UMD's Cybersecurity Team Takes Second Place at Mid-Atlantic Regionals

By Ben SanNicolas

It was known as Operation Transit Storm. On March 27th and 28th, qualifying teams from around the Mid-Atlantic region converged on Johns Hopkins University’s Applied Physics Lab to defend a fictional public transit network from a team of rebels disgruntled by recent election results. The role-play might have been a little cheesy (the transit network served the great country of “Hackistan”), but the National Collegiate Cyber Defense Competition (CCDC) left little room for messing around.

The competition was set as a traditional Red Team vs. Blue Team cybersecurity exercise. The competing schools acted as the Blue Teams, while a group of cybersecurity professionals made up the Red Team. Each school defended their own copy of the transit network against the Red Team, which tried to disrupt the networks’ intended behaviors and steal certain pieces of information called flags.

Unfortunately for the Blue Teams, the transit network was rather difficulty to defend. It consisted of twelve different machines, all with varying Windows and Linux operation systems. This alone gave the Red Team an advantage—while it could choose which machines to target, the 8-person college teams had to somehow defend all twelve machines simultaneously. Worse, the machines often ran severely outdated, extremely vulnerable operating systems, such as old Windows installations.

University of Maryland fielded an enterprising team of underclassmen: three freshmen and five sophomores. Sophomore Max Grable led the team. Freshmen Patrick Freed and Danny Beck were in charge of securing the Windows machines, while sophomores Kevin Bock and Jeremy Krach took care of the Linux distributions. The remaining team members handled incidence response, certain tasks known as injects, and helped where they were needed.

The first day of competition was relatively low-octane. Most of the day was spent preparing for next; the Blue Teams updated passwords, patched and updated old systems, and tried to prevent the Red Team from adding backdoors and other ways into the transit network. The Red Team focused on building persistence, or trying to gain consistent, secret access to the network for later use.  It was clear from the beginning that the Red Team was prepared to launch a massive attack as soon as the second day began. Suspicious activity appeared again and again on College Park’s machines, and the team could do little to stop it. “I could see new processes popping up all time,” said Patrick Freed. “Even if I killed them, they would just reappear.”

Day one also included injects, or specific tasks that the Blue Teams could complete in order to score points. Given the Red Team’s skill, injects would prove to be a crucial part of outscoring other schools.

Luckily for the College Park team, every other school’s network turned out to be just as compromised as theirs. The Red Team professionals were far more experienced than the best undergraduates, and nobody could mount a successful defense. As soon as the second day of competition began, the Red Team easily stole every flag on every machine on every network. They also began destroying the machines that they could, erasing entire file systems and giving the whole competition a decidedly blue theme as all the Windows machines simultaneously crashed and displayed their familiar screen of death.

Despite the havoc, the University of Maryland team managed to stay near the top, finding points in the machines they could keep running and taking advantage of incident reports which they could file against members of the Red Team. By accurately recording the specifics of attacks, the team was able to force the mock-arrest of three Red Team members, earning them bonus points and a brief reprieve from the Red Team’s assault.

Ultimately, the team took second place, losing out to University of Maryland Baltimore County. Though they did not advance to the national final, the team was very happy with the outcome.
“I think the team consensus was that second place was really the best thing that could have happened because we almost won and we don’t have to go to San Antonio [for Nationals] next weekend,” coach Robert Maxwell quipped in a meeting following the competition.

Perhaps the most surprising thing about the team’s success is that the team was composed of only freshmen and sophomores. “For a team that had never been in a competition before, [they were] remarkably level-headed,” Maxwell noted.

Ultimately, the team is excited to learn, improve, and come back next year. For such a young team, the future looks promising.

The Department welcomes comments, suggestions and corrections.  Send email to editor [-at-] cs [dot] umd [dot] edu.