Cyber Defense Exercise 2011 Video Transcript
MALE VOICE: The wealth and treasure...
The wealth and treasure of the United States is carried
((ECHOES)) carried...carried on our cyber networks
((ECHOES)) networks... networks...
MALE VOICE: We have an active enemy trying to get into our network everyday.
VOICE IN SCENE: What's going on here? What is...
MALE VOICE: We know how to sort of secure physical assets... we put walls up, we put fences, have guards. Now we just sort of figuring out how to translate that to the digital realm, and put those same fences and guards up to protect people from getting in.
MALE VOICE: this is critical for us in the future.
MAN IN SCENE: Guys, time is live, pick it up...
RED CELL GUY 1: The time just started at 9:00 am. We're going to wait until about 9:10, 9:15 before we start anytime,so they'll be a little anxious on the other side.
CANADIAN RED CELL GUY: Then once they spend about ten minutes easing in and relax themselves and figure it can't be that bad, then it'll go really bad.
RED CELL GUY 1: They're just waiting. They don't know what to feel. A lot of them probably don't have all their services up and running. Probably haven't found all the vulnerabilities.
INTERVIEWER: Like the uh...anticipation is worse than actually the event itself?
The event will be much worse than the anticipation.
((MUSIC SWELLS, EXPLODES,AND FADES OUT))
PARTICIPANT'S VOICE: Someone please explain to me why everything died?
((ROCKING MUSIC KICKS IN))
RODRIGUEZ: So we're starting the Cyber Defense Exercise and right now we're preparing our defense.
We've put together our network,the NSA tries to break into that network and we try to defend it.
Two different categories: the undergraduate schools compete against themselves and the graduate schools compete against themselves... uh basically for bragging rights and a trophy at the end of the exercise. GRAY CELL is kind of doing the insider threat. They're supposed to be a normal user on the system, but they could be clicking on links, going to web pages,downloading files, you name it, unbeknownst to the administrators.
Historically, this has definitely been an Army dominated competition.
We lost last year.
Definitely hard to see all of our work sort of go wasted and have the trophy go back to Navy. It's going to be nice to beat Army again, but our focus is on learning the techniques so that when we actually do graduate, we'll be able to defend a network. Last year we were close. e did pretty well last year. But this year I would love to win.
We have our trophy case back there, just looking at it,hoping that we will be able to put a trophy in it this year. Our biggest rival, probably in normal everyday academy life would be the Merchant MarineAcademy with West point and Navy up on a pedestal winning the competition I think they're really the people we should look to rival with.
And kind of be at the level of excellence that they're... they're at right now. I expect the grad schools to all do very well.
On the undergraduate side,if you like to pull for the underdog, pull for the Merchant Marines.
((MUSIC SIZZLES OUT))
I just breathed in some mustard.
Today is March 31st, and we have uh three short weeks.
We have one or two more guys but this is it.
((SARCASTIC TRUMPET RETORTS))
Right now, we're still a little bit behind, but the steam is picking up.
Our biggest weakness right now is knowledge. And again, that comes from here where we study ships. A lot of this is new to me. I actually just got back from sea two weeks ago.
I was out on a ship for a hundred days.
((SWANKY 1920S TRUMPETED))
We do have a member who specializes and trains in their architecture and hardware and... Doesn't really help out too much, but it gives us a good chuckle here and there.
The team goal would be to enter the competition strongly,have a well prepared system and uh hopefully place... somewhere... and not last.
((MUSIC CHIMES OUT))
RED CELL MAN 1: How well can you defend?
RED CELL MAN 2: We live to do this. This isn't just our job.This is our passion.
RED CELL MAN 1: How well can you react?
RED CELL MAN 3: They'll know they're screwed when they see a whole bunch of notepad screens keep popping up and they have no control over stopping it.
CANADIAN RED CELL MAN: How well can you discover a compromise, clean it out,reset and carry on?
RED CELL MAN 2: We're going to take anything we can get into and we'll just destroy it. You can't replicate this in the real world... Or you could try, but people'd go to jail or get sued. This year's theme is going to be fighting through cyber adversity. And uh we're really looking forward to an outstanding competition.
Good luck to all.
The first thing that we anticipate happening is the malicious software on the workstations that have been pre-setup by the NSA.
We expect that software to start calling back to the mothership.
Once that happens, then the attackers can get right onto our boxes and start using those boxes then to launch attacks from within the inside of our networks. Right now, NPS is struggling a little bit. It's been really chaotic. In fact, we're still trying to get a couple of services up and running.
The essence of the exercise is we were supposed to be providing a service to the user and we're unable to do those things when crap breaks.
We are being attacked by the NSA.
I've got two sessions on NPS right now... If you're seeing this later, hi guys!
That would be an understatement. And now my keyboard's not working.
((POWERFUL MUSIC RAMPS UP))
Scores should update soon. I think we'll see that AFIT 2 is having problems.
We got access to one of their workstations and we ran an implant on that workstation and even if they reboot and so forth, that implant will stay there and allow us to have access to that machine the rest of the exercise.
Hopefully. As long as they don't find it. Right now, we're at the phase where they're trying to do reconnaissance.
They're trying to understand what we have open...
Like, we're not seeing that many payloads, we're just seeing,like, mapping right now. And that makes sense.
RED CELL GUY: We just got Coast Guard. We detected a... a computer on our subnet that shouldn't be there.
I think it was the uh, GRAY CELL... initiated a "man-in-the-middle" attack and it grabbed one of the IP addresses, so GRAY CELLis doing us in right now.
So, we know that computer is compromised. Or, we're really pretty sure it's compromised. And we're getting a lot of action going on.
Let's see. Oh Boy.
We've had everything up the whole time.
And yet, Coast Guard has a lot more points than us, so we're trying to figure out why. We haven't been compromised.
They could... they've they've... from that for us...which is good.
So we're in second place against USMA, who's way in the lead.
We're looking at the live board and right now, we're trying to beat Navy, they won last year. We definitely want to beat Army.
'Cause we don't like Army.
We think the GRAY CELL might have put down some stuff that he wasn't supposed to and gave theRED CELL the ability to make a bunch of web requests to a bad web site that may or may not have gotten into one of our computers.
We expect them to be a lot... a lot nastier tomorrow than they were today. Today they were just trying to get in and hide.
INTERVIEWERS: You're two hours into the exercise, how's it going.
Not very well.
((MOURNFUL VIOLIN MUSIC))
Oh god, the passwords...
Last year we had a problem with losing our passwords. And this year, we have had no problems with losing our passwords.
We will not lose them.
Just a matter of... if we'll be able to type them.
In a stint to make it like really safe, we decided to go with all sorts of charact... well, not we... one guy on the team who was designated to go make all the passwords.
The only problem with these passwords was that they were so long and arduous...
They were so secure,I should say.
I myself could not use them.
I had to have a password assistant to type them in for me.
Did you use the"one" for an "I"?
No one could type them in.
I mean, it was like, reading his handwriting was a pain, and then after that it was just typing them in. It was like, it's wrong.
You typed what it said on the page, but had to type it back eight times. If I pounded on the keyboard with my fists I'd probably get the same results. Being in third place right now is a victory for us. But it's early in the competition.
I don't expect it to last that much longer.
Someone, someone decided to tell him to change all the passwords and they're all just as hard as the first one he did.
So no one's been able to log into just about anything.
Yeah, we actually got inside the Merchant Marines. What they did was they ended up putting TOKEN AGENT actually on the proxy and left the SSH password... the default password.
INTERVIEWER: Is that good network security.
Good for us. Bad for them.
The current debate regarding our GRAY CELL administration techniques is whether or not we installed software on the GRAY CELL boxes.
I believe it's USMA is actually running an interpreter in the back to watch everything that's running, that's going on, so they can see everything in real time. That's being debated right now, whether that's actually legal or not. So GRAY CELL ended up finding out about our administration techniques based on how vocal we are.
We are re-hooking our clients right now.
Ok. Give me a minute.
Basically, what we ended up doing was essentially breaking into our boxes to keep other people from breaking into them. So there's not any actual process running, it's just running inside of RAM. And we didn't actually install anything. To me, that's actually pretty damn impressive.
((MUSIC ROCKS IN))
The six teams that we had,when they left at 10 o'clock, we really tore them apart throughout the night. Night crew was very busy. They managed to get in and infiltrate a vast... vast number of boxes.
We have' em bad right now.
They need to just hope and pray that the other three schools fall today, because I'm not sure they're going to be able to catch up at this point.
INTERVIEWER: What needs to happen today for you to be a happy man?
We need to get into West point,the Air Force Academy, and AFIT 1.
Uh, we're doing great.
Everything is going as planned.
Our network is fully secure. And uh we're winning.
I think this will progress over the next two days and we'll continue to see NPS at the bottom of the scoring ladder and AFIT at the top. This is the overall point standing. That's why I don't want to show you. Cause we're not doing very good. I'm looking for any files that they might have changed. So I have to make sure that they aren't already on my machine, which I don't know.
We definitely had some intrusions yesterday and it was not a good day for our workstations at all.
Uh, they got... they got hammered pretty good.
We're not doing too well in terms of scoring. We're running on one zero hours of sleep.
By that I mean...
I'm in binary right now at this point.
Four watches. Four attacks repelled.
You know what they call that in the biz?
A thousand percent.
We learned that at least two of our workstations were compromised and on the Windows machine there were a lot of processes that we couldn't control whatsoever.
For Merchant Marine I have no idea how you do this with two people.
I have to say, I'm a big fan of small teams and I love underdogs.
And so Merchant Marines...
I'm actually really proud of them. They are mounting a true defense.
((ENERGETIC, EMPOWERING MUSIC))
I go in there and people are running around and uh, I go to people,like "what's going on?" and I learn, like, half our stuff is crashed.
We're trying to get running. He gives me a task. So I immediately take what he told me, which I have no idea what it is, type it in Google, hit "How To," hit...click the first link, breathe through and just go at it.
I will look that command up.
At one point we got a call and apparently they were sending data using our our servers toAir Force and we had no idea it was going on so, we were trying to figure out what was going on, but we don't know how to use all the programs. Compared to where we were two weeks ago... like, the fact that most of us knew nothing, we're doing great. We fluctuate between last and second to last. Hell, if we get second to last, I'll be thrilled.
So the strategy against the three schools that we have not gotten into today is we're really going to target those GRAY CELL users that we have inside of their networks.
We're going to do some social engineering of those guys and try to kind of figure out what's going on on the network in those three schools that's preventing all of our exploits from working.
((LYRICS: What, say what...))
SL Wiki's done... They're DNS server went down. It started to heat up around three o'clock is when we were seeing more and more activity.
Yes, because they copy the badge file...
He copies the badge file and then he's coping... All of the sudden they started coming faster and faster... more and more. Yes, I know.
RED CELL GUY: We found a part we could egress traffic on.
We send some stuff over to the GRAY CELL folks.
First time, they disconnect us real quick. And we thought that certain IPs were kind of off limits and they were able to browse to those without issues and ended up having some hooks on those web pages.
Second time, we had a little bit more time. We were able to get the token. We were able to get an implant up. Hopefully, we have persistence.We don't know yet.
Our comrades our bleeding out all over the network out there.
Fragmented packets everywhere.
Nothing reached in the destination.
HOLD THE LINE!
West point's been saying for years that we have not gotten them during CDX, right?
We got West point.
USMA normally brags that we're never on their box. We found an egress port. So we grabbed the token really quick and scored on them, so, you guys went down!
I can't kill Internet Explorer.
It was uh... it was,you know, challenging, but a good learning experience to realize where your vulnerabilities are and be ready to strengthen them for the following day of competition.
Everyone's been hit except USAFA right now. There was a huge flow around seven, eight... and then there was another huge flow around nine or ten.
And then they died down and there hasn't been really much since.
So we're just sitting around,twiddling our thumbs hoping we're not getting attacked and we don't know it.
I think students getting active on the forensics challenge is probably the bigger story of the minute right now.
Each year the students are required to conduct a forensics analysis on a... on an image or on a collection of images.
It's kind of a treasure hunt, you know, in the digital world, we have to find various things in there. We'll write reports and we'll send the reports back up and get points for all the different things that we find.
This represents ten percent of the overall score. And they have until 10:00p.m. tomorrow night and then at 10:00 p.m.,we freeze everything and the score you get is the score you get. I think that the forensics is really what's going to close the gap between us and Air Force. They're our ace in the hole right now.
And we're just hoping thatUSAFA doesn't have the forensics powerhouse that we have.
Your boys in the forensics room are kicking...((MUSIC PULSES))
We just received an image for the general's laptop.
One of the tasks that's gone on today is that they've had a laptop image that's been delivered to all of the schools.
And it's supposed to represent the laptop of a General who's coming in to the uh... the unit and they need to integrate it into their network.
The General's password uh, SCUBA DAN. It's a nice secure password. It's fantastic.
And it just so happens that we've managed to pre-implant some backdoors into that laptop.
We're actively seeking to restore the General's cyber experience.
What the hell is this?
((CENSOR BEEPS)) Do you want to read Chinese?
Shut up?((CENSOR BEEPS))
I want some coffee.
So we got those two additional challenges for us today. In addition to all of the bad guys ramping up their attacks.
As you know, we started out today, we had all but three teams, right?
We're into the Military Academy at West point pretty good now.
We've gotten into AFIT 1, so tomorrow we're gonna try to go in and get that last team and try to make it a clean sweep.
I'm going after USAFA,the only school we haven't gotten anything on yet.
So, it's been a headache all day.
Not yet. A little frustrating.
All right. Take her easy.
((MUFFLED VOICES CHATTING))
((LYRICS: Getup, get out of your bed now! You're wasting your time. 'Cause it's a beautiful day now, it'll be just fine, cause the sun is out now, we're ready to rise and shine...))
RED CELL GUY: I think the current day is Thursday.
It's Thursday. Today is the day we're going to have some real fun with them.
And the time is around 9:00 a.m.
I got some sleep. But it actually made it worse. I should have just stayed up. I just took a Five Hour Energy and fell asleep twenty minutes later.
How's my camera face today? Is it looking good?
INTERVIEWER: It's looking great.
It's the last day of CDX.
AFIT's holding strong.
All we need to do is close the deal and win this thing for good.
((LYRICS: You'd rather stay home alone in the dark.))
A lot has gone horribly wrong today.
John... was rubbing up against a power line, shocked his leg...
((LAUGHS)) really badly.
And that's when we lost a team member.
((LYRICS: Ah, that's what you are. Ha ha!))
We're trying to still shoot for third place, but it's only a matter of time to see if that's going to happen or not.
((LYRICS: Maybe there's a place that we can go...))
So we have this computer and there's so many pieces of malware on this computer.
It's like if you jumped in to a lake in the Amazon and you came out full of leeches. You know, it's like,where do you start, you've got a ton of leeches on you, where do you start pulling them off?
One at a time...one at a time...
Oh, my god. It's just.
((LYRICS: Get up, get out of your bed now. You're wasting your time. It's a beautiful day now...))
We're up there,right near the top. So it's anybody's game at this point and we really think that today is going to be the day that we pull it off.
((LYRICS: The sun is up now,we're ready to rise and shine.))
People ask, "why do I do CDX?"
((CHOMPING AND SMACKING))
For the women.
We're rock stars out there. That's all they can talk about on campus. The CDX team.
INTERVIEWER: Looking at the scores, USAFA is in the lead.
Is there any chance that they're going to relinquish that lead at this point?
Well, it's still possible.
I mean, they've done a good job so far of uh... of closing down tunnels and keeping us out.
But I know that the uh group over there is working on some exploits right now,trying to get them finalized. And uh, you know, if we can get something started all we need is a couple of minutes to get stuff on their box and running and those scores can start dropping real quick.
Yeah, but it still... it still seems really fishy that we have traffic coming fromARMY that we should not. Send them to Port 25 so it's like they're sending email. So someone's spoofing headquarters right now? Hey, a hundred just popped up.
It had been really quiet. And we started getting floods of packets into our system. We're trying to make the FatMan and Little Boy of CDX.
Everything just really,really got exciting... all at once.
You want that on your e-mail?
So why is that not showing?
((MUSIC RINGS OUT WITH A BANG))
Air Force Academy was the last to fall. And managed to make it a very,very close contest coming down to the end.
((MUSIC: JOHNNY COMES MARCHIN' HOME AGAIN))
Air Force Academy and West point: neck and neck.
Last time I checked,they were really close, maybe a point, a point and a half between each other. So it should come down to the forensics. The forensics challenge is actually going to decide it.
I don't know.
I really don't know how the forensics guys did.
They got all the answers... pretty confident on some of them... may have had to guess,but I think we did well.
Definitely, forensics came in strong for us.
Your boys in the forensics room, are kicking...
We're about forty-five minutes from the announcement.
We already have the web cam feeds set up over there... over to NSA to see who wins the trophy.
We have a trophy case as well; hopefully, we'll be able to put it in there.
We've already sent them a return postage stamp.
So. We're getting this trophy back.
Without any further ado, I'd like to uh get the announcement for the graduate school award...
And even if we lose, which is looking likely at the moment, uh, at least we're learning something in the process, which is really the whole the point.
And the winner of the 2011 Cyber Defense Exercise for the grad school, is the Air Force Institute of Technology Team One.
Now, moving on to the undergraduate...
Winning this competition is going to mean a lot to us. We really want to prove that we belong and, although we have won it in the past, we really want to get this trophy back.
The academy winner in 2011 for the Cyber Defense Exercise is...
The United States Military Academy at West point.
((FUNKY GOSPEL MUSIC))
Overall, it was a huge win for the nation that we're developing students and officers that can fight in this domain.
And fight well in this domain.
And we were excited to seethe valiant effort the Air Force Academy brought to the fight as well. And it was gratifying to see that the other academies are working just as hard as we are to develop their skills and it's really an encouraging sign for our nation's defense.
((FUNKY GOSPEL MUSIC CONTINUES))
Even I have heard the McArthur quote, "that on the fields of friendly strife are sewn the seeds that on other days and other fields will bear the fruits of victory." Clearly, fromWashington's cape, we had such a day on such a field yesterday.
NSA conducts on an annual basis a Cyber Defense Exercise. We pit the best and the brightest against the National Security Agency. And for the sixth time in eleven years West point won. Best of the best.
I would ask you to then give your final and real round of applause forCadet Mitchell and his team,the winner of the 2011 Cyber Defense Exercise across the service academies. Well done.
((FUNKY GOSPEL MUSIC CONTINUES))
The reality is, five years from now,if the guys who went through this learned something,it could help defend our nation.
Then we all win.
Date Posted: Jan 5, 2012 | Last Modified: Jan 5, 2012 | Last Reviewed: Jan 5, 2012