I’ve become more interested recently in participating in wargames on the Internet. If you don’t know what those are, they are not games with any sort of violence or aggression. They are machines and networks that contain sets of challenges that the user must complete using hacking skills. Because the owners provide consent to hack within the bounds of the game, it is a perfectly legal scenario that promotes ethical hacking. Wargames are seen as a form of awareness for “sloppy” coding practices that may create system vulnerabilities. The hosts of wargames hope that such games will help coders recognize security flaws in the code that they are writing, which will lead to a much safer and more secure Internet.
Some of the wargaming networks that I visit frequently are smashthestack.org, io.netgarage.org, and overthewire.org. That last website has a game called the “warzone” which they are beta-testing at the moment. It is a simulated Internet that users can connect to. It is expanding the hacking environment out from a single machine into a network of machines. In short, this game has inspired me and I’d like to start my own “warzone” too.
My idea is a network where devices are distinguished into two groups: the hackables and non-hackables. For example, a server hosting a wargame would be categorized as “hackable” whereas a script-kiddie who just wants to connect to the wargame server would be a “non-hackable.” The difference is that machines specified as “non-hackable” would have a inbound firewall that is provided by the network simulation software. This is an easy way to manage “consent” so that a user can easily protect his computer if he doesn’t want it to be hacked.
Hackable machines, on the other hand, are able to connect to the network with no restrictions on either inbound or outbound connections. Of course, connecting to the network as a “hackable” means that you give your consent to others that they can hack you; however, you would be able to specify what extent of hacking is allowed. For instance, a server with unprivileged SSH users as part of a wargame might have terms saying you can only use those users and not attempt to gain access to anything else.
This idea is still a work in progress, so if you have any suggestions, I’d be glad to hear them!