NSA Wages Cyberwar Against US Armed Forces Teams

Hugh Pickens writes "A team of Army cadets spent four days at West Point last week struggling around the clock to keep a computer network operating while hackers from the National Security Agency tried to infiltrate it with methods that an enemy might use. The NSA made the cadets' task more difficult by planting viruses on some of the equipment, just as real-world hackers have done on millions of computers around the world. The competition was a final exam for computer science and information technology majors, who competed against teams from the Navy, Air Force, Coast Guard and Merchant Marine as well as the Naval Postgraduate Academy and the Air Force Institute of Technology. Ideally, the teams would be allowed to attack other schools' networks while also defending their own but only the NSA, with its arsenal of waivers, loopholes, and special authorizations is allowed to take down a US network. NSA tailored its attacks to be just 'a little too hard for the strongest undergraduate team to deal with, so that we could distinguish the strongest teams from the weaker ones.' The winning West Point team used Linux, instead of relying on proprietary products from big-name companies like Microsoft or Sun Microsystems."

Linux

[sleekware]

Anyone surprised by the OS choice of the winner? It was going to be either that or BSD.

Re:Linux

[Bellegante]

NSA linux : http://www.nsa.gov/research/selinux/index.shtml

Re:Linux

[Burkin]

Whoosh!

Re:Linux

I was involved in the exercise. We used FreeBSD and Fedora Core 10 as our base server platforms. We'd used FreeBSD last year, so we were confident that it would give us a solid base to work from.

According to the exercise directive, we had to run several windows workstations. We used Window2008 as the Active Directory and Domain Controller. We didn't go so far as try the "read only" mode, but W2k8 seemed solid enough for the duration of the exercise. Wasn't easy to get set up and locked down, however.

Re:Linux

[Tom]

I'd be interested to see how a team harvested from the basements of MIT or Caltech would stack up in a challenge like this, actually.

Get their asses handed to them, essentially.

We all laugh about the military and the secret services, but we forget what an impressive amount of things they do that we do not hear about. Sure, you learn about that double-agent fuckup in the middle east and think "how could anyone be that stupid?" - but you never learn about the other 20 agents that never get caught or uncovered.

MIT is an impressive university, and they can floor Vegas with card counting. But the NSA is the largest employer of mathematicians in the world, and is still several years ahead of the world-wide scientific community in some areas of math research, especially cryptography.

They have their share of fuckups, like every organisation of that size. Wouldn't underestimate them, though.

NCCDC

Looks a lot like the National Collegiate Cyber Defense Competition. Any college student team can participate in that one, however, and the NSA or Secret Service have participated in past events iirc.

The competition is a lot of fun, 64 teams last year.

Re:NCCDC

[Atlantis-Rising]

The fact that the NSA was willing to participate at all strongly suggests to me that the NSA was just playing games, and was not in fact utilizing anywhere near their full capabilities in this exercise. Which says something pretty impressive about the NSA.

Kobayashi Maru?

[HaeMaker]

NSA tailored its attacks to be just 'a little too hard for the strongest undergraduate team to deal with, so that we could distinguish the strongest teams from the weaker ones.'

Nobody wins, but lets see how long you hold out.

Re:Linux CNET URL to TFA

[davidsyes]

Cadets trade trenches for firewalls
http://news.cnet.com/2100-7350_3-6249633.html

(if you don't have nor want a subscription to the NYT....)

This part probably is getting lots of attention here in /.:

Cadet Brian McCord, part of the team that installed the operating system, said he was chosen because his senior project was deeply reliant on Linux. The West Point team used this open-source operating system, freely available on the Internet, instead of relying on proprietary products from big-name companies like Microsoft or Sun Microsystems.

But this part probably says it all:

""It seems weird for the Army with its large contracts to be using Linux, but it's very cheap and very customizable," McCord said. It is also much easier to secure because "you can tweak it for everything you need" and there are not as many known ways to attack it, he said."

Re:Not as many?

[blitzkrieg3]

There are plenty of ways to hack all OSs. Maybe a generic underhardened Windows install has more know ways...but how would one even quantify what is know and not know.

When getting attacked by the NSA, I'd prefer to use something that they developed to stem such an attack. And I don't want to hear, "well they developed it, so they probably have a backdoor." The many eyes argument definitely applies, since patches from the NSA would undoubtedly come under much more scrutiny. Espeically since this has yet to be proven for other operating systems.

Anyway, the winning team was using Fedora 8, which has SELinux on by default.

Re:OpenBSD?

[commodoresloat]

Yes I understand this doesn't take into consideration social networking.

Exactly. OpenBSD lacks the kind of application client support for Facebook and Twitter that the NSA has come to expect.