This month it'll be five years I'm running CTFtime. From the first moment some people associated my decisions with teams I'm playing with. Till the moment it was just the talks but now I see the real attack on me from the iCTF organizers (Shellphish?) team:

We will shortly upload the scores for the 2016-2017 UCSB iCTF to CTFTime, with LC/BC removed. Since LC/BC runs CTFTime, it'll be interesting to see what happens. At the last event where LC/BC cheated (CODEGATE Finals 2016:, the event weight was changed to 0. This might end up as a 0-rated iCTF, but at least it will be a fair one.

All I can answer is — I'm trying to run CTFtime as transparent for the community as I can, all the ratings and changes are discussed with a community. I'm open for a dialogue, if you have any suggestions — feel free to (publically?) discuss it not to accuse.

Now to iCTF and LC↯BC situation — sometimes teams break the rules, sometimes make mistakes, it's just a game ... specially the CTF — a hackers competition (hack the stuff and win!). But what I saw in this iCTF article is very irresponsible and unethical according to the LC↯BC. Organizers team (who is a CTF competing team in other events) made a forensics analysis of all the teams vulnboxes after the game, grabbed the stuff from them, then not just made all the stuff of one teams public but accused it in illegal (in law!) actions. The question I'm asking to myself now — is it (legally) safe to play such a CTF? Will I be questioned about it on my next visit to US? May be it'll be safer to shutdown CTFtime and stop playing CTFs?

Now back to ratings (who cares about them?) — yes, iCTF 2017 hasshould have 0 pts rating weight.

Not b/c sometimes I'm playing with LC↯BC or set it manually as it was in 2012, but:

1. iCTF organizers missed to make an event in the last year (this year uses last years event weight if available or decided with voting if not)

2. Year after year iCTF does not go smoothly - network and services are unstable or nonunique, results are mostly random. It was Ok in the first years when there was no alternatives and iCTF was academic-only CTF, but times changing. Not trying to defend LC↯BC here (if all the described is correct) — teams actions was irresponsible, but why infrastructure of the attack-defence hacking competition was not ready (again!) for the full-state TCP traffic? As I know — LC↯BC had the same problem with DDoS during the game but successfully solved it with iptables configuration.

3. But the main reason — organizers were too busy "investigating" one more "russian hackers" attack during the hacking (sic!) competition than post even some scoreboard in a week period to run the automatic voting process on CTFtime.

See update for clarification why iCTF 2017 does not have 0 pts weight.

The reason why Codegate finals 2016 had 0 rating — organizers did not provide any official scoreboard, with discqualified LC↯BC or without.

This post is my own opinion not the teams one.


UPD: iCTF 2017 does not have 0pts weight after all — according to the rules some teams from last years top voted for it (they were able even w/o the scoreboard) during the week period. B/c there was no iCTF in the last year there was maximum weight 25 for attack-defence event, so all the votes were converted to it.

plaintext – April 4, 2017, 9:49 p.m.

It seems like there's be a misunderstanding regarding the legal accusation. Looking at the article linked here they say "iCTF was brought down by an illegal (rules-wise, _not_ law-wise) Distributed Denial of Service attack" (emphasis mine).

Pharisaeus – April 4, 2017, 9:57 p.m.

Well technically after each CTF the organizers have some time (usually a couple of days) to analyse the logs to make sure there was no cheating involved, such as sharing flags in jeopardy. So the fact that the organizers analysed the network traffic (and later the vulnboxes) associated with suspected rules violation does not seem strange at all. It's a normal thing to do, although usually it takes much less time and is not so detailed. But when trying to accuse someone of cheating it's better to have some hard proof, which might explain why they went so far.

Also let's be realistic, if someone left some obfuscated hacking tool laying around, don't expect CTF players to do something else than reverse it, at least for fun if for no better reason. Same goes for unusual pcaps - people will treat this as new forensics challenge.

The fact that CTFs are "hacking competitions" does not mean there are no rules, after all this is just a game :) And while during Codegate there was technically no written rule about remote players, so one could argue there was no cheating there, in this case the rules were clear on DoS attacks.

I agree that the accusation that kyprizel will be impartial in this case isunaccounted for, because nothing so far suggested such course of action. After all it's not like CTFs where LC/BC didn't win disappear from CTFtime. I expect this was simply because they got pissed off at LC/BC for spoiling the event, and CTFtime got hit by collateral damage.

As for the scoreboards, is it stated somewhere (I seriously don't know, never organized anything on CTFtime) until when organizers need to provide the scoreboard in order to get rank points?

zardus – April 5, 2017, 12:01 a.m.

Some clarifications from our side to avoid confusion:

1) "illegal" was an unfortunate choice of words. As the article explicitly clarified in parentheses, we meant against the iCTF rules, not illegal. We have further amended the blog post to this effect. Obviously, no one should worry about legal issues or consequences when playing a CTF.
2) The reason that finalizing the scoreboard took so long (more than the normal catching-up-on-sleep post-CTF) was specifically because LC/BC demanded a reckoning, and did so very aggressively. We made sure to thoroughly understand what happened.
3) The suggestion that the weight for CODEGATE 2016 Final Event was changed because LC/BC cheated has been removed. Sorry that you got caught in this: running these sorts of things is too often a thankless task. We look forward to the iCTF 2016-2017 being updated to a non-0 rating!

We've added an updates and responses section to our article with this info as well, to make sure it reaches everyone involved.

mike-bailey – April 5, 2017, 6:55 a.m.

Illegal doesn't exclusively mean violation of a law. Pretty sure there was just a language barrier there
>not sanctioned by official rules (as of a game)

mike-bailey – April 5, 2017, 6:59 a.m.

"why infrastructure of the attack-defence hacking competition was not ready (again!) for the full-state TCP traffic?"
It wasn't full-state competition TCP traffic, it was artificial traffic. Most reasonable competition organizers wouldn't expect the competitors to start hammering the LAN and if they do, there's not many mitigations for that.

"than post even some scoreboard in a week period"
How were they supposed to post a scoreboard when scores were not final?

"Organizers team (who is a CTF competing team in other events) made a forensics analysis of all the teams vulnboxes after the game, grabbed the stuff from them"
It's their boxes, that is their right.

"sometimes teams break the rules, sometimes make mistakes, it's just a game"
This was a pretty clear rule violation, not sure how this justifies it in any way.

Overall to a third party observer this whole post read off as deflecting and victimizing of one's self. The victim in this situation is most definitely not LC↯BC.

mike-bailey – April 5, 2017, 7:11 a.m.

To clarify, I'm gracious for CTFtime and the open source contributions these team members make and I realize LC/BC is a skilled, industry team, but from a third party observer this looks pretty cut and dry.

Sign in to comment.