18/11/2017

Cyber Security Challenge UK Masterclass

This week saw the 7th CSC Masterclass take place at BT's headquarters in London, and I was luck enough to have earned a place amongst the finalists after the PGI face to Face earlier in the year.


The competition was headed up by BT, but the National Crime Agency had organised the first challenges for Sunday evening. We had been recruited by international shipping company Fast Freight Limited to gather evidence about a recent intrusion into the company's systems, allegedly by the ex-CISO John Smith.

We had a tip-off that an anonymous source had some dirt on Smith, so we headed out into the streets of London to make the exchange. While we were sitting on a park bench at the rendevouz point, a man came up to us and started asking for directions to St Pauls. While we were talking, he passed us a USB stick underneath the map he was holding. The game was on.


At this point the bad guys were on to us, and we had to try and escape our tail as we made our way across the city to meet another contact. Unfortunately for us, those surveilling us were NCA officers who were (surprise surprise) rather good at their jobs. We thought that we had done a good enough job, changing jackets, splitting up, and ducking down side streets, and yet they were still photographing us. Despite the fact that they never let us out of their sight, we had no real idea who had been assigned to follow us.


After collecting the information from the source we headed back towards the hotel where we were staying, we loitered around the Tower Hill monument for a while. Mid-skulk we were interrupted by a police officer who told us that there had been reports of people dealing drugs in the area. Uh oh. At this point the copper began to search us, and just as my brain arrived at the conclusion that something wasn't right I saw my teammate drop the USB stick into the offered evidence bag. At this point the "policeman" books it off into the night, never to be seen again...


The technical part of the competition wasn't anything special, but the other things around it were what made the event special. Airbus had set up a robot arm to represent the freight part of Fast Freight Ltd., and when we got hacked by the BT red team a klaxon proceeded to go off, followed by the robot arm demolishing our little shipping containers and dancing. Finally, on Tuesday afternoon we had compiled enough evidence relating to Mr Smith to take the fight from the forensics lab to the courtroom. BT had brought in a group of Barristers to make the whole scene come alive. This was great until they started to cross examine us, and like the surveillance officers they were rather good at their job!


Overall, the challenge was a lot of fun, due largely to the fact that they paid so much attention to the details around the technical core that every CTF has. From the clandestine romp around London to the Raspberry Pi we found glued to the underside of our team's table, at every turn we had to think like people who really were investigating an insider threat. And that, in the end, was what made the three days we spent in London something really special.

Posted by at