back to article US cyber-army's cyber-warriors 'cyber-humiliated by cyber-civvies in cyber-games'

The US military held a series of online war games to pit reservist hackers against its active-duty cyber-warriors – and the results weren't pretty for the latter, we're told. US Military hacking team "Have you tried turning it off and then on again?" "The active-duty team didn’t even know how they’d been attacked. They were …

This post has been deleted by its author

Silver badge

How about the NSA?

I wonder how their guys would do against these two teams, with all this crazy stuff like Stuxnet at their disposal...

0
0
Bronze badge
Joke

Re: How about the NSA?

They'd compete but then they'd have to kill everyone.

12
0

Re: How about the NSA?

The CIA would also compete but then they'd drone strike a school, no where near the competition.

14
1
Silver badge

Not much of a surprise there then

I would imagine there is quite a disparity between the regulars and the reservists in terms of education and pay.

In addition, regular soldiers begin their training with discipline, standard operating procedures (SOPs) and do everything by the book, on the other hand the reservists have probably finished university and have achieved a great deal in their working lives by thinking outside the box.

Also the kind of guy that joins the military as a youngster is unlikely to be much of a nerd, having been in the British army I can tell you that few nerdy types last more than a week or two in basic training whereas someone who does make it to be a trained soldier and then goes on to become a techy is going to have had much less time to practice Nerdism particularly in his teens when most people do their best thinking.

12
1
Silver badge

Re: Not much of a surprise there then

On the gripping hand, if the IT bunker is overrun by hordes of fuzzy-wuzzies your average nerd is going to be rather less help in the grabbing a rifle and bayonet and getting stuck in department.

They don't like it up 'em Mr Mainwaring.

5
0
Silver badge

Re: Not much of a surprise there then

up vote for the 2 references.

The other point is, it is much easier to attack IT installations than it is to secure against such attacks.

We are currently certing a new product for security and the tools for attacking the network are plentiful, finding and plugging all the holes is another matter.

3
0
Silver badge

Re: Not much of a surprise there then

@Stevie

A valid point, but not critical, as the bases that the US troops operate from are very well defended indeed. That's if these higher-level tech staff need to be on the ground at all.

More important, I would have thought, is that the military absolutely want the people charged with maintaining the security of their system to be 100% loyal and willing to do what they are told. Last thing they want is a potential Edward Snowden on board.

0
0
Silver badge

Re: Not much of a surprise there then

Basic training in any armed force is based on stripping out the personality and implanting a compulsion to follow orders to the point where people would rather run at a gun-toting enemy than risk censure from their own side.

I reckon this process kind of stultifies creative thinking to a large degree.

On the hind leg, pot-smoking nerdites let loose and given free reign to humiliate the government's best are going to be well motivated and probably discarding more ideas than the army guys are even going to have.

9
2
Bronze badge
Childcatcher

Re: Not much of a surprise there then

Having worked for both regular and reserves, I can say there is not much difference in the training and expectations for the troops in the different commands. The point about outside experience is more pertinent. Really though, while it has been rightly mentioned that there is a huge difference between defense and offense, what is missing from the discussion as to how the military actually functions when it comes to IT. Most of it is handled by contractors who are told what to do and how to do it by someone, often a civilian, who probably is not very technically inclined and has to trust someone else, often someone who works for a competing contracting agency, for information on which a decision can be based. Yes, it makes good headlines to hear about the AR Red Team's victory and I am sure someone got a wonderful dressing down. Will it result in meaningful change (which is really the point of these exercises)? Who knows?

0
0
Silver badge

Re: Not much of a surprise there then

Maybe for British recruits. But one of the frequent complaints from the Russians is that studying US SOPs is useless because as soon as the guys get on the front lines they throw the book away.

0
0
Silver badge
Trollface

THANKS OBAMA!

Seriously, this just means Israelis are currently commandeering the sprinkler system of the general in charge from their secret Jewish location.

Ridiculous US.

2
6
Silver badge
Go

It's the Army, so just turning on the computer probably involves a 5-page process!!

If you don't believe me, check the field manual!! :)

"Sir!, yes sir!! I have confirmation that the power strip is plugged into an operational 110 watt 13 amp outlet!! Shall I proceed?!"

4
0
Silver badge

Re: It's the Army, so just turning on the computer probably involves a 5-page process!!

A bit more like:

"Sir!, yes sir!! I have confirmation that power strip PSN 194-q73-xdlol49jz rev 1.022135 Aug 4 2014 is plugged into an operational 110 watt 13 amp outlet PSN 227-tp401dx257 rev 71.10937 Dec 12 2009 as per tech order AJBP- Electrical subsystems for computer systems general qpdll77291 rev Apr 21 2014 pages 231 thru 762, with installation ticket aj7-d and troubleshooting ticket pp4u2 properly filed in triplicate!!

Shall I proceed to tech order AJBP-annex 47 utilizing the on/off button of series 581 through series 1762 desktop computers rev May 3 2014 pages 112 through 976, SIR?!"

There, that looks about right for proper military protocol.

10
0
Anonymous Coward

Re: It's the Army, so just turning on the computer probably involves a 5-page process!!

8.5v mains?

2
0
Bronze badge
Holmes

Two possible responses

One: clearly, maintaining a full-time force to do this sort of work is a huge waste of resources. We don't have the expertise to train them, or the recruitment processes or the budget to attract the right kind of people. We should get the reservists to do this work instead, possibly rotating people into service for no more than one-month stints away from their regular jobs, so that they don't get marginalised to irrelevancy within their civilian work.

Or two: clearly, we need to massively upgrade our in-house military capabilities by paying more, expanding the pool of recruits, and buying newer, shinier kit and training for everyone. In short, we need to quadruple the current budget.

I wonder which way they'll go?

0
1
Silver badge

Re: Two possible responses

Unless the army has suddenly learned how to train 'fun' then I don't think they will ever be able to match a civilian who is interested in such things to the degree where they become expert.

3
0
Anonymous Coward

Echo Mirage ftw

0
0

Cyber Ninjas are born, not made

Seriously, the army is recruiting from a totally different talent pool.

0
0
Anonymous Coward

Roll roll roll your hacks

Towards the army team

Belts off

Pants down

The army just got reamed!

Woooooo!

MRRRIKA!

The winners are now on a watch list.

Am I the only person that imagined real hackers taking on the puppets from team america here?

Puppet Commander: God help us, Intelligence tells us that we're under attack! The enemy are sending in roflcopters...man the AA guns.

Puppet hacker: I watched CSI last night, they wrote a visual basic app to trace their IP address. Im on it...SIR!

Puppet Commander: Send an order to the engine room. We need more firewall ASAP. Pile it up high team and let it burn brightly. I want the enemy to see it. Change the alert bulb to red!

Puppet engineer: Aye sir!

Puppet Commander: *lights cigar and sips brandy* Ive got them right where I want them.

Puppet hacker: A strange message has appeared with a cryptic message on my screen. It wants to know what the fox says?

Puppet Commander: Run the message through Intelligence immediately.

Puppet SIGINT: Sir, it would appear the fox says pa pa pa pa pa-p pow.

Puppet Commander: If what you say is true, then we're all going to die.

Meanwhile at the legion of doom...

Hacker 1: lol they have vnc with no password.

Hacker 2: rofl inorite im already on and typing messages in notepad and ive changed the desktop to a jolly roger. Lmao!

Hacker 1: *yawn* lets play some Quake this is lame.

1
0

Maybe they have the wrong concept?

The current operating concept is that to be a good defender, you need to be a good attacker. While that sounds right, not sure there is any evidence it is right.

The role of defender is actually a lot more structured and a lot more disciplined than the role of an attacker and there is little or no evidence that taking time to be trained up to do attack (as opposed to understanding how attacks are done/happen) takes away to much time from learning to configure networks, secure applications, monitor for anomalous behavior, etc...

There are so many ways to attack a network that it is very unlikely that anyone can know them all and, frankly, the attacker only needs one success while the defender can stop thousands of attacks but fails if there is one discovered vulnerability that is exploited. Spending a lot of time learning exotic attack methods won't help if the attacks are coming in on mundane paths you didn't think were important.

1
1
Bronze badge

Re: Maybe they have the wrong concept?

"There are so many ways to attack a network that it is very unlikely that anyone can know them all and, frankly, the attacker only needs one success while the defender can stop thousands of attacks but fails if there is one discovered vulnerability that is exploited."

And that is why my sympathy goes out to Infosec! It's a thankless job that will eventually land you in the doghouse even if you were 99.999% correct.

0
0

Re: Maybe they have the wrong concept?

If you don't know the myriad of ways that something can be taken down and, more importantly, the principals of how those ways work, then you will never understand how to put up a defense. Period.

Yes, there are lots of ways to configure networks and "secure" applications. There are even plenty of industry "standards" for what you should do. What's lacking are people who understand WHY those standards exist. If you know WHY, then you can make an informed decision on how to lock things down while understanding the areas that are just completely missed.

2
0
Anonymous Coward

It takes a real man [or woman] to do defense

"The best defense is a good offense" has always been a crock. Defense is hard. Any juvenilie delinquent can wreck something. It takes self-discipline, commitment and maturity to make something safe against destruction. If DoD wants to continue with an "offense-first" approach, maybe they need to change their name from the "Defense" back to the "War" Department. Give the "cyber defense" role, along with all the (100's of billions of $ in) funding for it, to a civilian agency like NIST in the Commerce Department that can recruit the most effective resources from academia and the ranks of seasoned private industry IT (vendors like MS or ORCL need not apply -- we need operators, not snake-oil sales people) to meet the real challenges we face, instead of a trumped-up "wargame" that the kids still couldn't win.

2
0
Bronze badge

What the world needs is a good operating system with no vulnerabilities and no exploits.

There's that provably correct microkernel that just got released into open-source recently; perhaps it's a start...

0
0
Holmes

FANGs

This happens pretty often. The Guard and Reserves generally have people with a decade or more of experience and a similar amount of time working with each other. They are up against a Regular workforce that moves every two years and is highly tilted to inexperienced newbies and careerists. What happens is that the reservists usually win the first year's competition and then the Regulars' brass rejiggers the playing field to favor the Regulars.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums