I was curious about how two-way hacking might work, whether for military or other purposes. Part of it is simply how careful you are in general, whether the enemy can just make a few calls to find out your password then access the target accounts. And of course, if you're able to detect a hacking attempt, you may be able to disconnect your computer before damage is done (which might make a hack-battle very frustrating when the opponent disconnects whenever you're going to win). Aside from those aspects, I'm interested in what the offensive and defensive measures of such an encounter might be.

I was curious about how two-way hacking might work.
Is there even such a thing as an actual "Hacking Duel"?
I thought it'd be just taking turns attacking each other's castles? You never "meet the other army on the battlefield".

Well, a duel in the fact there are two participants trying to overcome each other. It could be part of a game, be related to two hackers who have come to be at odds, or even be the efforts of two militaries to hack each other's drones. The encounter won't necessarily be very personal, and may not even be that interactive. That's why I'm curious about how it could play out.

Thing is, a really *good* hacker will get into your system without you realising he's in there; any hacker who not only alerts you to his presence, but also leaves enough traces that you can track him down and begin the "duel", really isn't very good at his job/hobby!

There are real-life hacker competitions, like https://ctftime.org/ctf-wtf/. I would not call this a duel, however.

Considering that it took months for the U.S. to prepare the hacking attack on those Iranian centrifuges, and the attack was only partly successful even with long development time and excellent hackers working on it, I would say that at this point, a real-time hacking "duel" is pretty much impossible. Unless you're talking about tit-for-tat hacking taking place at a glacial speed over the course of several years.

Perhaps hacking will be faster in the future, but in that's the realm of pure guesswork and/or fantasy at this point, so you can pretty much imagine whatever you like.

That's how I see it, anyway.

Hacking generally falls into two major categories:
1) Using prebuilt tools to exploit known vulnerabilities. This can be quite fast, but the fact that the vulnerabilities involved are known means a good hacker will have them at least mostly locked down on his own machine.
2) Discovering new vulnerabilities and building new tools. This is a very slow and painstaking process with a lot of luck involved.

In either case it's a lot less exciting than Hollywood depicts.

Hacking generally falls into two major categories:
1) Using prebuilt tools to exploit known vulnerabilities. This can be quite fast, but the fact that the vulnerabilities involved are known means a good hacker will have them at least mostly locked down on his own machine.
2) Discovering new vulnerabilities and building new tools. This is a very slow and painstaking process with a lot of luck involved.

In either case it's a lot less exciting than Hollywood depicts.So it's not really like in Live Free or Die Hard?

For a moment, I thought that "hacking" was a verb, and not an adjective, in the thread title. As in, "Hacking [a game/other thing called] Duel".

Heh.

The closest thing you might get to a "hacking duel" is a pair of hackers working at the same time to infiltrate one another. Which would be a bit like competing research teams trying to find key info. They'd be trying to find vulnerabilities (both real-world and cyber) in one another's security systems, changing all their passwords and serving up new ones as fast as possible, and so on.

I guess we sorta have an equivalent to this when a bunch of trolls send a DDOS on a website and the admins try to get the website back online as the DDOS persists.

So it's not really like in Live Free or Die Hard?

Short answer: No! Long answer: Definitly not!


If you're interested in a description of modern hacking take a look at books from Kevin D. Mitnick. They show it pretty nicely and are quite easy to follow.


Against weak targets like private computers and small companies you can use known vulnerabilities pretty well, but against bigger and more important targets you can pretty much only gain ground with zero day exploits (vulnerabilities not yet known to developers & admins), social engineering/infiltration or knowing the system better then the admins.

The last part is often not that hard if you have a number of experts on hand, time and money. This is pretty much the only part that will come close to movie hacking.

But I imagine for your average movie fan a film would be quite dull if they show a bunch of neckbeards carefully explore the system inch by inch for weeks/months with hundreds of failures and waiting for stuff to decompile, brute force or port scan 'till they finally figure out that some small subsystem uses an old software or still has a factory password.


In the end pretty much every large system is at least to a certain point vulnerable because in most cases you need to have security vulnerabilites called people access it.


So why didn't someone say hack your credit card companies database and use the numbers for a shopping spree?

Easy. Because it's much cheaper to get the same data via phishing or keyloggers.