Air Force ISR Agency   Right Corner Banner
Join the Air Force

News > ISR network 'hacking' challenge highlights DoD conference
ISR network 'hacking' challenge highlights DoD conference

Posted 6/3/2009   Updated 6/3/2009 Email story   Print story


by Wayne Amann
AF ISR Agency/PA

6/3/2009 - LACKLAND AFB, Texas -- Air Force Intelligence, Surveillance and Reconnaissance Agency professionals showcased their expertise in a competitive setting May 18-21 during the 2009 Department of Defense Intelligence Information Systems Worldwide Conference in Orlando, Fla. 

Members of the agency's information technology/communications directorate (A-6) partnered with the Defense Intelligence Agency Information Assurance Group to conducte a capture-the-flag challenge as an educational experience for the more than 2,000 attendees at the conference. 

A typical capture-the-flag competition is a computer security war game during which each team is given a machine (or small network) to defend on an isolated network. Teams are scored on both their success in defending their assigned machine and on their success in exploiting other team's machines. 

The event emphasized using existing computer security technical knowledge to find "flags" (vulnerabilities) within an isolated network, instead of going head-to-head against other teams. Competitors were shown the other side of security through the hands-on education and training to heighten security awareness. 

Participants found as many flags as possible over the four-day period using a penetration testing tool. The tool gave the contestants various functions including security scanning, password cracking, protocol analyzing and packet sniffing, plus wireless, database and forensics tools. 

The darkened capture-the-flag room, complete with strobe and flashing red lights, was equipped with more than 30 laptop computers positioned around an event administrator command post. A video display of humorous and musical selections distracted the participants, creating a more real-world situation. 

"Attacks aren't always organized, disciplined or well resourced, but are often aggressive and consistent. Some are extremely sophisticated, but many aren't," said Kevin Odom, chief of the A-6 Security Operations Division. "They both however are an ex-filtration of critical and sensitive information and implantation of malicious software. Insiders remain the biggest threat to classified and unclassified systems and networks." 

Challenge coordinator, Tech. Sgt. Richard Shepard, from the agency's Intelligence Information Systems Certification and Accreditation Team, and seven other team members ran the successful competition. 

Staff Sgt. Kasey Kehbiel and Senior Airman Marc Westbrooks, from the A-6 Detachment 4, also refined a real-time, Web-based scoring tool, originally designed by the 33rd Information Operations Squadron, to provide up-to-the-minute scoring, showing as "confirmed" or "incorrect." Flags were found and decoded, then displayed on the scoreboard wall. 

Raytheon employees took first place in the team and individual categories at the conference. 

"Our goal was to test the abilities of DoDIIS security professionals. [Raytheon] did an outstanding job and demonstrated the need to continue our great relationships we have with our DoD community and partners," said Paul Woeppel, the agency's chief of the Air Force Sensitive Compartmented Information Certification and Accreditation Branch. 

Capture-the-flag competitions were popularized by the hacker conference "DEFCON."

No comments yet.  
Add a comment

 Inside AF ISR Agency

ima cornerSearch

Site Map      Contact Us     Questions     Security and Privacy notice     E-publishing  
Suicide Prevention    SAPR   IG   EEO   Accessibility/Section 508   No FEAR Act