child's reach.

Now move to a slightly more sinister threat or risk, that of a free press or possibly an extremist group publishing the location of every chlorine tanker in America. Could that be a threat to our security? Of course, it might even herald the initial coordination of a nationwide attack. But just like the above stories, you don't outlaw bloggers or their right to publish (nor can you.) Instead you look at potentially dangerous objects or information, you analyze the potential risks, and you find a way to mitigate them. Step 0 might sensibly be "don't publicly publish lists of hazardous tankers" except to those persons with a need to know. Step 1 might be to keep any such lists as small as possible -- the Seattle fire department doesn't need to have the schedule for the Atlanta chlorine train. Step 2 might be to publish a generic set of instructions, "How to safeguard chemical tankers". Step 3 might be a communications plan to the rail lines informing them of a security breach. And so on.

Almost anything can be a threat. What defines an appropriate reaction is recognition of the risks, planning and mitigation strategies. Over the top reactions like saying "OMG they're trying to silence the press and Jefferson is rolling in his grave" are completely missing the point. Nowhere in TFA are they even suggesting they suppress the blogs; they're just recognizing a potential threat, and figuring out what plans (if any) they need to make.

Re:Frightning... (0)

Anonymous Coward | more than 6 years ago | (#22266212)

an extremist group publishing the location of every chlorine tanker in America.

do a search for water filtration plants and Paper mills. there's your locations of MOST Chlorine gas tankers, train car sized that can wipe out entire cities.

1 ton cylinders only kill 10-20 thousand, so they are not as dangerous.

That kind of info is very readily available to the evil-doers. If it's dangerous, the bad guys already know where it is.

Re:Frightning... (2, Interesting)

The_reformant (777653) | more than 6 years ago | (#22259816)

Any mass information disemination is obviously a risk during national emergencies and there is no reason to beleive that if the press isn't controlled by the government then it is uncensored and uncontrolled. There are plenty of other organisations with huge media influence and their own agenda to push so you have to consider the view that its someone else's propaganda.

Treating the media as a risk isn't the same as taking away the freedoms of the media. The media and by extension the general public doesn't have a right or need to know intimate security details during a time of crisis. I dont see a problem with controlled release of information under the assumption that there is a long term transparency.

Plans are in development... (1)

GameboyRMH (1153867) | more than 6 years ago | (#22259884)

Indeed - there have been plans to generate power from the corpses of America's founding fathers, but there are a few issues with the drivetrain and transmission - The big one is, how would you attach a flywheel to a power plant that doesn't fall below 25krpm, even at night? Once that's dealt with, the transmission can be rev-matched to the power plant using a series of starter engines (the power plant, being composed primarily of rotting organic material, WILL NOT stand up to any shock), finally with a "starter turbine" that would match the power plant speed (controlled by a computer with inputs from precision tachometers on the transmission on flywheel), then a strong clutch can be engaged, then through multiple gear reduction using a series of differential gears, energy is transferred to a huge generator, and everything will be good to go. It's just that one big problem preventing this clean energy from being put to use.

Re:Plans are in development... (1)

Stanistani (808333) | more than 6 years ago | (#22267478)

The answer, as always, is: lots and lots of duct tape.

Cyber Storm? (1)

PopeRatzo (965947) | more than 6 years ago | (#22256434)

I just want to know:

1. How much does it cost per month to play?

2. Does it support DirectX 10, and

3. Where do I sign up for the Cyber Storm Goonswarm?

This crap always amazes me (1)

zappepcs (820751) | more than 6 years ago | (#22256536)

I've been in a position to analyze various infrastructure systems for several large cities in my life, and I can tell you that they are not thinking this through correctly. The best cyber storm possible is one that you have not prepared for, nor thought of, and to even begin to contemplate them, like a chess playing program, you have to know ALL possible moves. As an example of what I'm hinting at, the recent cable cut that killed the Internet pipe to a large part of the middle east was NOT anticipated. Sure, there were re-routes, but every possible combination of data loss, connectivity loss, and possible system intrusion cannot have been prepared for.

You see, one big accident that allows in just the right trojan, followed by something akin to the butterfly effect, and in 47 days all kinds of Internet hell breaks loose. It might even take two such accidental outage events to place all the trojans where they need to be. Then when all is in place the silent enemy takes over what you have been protecting for so long.

Neither you nor I can determine with zero error exactly where a DDoS attack will overwhelm the right system resources to allow take-over of the desired systems. Yes, this spaghetti mess of events is something that cannot be fully prepared for, so saying that the test was successful and that you are safer now is absolutely head-up-your-ass stupid.

Until the test team knows ALL possible flaws, a full cyberwar test is not possible. Simulating real life systems in isolation removes those little annoying system weak spots that can be exploited. I dare say that there are NOT enough people in the NSA to create a test group large enough to handle even one large metropolitan area, never mind a full state, or say the tri-state area near NYC.

I'd like to see the data sets that they are using for the testing system simulations.


Re:This crap always amazes me (4, Insightful)

mwlewis (794711) | more than 6 years ago | (#22256706)

So, to summarize your post:

A successful exercise must consider every possible threat. They didn't think about every possible threat. It's not possible to think of every possible threat. An exercise that doesn't consider every possible threat doesn't help anything at all


You obviously missed the whole point, which was really to work on the cooperation and communication. They weren't testing specific countermeasures, but stressing the people and the organizations involved to see what happens. Even if it weren't, being more prepared or knowledgeable about some threats is better than being knowledgeable than no threats.

accident? (2, Interesting)

zogger (617870) | more than 6 years ago | (#22257188)

I haven't seen anything but their say so that the cut was an accident. It could have been deliberate to slow down middle eastern stock market transactions, to try and avert a meltdown...just sayin'.... or something else. Could be a lot of things. I don't know but so far ain't buying the story as advertised. It might be true, but it smells bad. We have one report that says ships got "ordered" to go anchor in an unusual place..this is a clear WTF? episode then. Why they do that? Plausible deniability excuse some "ships anchor" did it?

    Whenever there is a HUGE screwup, judging by past historical references and parallels,.... with big business or governments, it pays to reject the first official "explanation".

Re:This crap always amazes me (0)

Anonymous Coward | more than 6 years ago | (#22258910)

Uh, wtf are you talking about? If you sit down and think for just 5 minutes, anybody could come up with dozens of situations where any government organization would collapse if it was the happen RIGHT NOW.

You CANNOT predict "ALL possible moves" beforehand, real life is not a chess game. The moment you talk about war, all rules go out the window. If theres ANYTHING 9/11 taught us, its that even IF you do predict how an enemy will attack you (designs for an attack using civilian airlines has been used in novels for decades) sometimes you just can't really prevent it without taking overwhelming drastic measures (and when you go half-assed, you fail to actually deter the enemy and simply piss off your own people).

Why does did sound like the plot to war games 2? (2, Insightful)

Joe The Dragon (967727) | more than 6 years ago | (#22256588)

Why does did sound like the plot to war games 2? []

the movie has a system that sounds alot like the one talked about hear.


Old memories (0)

Anonymous Coward | more than 6 years ago | (#22256816)

Am I the only one that thought of the old Dynamix games "Cyberstorm" [] and its sequal Cyberstorm 2: Coporate Wars [] when reading the title?

No Fly Nonsense has been Squared. (1, Insightful)

Erris (531066) | more than 6 years ago | (#22256836)

There are not to many people in the airport, there are too many people on no fly lists. Technically, one person is too many because proscriptions violate your right to due process of law as outlined in the bill of rights. There are 750,000 people slandered as fellons by these lists, so many that it's possible that too many of them could come to the airport one day and overwhelm the TSA agents there. I'm not sure what the real problem is, because people on the no fly lists are never arrested [] .

To recap, there are so many people on a secret, illegal list of terrorists who are so dangerous that they can't fly AND they are let go immediately AND there are not enough guards for them. Only someone working for Homeland Defense could worried about the details of such an idiotic task.

ha ha (0)

Anonymous Coward | more than 6 years ago | (#22263126)

l0ser, ha ha

I know where the railcars are (2, Funny)

acvh (120205) | more than 6 years ago | (#22257128)

as does everyone who drives on the NJ Turnpike. do I win?

Re:I know where the railcars are (0)

Anonymous Coward | more than 6 years ago | (#22257256)

Many of the main rail corridors in the US are immediately adjacent at some points to poor neighborhoods where there are houses only 10 meters or less from the tracks. It's somewhat easy to scan the barcode on each railcar as a train passes. Then there are certain high-priority short rail lines, such as the one which terminates in Atlantic Highlands, NJ.

Re:I know where the railcars are (1)

sssssss27 (1117705) | more than 6 years ago | (#22257268)

as does everyone who drives on the NJ Turnpike. do I win?

On the rails??

*does not drive on the NJ Turnpike*

Re:I know where the railcars are (1, Funny)

Anonymous Coward | more than 6 years ago | (#22257522)

as does everyone who drives on the NJ Turnpike. do I win?

No, silly, you drive on the NJ Turnpike. You lose.

goals (1)

Tom (822) | more than 6 years ago | (#22258252)

The question is what the goal of the exercise was.

Sometimes, these exercises are "free for all". There's a scoring system and you win if you get the highest score, good luck.

Sometimes, though, there are more refined goals. If the goal of the exercise is to evaluate different reactions to a given threat, for example, then taking away that threat by whatever creativity you bring isn't a "smart move", it's breaking the game because removing the threat wasn't the goal, and by doing so you make it impossible for the exercise to reach its goal.

That reminds me of the US general who played a wargame at the start of the Iraq war. He played the Iraqis, and through clever use of everything he had, including guerilla tactics, concentrating on fighting street battles, misdirection and other tactics, he actually managed to beat the invading US forces. That probably gave them a little shiver. They also fired him from the war games. At first I thought that was dumb. But later news reports were more detailed and revealed that he had not, in fact, been given the goal of trying to win or playing the Iraqi forces as best as he could, but to lead them through a scenario of pre-planned basic strategies. He didn't win the game, he ruined it, because the goal was to analyze specific scenarios, not to find out who would win a sandbox version of Iraq.

Re:goals (1)

NeutronCowboy (896098) | more than 6 years ago | (#22258794)

And sometimes, the goals that are given are pulled out of someone's ass and completely unrealistic.

I don't know what the goals of that wargame were, nor whether the goals were realistic or fit into a certain strategy. What I do know is that the strategy that the general used is the EXACT strategy that was used by Al-Qaeda, and which nearly kicked the US forces out of Iraq. The saving grace was some very unorthodox thinking of the commanders on the ground, who managed to change the minds of a number of Iraqis about who the real enemy was.

That general should have been given a medal, the wargames redone with that knowledge incorporated, and then reanalyzed. In short, they should have learned from their discovery, instead of just ignoring it.

Re:goals (1)

aproposofwhat (1019098) | more than 6 years ago | (#22259538)


I call BS. If you don't know enough about the situation to know what the goals of the wargame were, how do you have sufficiently detailed knowledge of the general's strategy to claim that it is identical to that used by Al-Qaeda (given, of course, that one accepts the premise that it was AQ and not Iraqi Sunni tribal leaders who were responsible for the resistance)?

Re:goals (1)

NeutronCowboy (896098) | more than 6 years ago | (#22262666)

I'll give you I was glib in me lumping all the current fighting as being under control of AQ. There are plenty of other elements in there.

As for needing to know the details of the strategy.... tell me, what does this sound like: hit and run tactics, ambushes, use of irregular forces, urban combat and bombings. Sounds pretty much like what's happening now, right? If the gp is right, that's what the general used... and I vaguely remember stories of that wargame in a similar fashion.

Sometimes, the details don't change the overall story.

Re:goals (1)

Big_Breaker (190457) | more than 6 years ago | (#22261724)

Completely expelling US forces from Iraq would require confronting them as a massed force in non-urban terrain. That would also be sheer suicide for virtually any army on the planet, let alone irregular AQ or Sunni resistance fighters. Let's be realistic here.

Urban combat is very tough for US forces - no doubt - but saying the US was almost kicked out is a farce. So far the US is willing to accept the casualties associated with operating in urban environments. If that willingness goes away, the US may withdraw from the cities or altogether. It won't be a military decision, but a political one.

Re:goals (1)

NeutronCowboy (896098) | more than 6 years ago | (#22262602)

To quote Clausewitz (I think), war is merely politics pursued with other means. All wars are political decisions, as are decisions on how to pursue a war. A retreat from Iraq would have been a political decision. And yes, the US was very, very close to "losing" this Iraq war. If the "surge" (in quotes because I don't believe it is the primary cause of the improvement in the situation on the ground) would not have been successful, I can guarantee you we would have left.

In your initial assessment, you made the exact same mistake that Bush and his political allies made: that enemies would be willing to engage the US troops in a traditional battlefield, and that asymmetric warfare cannot possibly lead to a withdrawal.

Re:goals (1)

Big_Breaker (190457) | more than 6 years ago | (#22340758)

I am not surprised at all that US forces encountered resistance in urban environments. Somalia taught all our enemies how vulnerable US soldiers can be in on the ground in mixed civilian/combatant areas.

Massed combat oustide urban centers would be necessary to drive US soldiers completely out of Iraq. The US has bases out in the desert with equipment and supplies for precisely this reason.

How To Play?? (1)

JWSmythe (446288) | more than 6 years ago | (#22264684)

My big question is, how do *I* get involved in the game?

    It's nice and all to hire private 'security' companies, and have all the agencies beating up on it, but it's already been proven that the most dangerous folks out there are just regular folks (regardless of age). Regular people are the ones finding the exploits to break perfectly good security. It's not a 'security' company with a library of those works who are the most dangerous threats, it's the kid who just figured out an exploit on his own and hasn't released the information to anyone.

    I'd like to play, just for the sake of trying. What damage could I do in an environment set up to test how much damage could be done?

    I've had labs set up for exactly that over the years. I'd do my own penetration testing, and then use other tools. I've actually slipped up on occasion, and accidentally crashed a machine that I thought was bullet proof. I took a fully patched and current machine, and absolutely beat on it. I left top running on the console, just to see that things were still happening, and the machine hadn't gotten overloaded. I finally ran another penetration testing program on it, and mid-run the machine crashed.

    As it turns out, the test that was being run when it died was a test for an older kernel exploit. I was running the current kernel from the distro, but it was .0.1 older than The exploit was known to crash kernels over .1.? older than mine. There was no mention of patching it in the changelog, but upgrading the kernel beyond the distro kernel fixed it.

    This has found bad things quite often. What if a simple "nmap -sV -O" were to stop a custom server? I've seen it happen, but it would only stop it on particular ports, because those are the only ports that nmap touched. It solved a long standing mystery with that group, but made a new headache that they needed to fix the oops.

    What if the test infrastructure wasn't set up to protect against something as simple as flooding a core router IP? Wouldn't that be significant to know? What if.. what if..

    How long would a network survive, if they invited all Slashdot readers to do their worst to it? That would be with the agreement that the people involved would disclose any method they used to damage the network?

    As I found, no matter how bad *I* try to be to any network I've tested, I've always had worse with high traffic environments. As I always explained, with over 6 million daily viewers, if say 0.01% of them were semi-capable hackers, that still leaves an awful lot of people trying to damage my equipment. I had a lot of practice defending things. :)

Re:How To Play?? (2, Insightful)

charlesnw (843045) | more than 6 years ago | (#22266930)

The cyber storm war game is not about penetration testing. Its about response coordination. The US government has plenty of people who network in the security community and keep up on exploits etc. They have SNORT and SHADOW and who knows what other IDS systems all over the net watching for new exploit code.

The key element of these war games is to test response capabilities. Testing existing exploits would be pointless. An exploit could come out tomorrow that allows someone to control every Cisco router on the planet. Would that cause problems? You bet. At that point entities which have a tested and rehearsed security response plan will fare better then does who don't. Also organizations which have handled security incidents before will also fare better.

cyber game - results - improvements? (1)

one2busy07 (1117855) | more than 6 years ago | (#22278692)

I'm sure that a cyber game test of this magnitude would reveal weaknesses; the shear number of players, incidents, options.... the senario would be infatismal... Just wonder what changes are going to be put in place to improve results of #2? Wonder if 'master control' has a view similar to the link below, except with much more detail?...... [] one2busy07
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?