Loading ...
Sorry, an error occurred while loading the content.

cypherpunk wargames

Expand Messages
  • jsyn
    /* Cypherpunk Wargames: Mountainous Forest Operation */ NOTE: This is an alternative to traditional learning methods, but is nevertheless grounded in
    Message 1 of 3 , Oct 14, 2002

      /* Cypherpunk Wargames: Mountainous Forest Operation */

      NOTE: This is an alternative to traditional learning methods, but is
      nevertheless grounded in traditional responsibility. Please do not
      read too much into this.

      Cypherpunk Wargames are tactical training operations designed to engage hackers
      in a wide range of strategic and technological thought. Participants are taken
      out of their familiar environments and into a very challenging fourth-
      generation warfare exercise for several days. Creativity and adaptability of
      many varients is required for success in this setting.

      Each operation is conducted as a unique scenario with it's own special
      requirements. This is a Mountainous Forest operation. Participants will be
      divided into several units, and then battle each other in a simultaneous land-
      and network-based wargame carried out while encamped on a rugged mountainside.
      Many strategies for attack and defense will be available, but only one will end
      up successful.

      Several pilots of this exercise have already been completed in praire,
      woodland, and subterranean urban environments. This will be the first full-
      scale training operation.

      For more information, see http://nthought.com/wargames/, or send mail to

      Mountainous Forest
      backup plan: Mountainous Desert

      November 7th - 11th, 2002
      Extended Veterans' Day Weekend

      Several possibilities are still being explored.

      Primary target:
      Julian, CA - mid-elevation wooded hills; a suitable location has been
      found here, and arrangements have been made.

      Secondary targets:
      Yucca Valley, CA - desert; we've got a workable location here, too; this is
      the backup plan.

      Big Bear / Arrowhead, CA region - due to high fire hazard, this national
      forest area is now closed until the risk is diminished.

      The rules are in an active state of development. Expect the rules
      about capturing opponents to change most drastically.

      Teams and Team Selection:
      - there will be several opposing teams (likely to be 4, but could be 3-5)
      - the number of teams will be determined by the number of particpants
      available; there will be 7-15 participants per team, and we are expecting
      40-60 participants, plus another dozen coordinators
      - each participant will vote names for selection of the team captains
      - each participant will have the opportunity to optionally make some of his
      equipment resources and skills known
      - team captains will draft their team members in rounds
      - each team will have a passphrase assigned to it
      - the team passphrase will give access to a central server, as well as to a
      GPG PK pair located there
      - the team passphrase will not be cryptographically strong; assume that it
      is crackable within a reasonable amount of time

      Terrain and Connectivity:
      - the operating area will have been divided into several zones -- one for
      each team, and one or more DMZs
      - each team will build one or more camps (tents, networks, etc.) within
      their zone
      - each team will be connected to the central NOC/HQ via a wireless network

      Network Services:
      - each team must run servers for which points will be granted (up to 10 servers
      will be point-granting)
      - each server will be assigned one digitally-signed flag keyword file and
      several encrypted flag location files (one for each opposing team); these
      files are to be placed in the primary file system root directory, readable
      only by the system superuser
      - each server must run at least 10 Well Known services (ports <1024), more for
      extra points (up to 30 point-granting services)
      - additional points will be granted for running an older operating system on
      each server (with age defined as the date when >80% of the code was built)
      - additional points will be granted per server for creating a guest shell
      account/password and advertising it on a publically accessible service;
      this account must have a traditional, fully functional shell (don't be
      stupid), though it may be enabled in a more restricted mode; the associated
      server must also be running a fully functional remote shell access service;
      for full credit, this must be enabled within 8 hours of each server going
      into operation

      - any participant may "takedown" a member of an opposing team (this isn't
      through physical assault, but through a hand-to-hand range nonrepudiable
      tagging mechanism)
      - the "hit" participant is out of commission for a small period of time, their
      team loses points, and the team's central NOC/HQ account is locked for ten
      minutes (the exact procedure here is still in development)
      - during cease-fires (meals, additional instruction, etc.), all persons are
      to be accounted for and must cease to attack; machines, however, are allowed
      to do whatever they like

      - the event coordinators will have strategically hidden 10 "flags" per team,
      with each team's flags being placed within their own zone
      - assume that the flags may be anywhere -- buried, underwater, high in the
      trees, etc.
      - for each team flag, a file will be created describing it's location and
      flag keyword; several copies of this file will be made, each encrypted with
      A different opposing team's public key and signed with NOC/HQ's key
      - for each team flag, another file will be created with only the flag keyword
      listed; this will then be signed with NOC/HQ's key
      - each team should be well-informed of it's flag keywords (up to 10 of
      them); an attacker (from an opposing team) who knows the flag keyword
      for a specific flag (through compromising the associated host, or through
      compromising an enemy team member) can speak that keyword and be granted
      10 minutes to maneuver/search within a 10-yard radius (whether or not that's
      where a flag actually is)
      - if a flag is successfully captured at this point, the attacker must be
      allowed to return to a DMZ; otherwise, the attacker must escape on their
      - if a team has fewer than 10 hosts to associate their 10 flags with, their
      unallocated flag files can once apiece be used to reinitialize their
      own hosts (if/when compromised)

      - each team's goal is to defend their own flags from capture (the locations
      of which they do not know), and to capture the flags of their opponents
      - the first team to successfully compromise all flags + flag keywords
      automatically wins (regardless of score)
      - barring that, the highest scoring team at the end of the event will be
      the winner

      +50 = running a server (10 servers max. per team)
      +10 = per year of OS age (10 year max.; round down)
      +2 = 10 Well-Known-Service minimum, per service above this (after 3 hours
      uptime; 30 services max. for points)
      +100 = having a working guest user shell account w/ passwd readily discoverable
      on public host service
      +200 = per flag keyword compromise (server)
      +200 = per flag compromise (physical)
      x2 = compromises between 2-6am
      +50 = first reporting of a flag compromise (server or physical)
      -100 = false reporting of a flag compromise (server or physical)
      -5 = server downtime, per 10 minutes
      -10 = per discovery (and notice + 5 minutes) of guest user account
      (or information pertaining to it) unavailable (not coinciding with
      host downtime; only applicable if +100 points for guest account has
      been granted)
      -10 = getting taken down (each time) -- also, team member is not allowed
      to participate for 10 minutes (and then escorted to DMZ), and team
      account is locked for 10 minutes
      -100 = attempting to attack during a cease-fire (per person, per attempt)

      - courage and a passion for what we are doing
      - durable clothing: you will be in a natural outdoor environment for 4 days
      and 4 nights; assume that you will be in close proximity to poison ivy/oak,
      ticks, spiders, scorpions, snakes, various wild animals, etc.; for tactical
      reasons, camoflage clothing of various types would be advantageous, as well
      as clothing for conducting water operations (sneaking into an enemy zone, or
      retrieving a flag placed at the bottom of a pond, for instance); assume
      that you will get hot, cold, dirty, wet, muddy, and then will need to be
      able to clean up quickly for network attacks
      - food: you want to eat, right? bring coolers, drinks (a lot of water!),
      high-energy snacks, and all the food that you will require for 3-4 meals
      per day, realizing that fires of any type may not be allowed (due to burn-
      bans); limited cooking equipment for one meal per day may be available
      - campsite equipment: tents, tarps, crates/makeshift tables (for network
      equipment/servers), wooden palets/planks (to build a raised floor in case
      of rain), sleeping bag, chairs, firewood, first-aid kit, insect repellent,
      toilet paper, etc.; many other things may be useful, use your imagination
      - tactical equipment: rope, wire, fishing line, netting, carabiners, duct tape,
      shovel, cutting tools, gps receivers, radios, frequency scanners, etc.; it
      will be to your advantage to be able to construct perimeter alert systems,
      barriers, and equipment caches
      - network equipment: multiple machines to be used as servers (preferably
      already setup; laptops are a big plus), monitors, generators (extra power
      will be a plus), network infrastructure hardware (hubs, switches, cabling,
      NICs, WiFi gear)
      - code: multiple releases of various operating systems (older revisions for
      added points), multiple daemons (you'll need at least ten running for
      server credit), network security tools (there are many avenues that may be
      taken to gain strategic advantage in this competition, think broadly here),
      exploit collection (obviously, being able to exploit the vulnerabilities
      found will be key to winning; the more comprehensive your collection, the
      better your chances will be)

      - no alcohol or illegal drugs whatsoever
      - no fireworks, explosives, or incendiary devices of any kind
      - no non-electrical illumination devices except chemical glowsticks
      - cigarettes may be smoked only at NOC/HQ
      - firearms of any type must be checked at NOC/HQ

      - Thursday, November 7th
      20:00 - 22:00 arrive at on-location rendezvous area; meet+greet
      22:00 - 22:30 orientation
      22:30 - 23:00 captain selection
      23:00 - 23:30 team selection
      23:30 - 23:59 team orientation

      - Friday, November 8th
      o-dark-hundred roll-out
      00:00 - 06:00 campsite setup
      06:00 wargame scoring begins
      06:00 - 16:00 wargame operations
      16:00 - 18:00 cease-fire; group mealtime
      18:00 - 23:59 wargame operations

      - Saturday, November 9th
      00:00 - 16:00 wargame operations
      16:00 - 18:00 cease-fire; group mealtime
      18:00 - 23:59 wargame operations

      - Sunday, November 10th
      00:00 - 16:00 wargame operations
      16:00 - 18:00 cease-fire; group mealtime
      18:00 - 23:59 wargame operations

      - Monday, November 11th
      00:00 - 07:00 wargame operations
      07:00 - 07:30 cease-fire; group meeting
      07:30 - 15:00 wargame operations
      15:00 wargame scoring ends
      15:00 - 16:30 campsite teardown
      16:30 - 18:00 debriefing / results presentation / group mealtime

      Notes: (1) Yes, you'll have more than one meal per day. But your other two
      probably won't be warm, and you likely won't be able to eat them in peace
      without forsaking your team duties. In other words, you'll have to catch them
      when you can. (2) No, there's no time allocated for sleeping. You'll have to
      catch that when you can, too.

      Due to the arrangements we'll need to make in order for this event to run
      smoothly, it is very important that we get a reasonably solid fix on the
      number of participants as early as possible.

      Therefore, the earlier you pay, the less it costs.

      10/18/2002 $75
      11/01/2002 $100
      11/07/2002 $125

      As a participant involving yourself in this event of your own free accord,
      you will assume all responsibility for your own safety. In case of an
      emergency, we'll be nice and try to help you, but we will in no way be
      responsible for anything that happens to you. Be prepared, be cautious, and
      be smart. You will be required to sign a waiver stating your understanding
      of this matter. If you are under eighteen, you will have to get a parent or
      legal guardian to sign.

    • Christopher Smith
      He spammed me! --Chris
      Message 2 of 3 , Oct 14, 2002
        He spammed me!

      • Dan Kegel
        ... I sent him a private warning saying that war games were not an appropriate topic for lalugs. - Dan
        Message 3 of 3 , Oct 14, 2002
          Christopher Smith wrote:
          > He spammed me!

          I sent him a private warning saying that war games were not
          an appropriate topic for lalugs.
          - Dan
        Your message has been successfully submitted and would be delivered to recipients shortly.