ORGANISING contests has become the latest thing for US government projects, judging from the last information pouring out from Las Vegas at BlackHat and DEFCON.
BlackHat is described as a “security conference”, and seems to be qualified as such because people register under their own identities and typically use a credit card or purchase order to pay large sums of money for a couple of days of training. DEFCON is a “hacker’s event” where people aren’t required to do anything other than shell out $100 and not light the aging conference venue (The Riviera Hotel) on fire with some stupid stunt.
At BlackHat, the Department of Defense Cyber Crime Institute had a tabletop display pumping the DC3 Digital Forensics Challenge. The challenge invites the digital forensics community to “pioneer new investigative tools, techniques and methodologies.” Each participant or team will receive several challenges dealing with the extraction or recovery of data, including such fun sports as steganography, password cracking, image analysis, media repair and recovery, data carving, and data recreation/extraction.
Participants must be US citizens, living within the continental US to participate, a fact that will likely annoy anyone in Alaska or Hawaii. Teams may consist of no more than four members and individuals may only participate on one team. Scoring of the challenges will be based on the number of challenges completed and the time taken to complete the challenge(s). The winning team will be awarded an all-expense-paid trip to the 2007 Defense Cyber crime Conference in St. Louis Missouri and a plaque and a pat on the back at the conference. It’s a bit of a cheap award considering they’ve got a reward of $25 million on info leading to Bin Laden.
Over at DEFCON, results for the National Collegiate Cyber Defense Competition (CCDC) were being reported. Five colleges participated, including Millersville University, Southern Illinois University, University of North Carolina – Charlotte, and University of Texas, San Antonio, plus a team from one of the U.S. military academies. UNC-Charlotte won the contest, which consisted of a team “inheriting” an operational small LAN with lots of business applications. Teams had to keep the network running while finding the “holes” in it and patching them before a private industry “Red Team” takes them down. To keep things interesting, various “business injects” – that is what the boss wants done yesterday – such as password/user ID updates and new applications are also thrown into the mix. Since the sponsoring organisation, the San Antonio-based Center for Information Assurance and Security (CIAS), is a grant-based organisation, it receives some support from the Department of Homeland Security. Like most grant-based organisations, that’s barely enough to pay the bills, so further support for the CCDC had to come from private industry in the form of hardware, software, or cash. Among the non-geek sponsors were Pepsi, Kentucky Fried Chicken and Taco Bell.
News source: THEINQUIRER