There’s a lot of talk about hackers and the battle they wage in real time. But is this really the case? There are a few things to consider before making this claim. First, many people believe that hackers are actually just computer nerds who use their skills to mischief. This is often true, but there’s no evidence to support this claim. Second, it’s not always easy to track down the people behind these attacks. Third, it’s possible that some hackers do battle in real time - but there is no evidence to support this claim either. So far, there is no clear evidence that hackers really fight in real time - and if there was, it would be difficult to prove. However, if you’re thinking of using this claim as an excuse for your own security failings, then you might be right to do so. But until we have more evidence, it’s hard to say whether or not this is really the case.


Play Video

Amidst a torrent of indecipherable technobabble (He’s burned through the firewall! This is DOD Level 9 encryption!), the pair begin to fight back. Eventually, they end up typing simultaneously on the same keyboard. It is—for lack of a better term—ludicrous.

Take a Seat. We’re Hacking

Those scenes epitomize everything wrong with how hacking is portrayed in the world of TV and film. Incursions into distant computer systems take place in a matter of moments, accompanied by a variety of meaningless green text and random popups.

Reality is a lot less dramatic. Hackers and legitimate penetration testers take the time to understand the networks and systems they’re targeting. They try to figure out network topologies, as well as the software and devices in use. Then, they try to figure out how those can be exploited.

Forget about the real-time counter-hacking portrayed on NCIS; it just doesn’t work that way. Security teams prefer to focus on defense by ensuring all externally-facing systems are patched and correctly configured. If a hacker somehow manages to breach the external defenses, automated IPS (Intrusion Prevention Systems) and IDS (Intrusion Detection Systems) take over to limit the damage.

That automation exists because, proportionally speaking, very few attacks are targeted. Rather, they’re opportunistic in nature. Someone might configure a server to trawl the internet, looking for obvious holes he or she can exploit with scripted attacks. Because these occur at such high volumes, it isn’t really tenable to address each of them manually.

Most human involvement comes in the moments after a security breach. The steps include trying to discern the point of entry and close it off so it can’t be reused. Incident response teams will also attempt to discern what damage has been done, how to fix it, and whether there are any regulatory compliance issues that need to be addressed.

This doesn’t make for good entertainment. Who wants to watch someone meticulously pore over documentation for obscure corporate IT appliances or configure server firewalls?

Capture the Flag (CTF)

Hackers do, occasionally, battle in real time, however, it’s usually for “props” rather than any strategic purpose.

We’re talking about Capture the Flag (CTF) contests. These often take place at infosec conferences, like the various BSides events. There, hackers compete against their peers to complete challenges during an allotted amount of time. The more challenges they win, the more points they gain.

There are two types of CTF contests. During a Red Team event, hackers (or a team of them) try to successfully penetrate specified systems that have no active defense. The opposition is a form of protections introduced before the contest.

The second type of contest pits Red Teams against defensive Blue Teams. Red Teams score points by successfully penetrating target systems, while the Blue Teams are judged based on how effectively they deflect these attacks.

Challenges differ between events, but they’re typically designed to test the skills used daily by security professionals. These include programming, exploiting known vulnerabilities in systems, and reverse engineering.

Although CTF events are quite competitive, they’re seldom adversarial. Hackers are, by nature, inquisitive people and also tend to be willing to share their knowledge with others. So, it’s not uncommon for opposing teams or spectators to share information that could help a rival.

CTF at a Distance

There’s a plot twist, of course. At this writing, due to COVID-19, all 2020 in-person security conferences have been canceled or postponed. However, people can still participate in a CTF event while complying with shelter-in-place or social-distancing rules.

Sites like CTFTime aggregate upcoming CTF events. Just as you’d expect at an in-person event, many of these are competitive. CTFTime even displays a leaderboard of the most successful teams.

If you’d rather wait until things reopen, you can also take part in solo hacking challenges. The website Root-Me offers diverse challenges that test hackers to the limit.

Another option, if you’re not afraid to create a hacking environment on your personal computer, is Damn Vulnerable Web Application (DVWA). As the name implies, this web application is intentionally rife with security flaws, allowing would-be hackers to test their skills in a safe, legal way.

There’s just one rule: two people to a keyboard, folks!