Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Wages Cyberwar Against US Armed Forces Teams

Posted by ScuttleMonkey on from the next-time-take-the-gloves-off dept.

Hugh Pickens writes "A team of Army cadets spent four days at West Point last week struggling around the clock to keep a computer network operating while hackers from the National Security Agency tried to infiltrate it with methods that an enemy might use. The NSA made the cadets' task more difficult by planting viruses on some of the equipment, just as real-world hackers have done on millions of computers around the world. The competition was a final exam for computer science and information technology majors, who competed against teams from the Navy, Air Force, Coast Guard and Merchant Marine as well as the Naval Postgraduate Academy and the Air Force Institute of Technology. Ideally, the teams would be allowed to attack other schools' networks while also defending their own but only the NSA, with its arsenal of waivers, loopholes, and special authorizations is allowed to take down a US network. NSA tailored its attacks to be just 'a little too hard for the strongest undergraduate team to deal with, so that we could distinguish the strongest teams from the weaker ones.' The winning West Point team used Linux, instead of relying on proprietary products from big-name companies like Microsoft or Sun Microsystems."

8 of 219 comments (clear)

  1. Re:Not as many? by jjohnson · · Score: 3, Interesting

    How many people actually vet the Linux source code, or would recognize various weaknesses and backdoors if they were staring at them?

    --
    Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
  2. Re:OpenBSD? by Anonymous Coward · · Score: 3, Interesting

    Yep. That or if OpenVMS if you have Alpha or Itanium hardware. OpenVMS was banned from some of those hack-or-be-hacked competitions, because no one could ever get into them. :)

  3. Re:Linux by gravesb · · Score: 4, Interesting

    I participated in this as a Cadet in 2001. We used a variety of operating systems, including Windows 2000, Solaris, Linux, and Mac OS9. Even back then, the Linux server and desktop client had by far the greatest uptime. Well, except for me, as I was attempting to rebuild the Windows server after they had taken it down, yet again.

    --
    http://bgcommonsense.blogspot.com
  4. Re:NCCDC by fluffy99 · · Score: 3, Interesting

    I've seen to many examples of the NSA having insider information to believe that. We get told to change some obscure registry setting or files and then a month later MS quietly announces an update that fixes the problem. For example, we were had to go into the registry and gut the autorun function entirely instead of just using the GPO. At the time I thought it was a f'd up mandate, but alas 6 weeks later MS admits that disabling autorun via the normal policy did not disable it in certain situations. Think the NSA knew ahead of time?

    Or how about their partnership with Symantec? Where the detections for some zero-day exploits are present in the symantec definitions files long before the zero-day exploit shows up in the wild?

    No, NSA isn't ahed of the game at all....

  5. Re:Linux by MoonBuggy · · Score: 4, Interesting

    Although you jest, I'm actually surprised at how confident and competent the NSA seem here. Maybe it's just an (unfair?) association I've built up that government organisation = technically incompetent, and I know they employ a lot of very smart people, but it surprises me that they were so far ahead of the teams that they could pick exactly what level of difficulty to set their attacks at.

    Seeing at some of the work that's presented at conventions, the brilliantly paranoid security systems that the likes of OpenBSD have, and some of the distinctly embarrassing news stories about the latest government network being hacked by some guy in a basement, I guess I was just expecting the NSA to get more of a run for their money than "Yeah, we pitched it so they couldn't quite win. No problem really."

    I'd be interested to see how a team harvested from the basements of MIT or Caltech would stack up in a challenge like this, actually.

  6. Re:Linux by mikek2 · · Score: 3, Interesting

    As a CGA cadet back in the day, I would've LOVED to have done this. Alas, this was in the early 90's before this competition became reality.

    Alas, the Coast Guard has since completely eliminated the academy's CS major altogether (instead replacing it with some bullshit Op Analysis degree). Talk about being told your services aren't wanted anymore!

    But screw 'em and their horrible decision; I make more than an admiral now, anyway.

  7. What this really shows by WindBourne · · Score: 3, Interesting

    Up until 9/11, the nation's top computer security ppl were NSA. They had responsibility for it, which is why they created and pushed SEL. In addion, they insisted on running SECURED *NIX on all of their important systems. But then W and his staff created DHS and put them in charge of computer security. So far, that group has been a total set of f-ups. I used to work with several of those guys, and they were worthless back in 2000. Absolutely little to no real knowledge.

    It is time to put the NSA back in charge of this.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  8. Re:Linux by Bombula · · Score: 3, Interesting

    I'm actually surprised at how confident and competent the NSA seem here

    No offense to West Point and the other military academies, but I'd like to see NSA take on the top team from MIT, Cal Tech, etc and see how they fare before putting total confidence in the NSA.

    --
    A-Bomb