Hacking the United States Navy

The following news articles cover this far better than I can here:

The summer of 2016 was a lot of fun. Celebrating Christmas at a goat farm in the middle of July, getting stranded on an island, diving for cover from an active shooter scare, getting paid to hack the government ...and some other things I can’t really talk about. I had the privilege of working as an intern at the Naval Surface Warfare Center, Panama City Division in the Cybersecurity Lab with fellow intern Daniel Jermyn, under the supervision of Katherine Maglio and Mary Hulgan.

There were about 40 interns at the naval base. Pictured below, we are standing on an LCAC (Landing Craft Air Cushion). Basically a giant hovercraft used to transport troops, tanks, etc.

lcac

Daniel and I were given a blank slate and told that Navy personnel needed to be educated on common security flaws and how to avoid them. What we developed was effectively a "Capture the Flag" hacking challenge to make learning about hacking fun.

The challenge pits 4 teams of 4 people against each other in a 7-step game to the finish. Each team is first debriefed on common hacking tools and how to use them. Then, each team is given a computer running Kali Linux (a hacking system) and they're off! Teams have to use nmap, Wireshark, password cracking, SQL injection, and a host of other tools—all of which I became extensively familiar with when designing the challenge—to discover clues on other malicious computers. The final step involves using a lock-picking kit to open a locked chest. (I knew my lock-pick set would come in handy one day! Hasn't gotten me arrested yet.)

The project culminated with a live demo of the event hosted by Gulf Coast State College, and a face-off between 4 teams: one team of Navy engineers (***winners***), one team of interns, and two teams of local students. Pictured below, the team of interns:

interns

The malicious computers and Kali Linux machines were all hosted through VMs (VirtualBox and VMWare) and connected through a layer 2/3 switch setup in the back, so Daniel and I could see in real-time how each team was affecting the malicious computers on their respective network (separated by VLANs). So I got a nice intro to virtualization and switching as well.

As far as that other stuff I mentioned at the beginning, well… That’s a story for another time.

goat