Military cadets play cybercops

Students defend against hackers

Sitting in a room draped with camouflage netting, U.S. Military Academy Cadet Lorilyn Woods noticed an irregularity in the information streaming across her computer screen Tuesday.

Lee Ferris/Poughkeepsie Journal U.S. Military Academy cadets Lorilyn Woods and Dan Arnett participate in an exercise Tuesday testing how well cadets could defend a military computer network from hackers.

Someone had broken into an Army computer network and helped themselves to the master password list.

''They have administrative access, which is a problem for us,'' said Woods, a senior from Orlando, Fla.

Though the passwords were encrypted -- and would take a major effort to crack -- the hacker was using his new privileges to make new user-accounts, allowing him to disguise himself as a legitimate user on the military network and compounding the difficulties for cadets trying to minimize the damage.

Luckily for Woods and her team, military secrets weren't compromised. At stake Tuesday was the competition and a bit of friendly rivalry.

Challenging scenarios

The ''hackers'' on the other end were actually National Security Agency and Defense Department personnel, testing the cadets to see how well they could defend a military network under hostile fire from bytes, not bullets.

''Their job is to probe, scan and bring down as many boxes (computers) as they can in a four-day period,'' said Maj. Ronald Dodge, a professor at the academy's Information Technology and Operations Center. Cadets must ''figure out how (the computers) came down, where they came down and how to get them back up.''

Cadets are scored on how quickly they identify and fix problems. The longer they take, the more they are penalized. If an NSA agent successfully installs a back door -- a way to bypass a network's security features -- or starts to alter files, cadets see their scores suffer.

At a time when military operations depend on real-time information and constant digital communication with senior leaders, ''there isn't a unit out there that doesn't have computers,'' Dodge said.

There are three main categories of threats the cadets will have to deal with once they use their networking skills in real-world situations.

The least threatening are so-called ''script-kiddies,'' users who don't understand how networks operate but who nonetheless try to wreak havoc using tools written by more experienced hackers. Script kiddies are typically easiest to defend against, Dodge said, because cadets are trained to recognize the programs and methods they use to break into networks.

More dangerous threats are hackers who are sponsored by other nations and hackers for hire. Generally much more experienced and savvy, they will exploit weaknesses and try to cover their tracks while going for high-value targets.

''Nation-states aren't looking for credit card numbers,'' Dodge said. ''They're looking for infrastructure.''

But part of the job of defending a network server is making sure services -- such as uplinks that provide communication to senior military leadership -- stay functional while attacks are repelled.

During Tuesday's exercises, cadets were handling 240 connection requests from outside computers per minute, or more than 14,000 an hour. The challenge, they say, is sifting the normal traffic from the malicious attempts to connect.

''The toughest part for me personally is analyzing all the information,'' said Andrew Reed, a senior from Hampton, Va. ''We can't just block everything (to prevent an attack) because people who should get in legitimately won't be able to get in.''

On Tuesday, cadets were in their second day of the four-day exercise. Monday's activity was largely limited to digital reconnaissance -- NSA agents identified their targets on the computer network and looked for weaknesses. The attacks were expected to intensify with each day.

Some 30 cadets from West Point were involved in the exercises, as well as their counterparts in the Navy, Air Force and Coast Guard. Tuesday, the cadets scurried between computer terminals, alerting each other to incoming information and conferencing on solutions.

At the front of the room, two large projector screens displayed incoming attacks and scans graphically to supplement the information each cadet was being fed from their own terminals. The displays graphed who was trying to connect to their network and how they were connecting.

Shawn Robertson, a senior from Bangor, Maine, was among those who had built the network to NSA specifications Sunday evening.

He and his colleagues didn't finish the job until 6:15 Monday morning, and on Tuesday, as the cyber attacks intensified, they had their hands full.

''We've had a pretty busy day,'' he said.