R o o t s e c u r e . n e t
The Security News Site For Systems Administrators & Hackers Thursday, 23rd October 2014 @ 08:53:36 GMT 
Reports | Hacker Wargame Research Project - finding out how Hackers think
{1st May 2003}
The Hacker Wargame Research Project hackerwargame.org quietly sprang up with little publicity around the middle of April 2003.  It is a Hacker Wargame just like hack.datafort.net or www.roothack.org, but that's where the similarities end.  Corporate Technologies USA, Inc (whose clients include government agencies) are looking for people who can compromise a fully patched Windows 2000 server from the Internet.  "Our research is studying how advanced hackers think."

This is not typical / real world situation, leaving only two clear routes of attack.  Discover a new vulnerability, and subsequently produce a working exploit for it which is far fetched or go after server misconfigurations.  A social engineering based attack is pretty much ruled out by the fact it's a lab environment.

Corporate Technologies are a company who have both the experience and opportunity to run such a project, mainly in the form of their point man John A. "Cobras" Klein. Which leaves only the questions of why and what do they have to gain?  The faq page gives the answer to this question as

"In simplest terms, we are trying to figure out if we can spot the target of an attack based on the methods used so we can build a smarter IDS that thinks like a hacker does.  Of course, to make something think like a hacker, we have to know how hackers think, so we study them."

However this does not really make sense.  They are willing to pay people $250 for finding / exploiting misconfigurations in their installs of Windows 2000 / IIS5 / MS SQL Server / Exchange server, or they are looking for people to find new zero day vulnerabilities in these Microsoft products, then exploit them?  If so first of all someone skilled enough, and with the resources to do this would likely have no reason to take part (certainly not a financial incentive), and even if they did the vulnerabilities would be found in the participants own time on their own systems beforehand.  Secondly anyone else with such knowledge would likely have a questionable background and therefore significantly value their privacy and have no reason to participate in a research project with the aim of finding out a whole lot of information personal to them.  Rootsecure.net put these concerns to Mr. Klein who stated

"While the servers are "fully" patched (as in the default Microsoft Critical Security Updates) there are a number of externally accessible services running on the servers, such as Exchange, SQL, IIS, etc. so there are plenty of opportunities for a "real" hacker to exploit the boxes.  It's true that the average script kiddie will probably not succeed, but this is by design.  We have received over 100 applications, many from highly skilled hackers."

John A. "Cobras" Klein the sole researcher mentioned on the website coincidentally happens to be the president of rent-a-hacker.com, a Cybersecurity firm proving a number of security based services from ‘ethical hacking' to ‘IP telephony'.  John A. Klein is also listed as the Technical Contact for the domain of Corporate Technologies USA.  He has 10 years physical security/investigations experience, and 6 years IT security experience and is self described as "not to be just a geek, but rather the geek".  This begs the question, why can't he just hire his own qualified people?

The research project should keep in mind the fact that Hackers are good at thinking ‘outside the box', especially when setting up their logging equipment due to the recent ethereal, tcpdump, and Snort vulnerabilities / exploits - Snort TCP Stream Reassembly Integer Overflow Exploit, Multiple Vulnerabilities in Snort Preprocessors.  Root on an unpatched logging machine with tools such as tcpdump pre installed inside the LAN would certainly provide some interesting possibilities.

Note: Article updated after Mr. Klein responded to a request for comments.