Network warfare

Deep within the bowels of a Lockheed Martin building in Hanover, Md., a group of trained security experts do their best to penetrate the networks of five military academies. And they don't mind being mocked.Which is exactly what the Air Force Academy is doing at the moment. The network administrators have posted a taunting Web page from academy cadets: a photo of a crying baby along with a caption that accuses their attackers of being no more than script kiddies, an insult of no little weight to security professionals.One of the administrators looks at the picture and laughs. 'What they don't know,' he says, 'is that we still have a back door in their system that they haven't found.'Welcome to the seventh annual Cyber Defense Exercise (CDX), a National Security Agency event in which computer science students at the nation's service academies go head-to-head with a hand-picked group of malicious-minded security experts called the Red Team.At stake was the coveted NSA Information Assurance Director's Trophy ' won last year for the second time by the Air Force Academy ' and a lot of pride.'They are hungry to win,' said Maj. Damon Becknell, who teaches information assurance at the U.S. Military Academy at West Point, N.Y.West Point issued the first CDX challenge in 2001 and won the contest the first two years but has not been able to regain the trophy since 2002. This year, 26 West Point cadets went all out to get back on top.'We're treating this like an Army mission,' said Rock Stevens, cadet commander of the CDX team. 'We're soldiering on the Internet.'There is more involved than bragging rights. The exercise is the capstonefor information assurance classes at West Point; the Air Force Academy in Boulder, Col.; the Naval Academy at Annapolis, Md.; the Coast Guard Academy at New London, Conn.; and the Merchant Marine Academy at Kings Point, N.Y. It provides a dose of real-world experience to go with their classroom training.'Are they fully prepared for it? No,' said Lt. Joseph Benin, electrical engineering instructor at the Coast Guard Academy. 'But they learn that what they are learning in class has value.'The exercise gives students a chance to practice what they have been learning during the first half of the year in classes on networking, security and electrical engineering.'They are pretty much novices at computer security,' said Capt. Sean Butler, assistant professor of computer science at the Air Force Academy. The first half of the class is traditional classroom work, he said. 'After that, I turn them loose.'Each academy had to build and maintain a virtual network that includes a Web server providing dynamic content from a back-end database, an e-mail server with public-key encryption, chat service, file sharing and a Domain Name System server for name resolution.Once the networks were up and running, the NSA Red Team spent five days hammering away at them from a location near their Fort Meade, Md., headquarters. The teams are scored on their ability to detect, defend against and recover from attacks while keeping the required services up and running.On the first day, Monday, the Red Team kept things simple, probing the virtual networks for open ports and services, looking for obvious points of entry.Along each wall were laptop workstations and white boards filled with scribbles of IP numbers, router names and other pieces of possibly pertinent information.None of the students should have been fazed by Monday's activities. The skill of the academy teams has improved during the seven years of the exercise to the point that the Red Team attackers were at a disadvantage.In fact, NSA decided this was because the teams had too much control over their own networks. They did not have to deal with the real-world stupidity of users who unwittingly bring malicious code onto a network, Butler said. So last year, NSA began supplying virtual machines chock-full of malware that had to be included on the networks.'Part of the problem was trying to analyze these things and account for them,' Butler said. They had several weeks to check over the machines. 'I'm sure they weren't able to find everything. The NSA is good at hiding things.'So on Tuesday and Wednesday, the Trojan Horses started phoning back to the Red Team. The penetrators also started logging in to the systems, using any back doors and rootkits that went undiscovered.'On a Windows 2000 box, they infected the file that boots the GUI,' Benin said. When the file was cleaned up, the box would not boot up. 'We found the hard way that you don't clean that file. It's kind of frustrating,' but it added to the realism of the exercise.The Red Team abuse escalated until Friday, when they pulled out all the guns and tried to bring down the academies' networks any way they could.'The learning experience we're trying to convey on Friday is how things will really go down' during a network attack, one Red Team member said.Scoring is calculated by how long the academies can keep their networks up and running. Each team is given 50,000 points. The DNS, mail, Web server and file-sharing servers are pinged across a virtual private network every few seconds.If any one of the servers is down for longer than 15 minutes, points are subtracted. During the week, the academies are also given exercises to complete, which may help add points to their overall score.The academy teams typically are made up of all students in an information assurance or networking course. They usually are juniors and seniors, although underclassmen sometimes observe and lend a hand. Stevens is participating for his second year, moving up from forensics lead last year to team commander this year.With 26 members, the West Point team had a numerical advantage over some of its competition this year. The Air Force had 17 members on its team, the Coast Guard just 14.Benin said his Coast Guard team was at something of a disadvantage. 'I think 20 people fully engaged would be nice,' he said. But he also has about a half-dozen underclassmen lending a hand, and he's better off than he was in 2006. 'Last year, our team was nine.'Teams began preparing for the exercise months ago. 'Some of us spend upward of 300 hours preparing for this,' Stevens said.The Coast Guard team began working on it two months ago, Benin said. 'In spite of all the work and planning, we were still up all night Sunday,' the day before the contest began, he said.Not every team can provide around-the-clock support for its network, but they put in long hours.'At 2 in the morning they're excited and happy,' Benin said. 'This is a great motivator. They love it.''All of our preparation is paying off,' Stevens said in the third day of the exercise, when West Point cadets had not given up any points to attackers. But one of the primary lessons of the exercise is that, as in a real battle, students cannot anticipate and plan for everything that will happen, and the best-laid plans can quickly fall apart.'They are teaching us how to learn,' Stevens said. 'It's not what we know, it's how we can adapt what we're learning.'GCN Assistant Managing Editor Joab Jackson contributed to this story.

ATTACK MODE: Members of NSA's Red Team do their best to get inside the millitary academies' networks.

National Security Agency photo



















































Training hours




















X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.