Blackhat? Not me guv
<arreyder> niq cyberwar on going.
<arreyder> you should have participated 😛
<niq> arreyder: where?
<arreyder> I got a shell on all 15 teams webservers with a cgi exploit
<niq> BAD arreyder
<arreyder> the one I told you about a while back. I got them to set up remote access if you wanted to play
<arreyder> I didnt get root on all of them though, I didnt have time and people were not cooperating like they usually do
<niq> erm, I’d prefer NOT to be carted off to Guantanamo Bay by some spook who hadn’t been told it’s an authorised game
To give this some context, arreyder works for the state government of Iowa, USA, and has mentioned these security exercises before. He seems keen on the idea of me donning a black hat and hacking in to their machines. Now that’s fine for him. It might be fine for me if I was an accomplished cracker with access to a botnet, and maybe an IP address or two in China to cover my tracks. It might even be fine if I was an American citizen who could demand constitutional rights between being arrested and clearing up the idea that I was authorised to crack into their machines.
But I’m none of those things. I’m just a dullard who is far too scared of the consequences to hack into anyone else’s computer. Let alone a U.S.-owned computer, in the time of the Inquisition. Even if the good folks in Iowa have authorised it, the spooks at my door might not see it that way. I’d be in no position to argue with them. And given the culture of secrecy amongst spooks, there’s no guarantee arreyder and his colleagues would ever hear about it.
In the ensuing discussion, arreyder explained that the computers in question are actually at the University of Iowa rather than the state government itself, so perhaps the target addresses are not quite so sensitive. But in any case, there’s no reason to suppose I’d have penetrated the target machines any further than, or even as much as, arreyder himself.