[Owasp-singapore] NSA Attacks West Point! Relax, It's a Cyberwar Game

Wong Onn Chee ocwong at usa.net
Tue May 13 09:51:31 EDT 2008


http://www.wired.com/politics/security/news/2008/05/nsa_cyberwargames?currentPage=all

The 34 Army cadets comprising the West Point IT team operated in a 
different kind of battlefield, but their combat skills and instincts 
need to be every bit as sharp. Like George Washington said: "There is 
nothing so likely to produce peace as to be well prepared to meet the 
enemy."

The SQL injections, targeting their Fedora Core 8 Web server, were a 
piece of cake for these IT combatants. Each injection tried to smuggle 
malicious code inside the seemingly harmless language used by the 
network’s MySQL software. The cadets handily defended with open source 
Apache web server modules, plus some manual tweaking of the SQL database 
to "avoid any surprises," in the words of Lt Col. Joe Adams, a West 
Point instructor who helped coach the team.

But the kernel-level rootkit was much more dangerous. This stealthy 
operating-system hijacker can open unseen "back doors" into even highly 
protected networks. When they detected the rootkit's "calls home" the 
cadets launched Sysinternal's security software to find the hijacker, 
then they manually scoured the workstation to find the unwelcome 
executable file.

Then they terminated it. With extreme prejudice.






More information about the Owasp-singapore mailing list