NSA Day of Cyber

Beginner Internet Cyber Challenge Description

This initial Beginner Cyber Challenge contains a short number of general cyber security technology questions that students usually find interesting. Experience has shown that more than 80% of the students successfully complete this initial level and it serves well to inspire them for continuing onward with their studies, and possibly onward into more advanced levels of cyber challenges.

Students will be presented with problem descriptions, clues and hints that will guide them in solving a given problem.

Purpose:

Designed to directly relate to, and extend, the Cyber Situation that was presented during Part 1 of the NSA Day of Cyber.

Student Suitability:

Inspirational in nature. Students are introduced to wide-ranging topics that represent a superficial sampling of typical problems encountered by cyber security professionals.

Students of any age level* may participate and be successful in determining the correct answers. (* Note that the NSA Day of Cyber web platform is able to be run independently by students of age 13 and beyond.)

General Skills Needed:

No prior cyber security experience is required. A student merely needs to have an inquisitive mind, some familiarity with Internet search techniques, and some “grit” (perseverance) in order to ultimately find the sometimes-hidden answers.

Skills Encountered / Exercised:

Internet research techniques.

Basic introduction to the terms, principles and concepts of general computer and network administration. Refer to next section.

HW7a: 5/2017 1

Skills The cyber technology topics shown below are the skills associated, either directly or tangentially, in solving the Beginner Cyber Challenge.

Skills Associated within the Beginner Cyber Challenge:

Terrorism (messages, malware, payloads) Morse Code (encryption/decryption, alphabet recognition) Geo-location Coordinates (finding locations from latitude & longitude) Telephone Keypad (codes from alpha characters on phone keypad) UAV (Drone) Types & Flight Characteristics Simple Satellite Orbital Characteristics Computer Basics (number representations) Linux Operating System (origin, basic commands) Simple Programming Concepts (Python) Basic Cyber Security Concepts (malware attacks) Passwords & Ciphers (Base numbering systems, Shift ciphers)

Solution Methodologies This section suggests some basic approaches that teachers could use for guiding students in researching, evolving and stating their solutions of the Beginner Cyber Challenge.

Generally at this level, with no prior cyber or IT experience being assumed, much of the solution methodologies depend on common sense and good use of Internet searches, sprinkled with some common tools available in computers.

The Question Description

At times, very good clues are contained within the question statement itself. Have your students carefully read that statement to ensure that they really understand what is being requested. If they do not understand a word or phrase, have them Google it to better understand the meaning and context.

Remind students that challenge questions are worded at times with a “humorist’s perspective”.

For example, they should be on the lookout for double entendres (puns) and

words/phrases that actually have additional meanings. Asking “Why was the question posed in

this way?” could well lead more quickly to the right or desired solution.

HW7a: 5/2017 2

Google Searches

Cyber professionals often make heavy use of Internet searches on keywords, concepts, phrases

and general topics contained in the questions and hints that are provided. A concept of “everything has been done already by someone else” is quite prevalent in industry, and Google is a tool that most professionals start with to see if some prior work exists on the problem being posed in the challenge.

Note: As is often cautioned in writing assignments, it is important to remind students of the perils of plagiarism, and advise students not to directly copy someone else’s answer or approach to a question, but instead use it as a stepping stone to further information, or to developing their own understanding of the problem being solved.

Also, it is important to remind students that information posted on the Internet is not always true. Again, search results should be used as a guide to finding additional (corroborating) details on the challenges question, and/or developing one’s own better understand of the underlying cyber mechanisms at play.

The Challenge Context

The purpose of the Beginner Cyber Challenge is to extend the overall NSA Day of Cyber, and as such the questions relate to the context of the theme or “cyber situation” presented during Part 1 of the cyber experience.

Software tools

Most students have various applications on their computers that would help in solving the Challenges. Like the Internet browser, applications in the Microsoft Office suite could well assist in certain types of challenge questions. For example, Microsoft Word has an auto-fill feature that could assist in fill-in-the-blank questions. Excel’s readily accessible tabulation functions may help with averaging data to help point to a correct answer.

Simple online tools, which are often mentioned in the Challenge “hints” menu, can help in number conversions or IP address translations. Web-based “password cracking” programs are usually surfaced with quick Google searches on the topic.

Summary

Solving cyber challenges is much like playing the role of a detective, using all the techniques available, gathering clues and related information, making some sense of that data, and (at times) making a leap or connection of the information that ultimately points to the right solution.

HW7a: 5/2017 3

CIS 50 – Intro to Computer Information TechnologiesHW7a: Internet Research NAME: _____________________

Date: _____________________

Internet Skills: Copy pages 4 thru 9 into a new MS Word document, save this file using the filename: your_name_CIS50_HW7a_InternetSearches.docx Insert your answers into this document. Submit the assignment via Canvas

Internet Searches:

Google Search, commonly referred to as Google WebSearch or simply Google, is a web search engine developed by Google. It is the most-used search engine on the World Wide Web, handling more than three billion searches each day. 

~ Beginner Internet Cyber Challenge ~

CHALLENGE 1: Dot and Dash to a Conclusion

Description:

This is a word game whereby the student enters the correct malware name (from available choices) based on the descriptions given.

Codes have been used for thousands of years to convey secret information, or to efficiently send messages over horseback, wire and radio airwaves.

Here is a coded message that the NSA Day of Cyber team intercepted while listening in on terrorists who were intent on "stealing" the drone.

Once you figure out the type of code being used, invented by an artist named "Samuel" in 1836, you can go on to start unraveling the terrorist's evil plot concerning the U.S. drone that is currently in flight.

Question #1 : Decode the following message

-.-. .... .- -. --. . / -.. .-. --- -. . / .-. --- ..- - . / - --- / ...-- ....- .-.-.- -.... ---.. ----. -. / -... -.-- / -.... ----. .-.-.- ...-- ..--- ....- .

Answer: The Morse Code message says: _______________________________________Hint #1:

Invented in 1836, the Morse code is a method of transmitting text information as a series of on-off tones, lights, or clicks that can be directly understood by a skilled listener or observer without special equipment.

Hint #2: Use the International Morse Code Table to determine the message being transmitted in dots and dashes ... https://en.wikipedia.org/wiki/Morse_code

HW7a: 5/2017 4

Question #2 : What major city and country is this near? ______________________________

Hint #1: The numbers in the message correspond to the latitude and longitude coordinates on a world map. This "address" works well in Google Maps.

Hint #2: If you zoom out in Google Maps, you will see a number of cities in Afghanistan. The major city closest to the "lat/long" numbers is the one you are looking for.

CHALLENGE 2: Tone Deaf

Description:

Here is another clue intercepted by the Day of Cyber team while monitoring a telephone call. See if you can figure out what the main subject of interest is for these bad actors.

Question #3 : Translate these numbers into a word 7-777-666-9-555-33-777

Answer: ____________________________________Hint #1:

Have you ever noticed how there are letters on the keys of most telephone keypads?

Hint #2: The first letter on a keypad is accessed with a single press, the second letter with two presses, etc. For example, the message "HELLO" is thus represented by the following digit presses: 44-33-555-555-666.

Question #4 : How high is this satellite orbiting?

Answer: ________________________Hint #1:

"Orbital Altitude" indicates how high a satellite is ... Try searching on this term to find how high PROWLER is orbiting.

Hint #2: All satellites in "geosynchronous orbit" have roughly the same altitude. Searching on this term will also yield the correct answer.

HW7a: 5/2017 5

CHALLENGE 3: Name That Drone

Description:

The Day of Cyber team is hot on the trail of a drone that is being taken over while in the air by a group of terrorists. They need your help in determining the type of drone that is being commandeered. See if you can determine some details about the drone.

Question #5 : What is the name of this military drone?

Answer: ______________Hint #1:

Try doing an Internet search on "military drones" to see if you can find one that looks like the one shown here.

Hint #2: This "unmanned reconnaissance aircraft" belongs to the U.S. Air Force.

Question #6 : Which U.S. aerospace company is the manufacturer of this drone?

Answer: ______________Hint #1:

Try searching on the drone's name to find out who makes it.

HW7a: 5/2017 6

CHALLENGE 4: The Caesar Cipher

Description:

The terrorists have encrypted their command message into the payload of the communications channel. You must decipher it in order to figure out what they are intending to do.

(Sample Caesar Shift … one of many types.)

Question #7 : The cipher text is: JOUFSDFQU ESPOF BU 1256 IPVST

Answer: ______________Hint #1:

If you need help, the online cipher decryption puzzle called "Solve a Cipher" can be used to crack this straightforward "shifted character substitution" cipher … http://www.cryptogram.org/resources/solve-a-cipher

Hint #2: A good starting point for figuring out a "shifted character cipher" would be to add or subtract 1 to each character in the cipher.

For example the characters in "hello", when each shifted UP by one, would yield "IFMMP". (H becomes I, etc.)

Question #8 : What time do the terrorists plan on taking control of the drone?

Answer: ______________Hint #1:

AM in military time is from 0000-1159 hours. PM is from 1200-2359 hours.

HW7a: 5/2017 7

CHALLENGE 5: Being a Capabilities Development Specialist

Description:

The CDS is the development engineer on the Day of Cyber team who rapidly develops special purpose software to help capture and decipher adversary data. She is able to quickly provide custom software to protect field assets, as well as to enable data collection from adversary networks.

She needs your help in some basic issues confronting the team while she is working on developing a special software program.

Please see if you can help her out.

Question #9 : How many bits are in a byte?

Answer: ______________Hint #1:

A bit is the smallest unit of data in a computer. A nybble has four bits. A byte has two nybbles.

Question #10 :

What is the name of a popular high-level computer programming and scripting language that is the name of a snake?

Answer: ______________Hint #1:

Search on "computer languages" to see if any sounds reptilian in nomenclature.

Hint #2: "Monty ____ and the Holy Grail" has absolutely nothing to do with software development.

Question #11 : What is missing from the simple Python program below? (The blank is where the missing word would go.)

Answer: ______________Hint #1:

To determine the missing word in this simple Python program, try entering and running the program at Codecademy ... https://www.codecademy.com/tracks/python

Hint #2: It is good programming practice to define variable names before using the variable name in the program.

HW7a: 5/2017 8

CHALLENGE 6: Being a Cyber Network Operator

Description:

The CNO provides the network skillset with cybersecurity expertise for the security of networks used in the CTC as well networks used by adversaries. Secure network perimeters within the Day of Cyber enable top secret operations to be performed with confidence.

He is currently focusing on another problem and needs you to help deal with some new incoming issues.

So put on your thinking cap and see if you can indeed lend a hand.

Question #12 : Who is the creator of Linux?

Answer: ______________Hint #1:

Search on it ... The answer may surprise you!

Question #13 : What Linux command is used to change file permissions?

Answer: ______________Hint:

Google search on the question.

Question #14 : Once the terrorist's IP address is determined by the Day of Cyber team, what command should the CNO use in blocking their access to the system?

Answer: ______________Hint:

"Blocking IP addresses in Linux" can effectively block address from the computer.

HW7a: 5/2017 9