The Mission: Hack High Value Targets’ Devices, Apps and Transmit His Location
A team of cybersecurity students from the University of North Georgia vanquished seven opposing teams from other senior military colleges and elite service academies in an upset victory to win a capture the flag hacking contest staged this week at the National Defense University here.
See Also: AI Impersonation Is the New Arms Race—Is Your Workforce Ready?
The inaugural Cyber Workforce Competition was staged by the Pentagon’s CIO office and modelled after the March Madness basketball tournaments, in which division one college teams compete. The “elite eight” cyber teams were paired up at random into a bracket for three rounds of knock out contests, organizers said.
Teams didn’t compete directly with each other. Rather, each team raced to fulfill the same objectives in the same simulated computer environment faster than their opponent. The winner was the team that completed its objectives first.
In the final round of the CTF Wednesday afternoon, the University of North Georgia beat out The Citadel, the storied Charleston, S.C.-based senior military college, which previously bested first Virginia Tech and then the U.S. Naval Academy to make it to the final. UNG qualified for the final by winning their first two rounds against Texas A&M and then West Point. Other competitors were teams from the Virginia Military Institute and Norwich University.
Like some other senior military colleges, UNG, in Dahlonega, GA, educates civilian students alongside Army ROTC candidate officers.
The contest took place during the AFCEA Cyber Workforce Summit this week at the National Defense University. The aim, said Matt Isnor, the division chief for cyber workforce development in the CIO’s office, was to give students a taste of the kind of work they do if they stay the course and join the military. It also demonstrated the value of practical experience as a way of training cyber skills.
“One of the greatest training mechanisms [in cyber] is to get people real hands on keyboard experience, getting in things like a sandbox or a range to really practice and hone their skills,” he told Information Security Media Group.
Understanding the hardware backbone of technological systems like computer networks is best achieved by direct experimentation, Isnor said, “You need to learn by putting your hands on a network and actually getting inside of it and breaking it.”
The UNG victory was the result of rigorously preparing in advance, said team member Jonathan Farrington, who is in the second and final year of his master’s degree.
“It was down to a lot of preparation beforehand,” he said right after the contest. The team used details about the first-round scenario provided in advance to pre-write scripts to automate some jobs, and outline tasks for each player. “We really put in the work to make sure that when we showed up, everyone had a role to play that complemented each other and we all knew what to do.”
The team, in various iterations, has competed in numerous other contests, which also helped them, added fellow team member Sawyer Shepherd, a senior in the undergraduate cybersecurity program.
“This being the inaugural competition, [none of the teams] really knew what to expect, but because we’ve done so many contests before, I think we came out a little bit ahead in just being able to adapt quickly to whatever challenges that we encountered,” he said.
Speaking before the end of the final round, Citadel Cadet Robert Powell told the summit that these CTF competitions were where students got to “take this knowledge that we learned in the classroom and put it into real effect.”
He personally had failed twice to achieve the goal his team set him for the second round, Powell admitted, “but you learn more from your mistakes than you do your successes.”
After their defeat, a fellow team member who did not wish to be quoted by name echoed that thought, telling ISMG, “It’s all good. The main thing is, we came to learn and we did.”
The tournament was staged by cyber experts from the Air Force Research Laboratory, which famously has run CTF competitions in orbit, at hacker conference DEFCON as part of its Hack-A-Sat program. The Cyber Workforce Competition CTF included a “white cell” of cyber specialists from the National Security Agency, who monitored the contest, tracking each teams’ efforts and providing feedback for them after each round.
“Having an NSA team upstairs watching your actions to see if you’re stealthy, [and providing feedback], I think there’s phenomenal training value in that,” said UNG’s Farrington. Teams eliminated from the competition reviewed their performance with the NSA white cell, in an after action session.
Students’ mission in the first round was to geolocate a high value individual by hacking into his devices and apps, stop him from receiving warning messages from colleagues and provide targeting data for an air strike to kill him. All without alerting him.
The combination of kinetic and cyber elements made the scenario both realistic and difficult.
The target, who was skittish and would abandon his devices and flee if he suspected he was being hacked, initially escaped all eight teams, Farrington said, but in the end the UNG team was able to fix his location and successfully target him for an air strike.
The second round involved leveraging initial access malware – referred to in military cyber-speak as an “implant” – to spread throughout an adversary network, gaining administrative privileges on every machine. In the third round, the teams pivoted from that initial presence into a connected network to penetrate all the machines in that network, too. During these rounds, the NSA white cell would kick out of the network any teams that were too “noisy,” meaning they did something that would, in a real operation, have revealed their presence to cyber defenders. A ejected team could return via their still-functioning implant, but would lose precious time regaining their network-wide access.
Contest designers provided a new tool, called Sliver, to the competing teams for the penetration and data exfiltration, said UNG team member Dagen Shehorn. “So there was a lot of adapting to how that tool worked in comparison to our normal ways of exploiting things. And there was a little bit of a learning curve,” she said.
In these rounds there was an actual, if not literal flag, or series of flags: text strings on each machine the team had to exploit. By grabbing and then presenting the text string, the team would show they’d successfully pwned that box.
UNG has two student teams, an offensive or red-team and a cyber defense or blue team, though members of both participated in the Cyber Workforce Competition, the students said. Between the two teams UNG takes part in 15 or more CTF contests a year.
The Institute for Cyber Operations at UNG pays for the travel accommodation and other costs for the students competing, they said.
Next year, Isnor said, organizers hope to involve not just the elite eight, but the 500 universities across the country designated by the Department of Defense as National Centers of Academic Excellence in Cyber and stage regional qualification contest rounds feeding into final bracket at the 2027 Cyber Workforce Summit.
