Things Get Physical
Another element that made the competition a rich learning experience was integrating the many different disciplines of information security. The CCDC competition prides itself on keeping game play as close as possible to what students can expect to encounter in the real corporate world—including incident response and physical security. Competing teams have a myriad of security tools and techniques at their disposal for identifying and pursuing their opposition. If a team believes that it has identified an attacking Red Cell member, the team can submit an incident report detailing the technical evidence that has been collected, and the Red Cell member will be temporarily banded—that is, arrested.
Competing team George Washington University was able to identify the source of system compromises and other malicious activity on its network. Using packet captures, photographs, and a bit of social engineering, the team was able to identify the Red Cell Hacker in its systems, and proceeded to have a mock police force perform an arrest. The hacker was taken to a temporary lockup, where he was questioned about his activity and even bribed with leniency should he divulge the names of other Red Cell Hackers. The inclusion of incident-response and forensics practices helped students to experience and understand the various components that comprise dealing with the collection, proper handling, and presentation of forensic evidence.
What's That Electronic Device Behind My Computer?
Another facet to the game play that makes the Mid-Atlantic CCDC unique is the incorporation of insider threats and physical access. Each year, a small amount of time is allotted to the Red Cell Hackers to have physical access to the competing teams' computing environment when those teams have gone home for the evening or are otherwise occupied. This is a coveted treat for the hackers, who spend time preparing rootkits, password crackers, and keylogging devices to be connected to the teams' systems, in hopes that compromised devices will "phone home" and provide the Red Cell Hackers with control. An addition this year was small eavesdropping devices that were planted under the teams' workspaces. These small listening devices, better known as "GSM bugs," work off the cellular networks, allowing someone to dial in remotely from anywhere in the world, eavesdropping on conversations and activities.
The physical access event is meant to teach students two very valuable lessons:
- In the event of physical access, most logical security controls such as passwords and network configurations will fail to protect systems. The simple truth is that all bets are off if an attacker can gain direct physical access to systems, even if only for a short time.
- The second lesson is the importance of considering all aspects of security. It's not enough to implement and consider only logical countermeasures and controls. Students must learn the importance of considering all attack vectors, including the possibility that someone on the inside may not be working in the team's best interest.
These lessons help to solidify the students' understanding of basic security traits such as securing documents that may contain sensitive information, and ensuring that systems are properly locked away before leaving them unwatched for extended periods of time.
At the end of the second day of the Mid-Atlantic CCDC, it's plain to see the toll that two days of nearly constant attack-and-defense have taken on the teams, as they wait patiently to hear who the winner is and who will be moving forward to the national competition. Each team has had to deal with system compromises, incident response, physical security threats, and even attacks against cutting-edge wireless systems that were completely new to them. While many teams don't make it to the national competition, each participant has gained valuable skills and experience. Each student walks away with a better understanding and appreciation of the many facets of information security, along with the dedication it takes to succeed in this constantly changing field.