“Hackfest assigns each team to set-up virtual machines, in which we’re tasked to make sure the other teams can’t access our machines, as we try to access their machines,” said Meyer. “There’s an entire scoring structure in place and you can prevent the other team from getting points by disabling their machines.”
Meyer’s team used the scoring structure to its maximum efficiency and won the Ace Hackfest. The winning team consisted of Meyer; Cadet Tallas Goo, University of Hawaii at Manoa; Cadet Donovan Median, University of Texas at San Antonio; Cadet Blake Paffile, Seattle Pacific University; Cadet Adam Reville, Samford University; and Cadet Michael Zavalza, Oregon State University.
All course activity takes place on a virtual, closed network, which doesn’t affect the base or surrounding communities.
Each team built two virtual computer systems functioning as a WWW server and a file transfer protocol server. Then the teams were assigned two preconfigured vulnerable virtual computers they were required to provide services with. Each team had to defend their systems, attack other team’s systems and perform a myriad of other computer tasks.
In addition to the Air Force ROTC cadets, the class roster also had a mix of green to go with the blue, consisting of 16 Army ROTC cadets, including Cadet Timmy Oshinbanjo from the University of Dubuque. Oshinbanjo, a computer information systems major, went straight from field training with Army ROTC to the AFIT ACE course to better his chances of being selected for the Army’s Military Occupational Specialty of Cyber Operations Officer.
For his team, Oshinbanjo tackled the construction of firewalls.
“The first firewall is your public firewall that connects to the outside world, so basically teams can have access and they can communicate with you. Then you have another firewall which protects your web browser and file transfer protocol. Each team’s main job with firewalls is to protect their two systems and make sure the other team can’t hack them.”
Oshinbanjo was the first cadet to complete his firewalls for his team, Team Alpha. But the course specifications caused a re-do for this particular task.
“I’ve already built the firewall for us and apparently we were the first to get it done. But I used the wrong version of the firewall program,” Oshinbanjo said. “I made it right, but I was using the wrong version; so it’s kind of frustrating.”
Oshinbanjo laughed off the error and rebuilt his firewalls with the correct program that same day. He also added in an additional defense wrinkle, cloning one of his two virtual machines with a different IP address.
“If anyone tries to attack it, they can’t tell it’s a clone, and it will send knowledge of their attack straight to me,” he said.
That eventual attack on Oshinbanjo’s cloned system expended one of his attacker’s most precious resources – time – netting the attacking team a big fat zero in points for the attack.
The objective of the ACE program is to develop the next generation of cyber-security leaders through an intense program that immerses students in the cyber-security discipline while educating them on becoming future military leaders.
“What we’re doing in ACE is a subset of what we teach our graduate students – a small subset of our graduate program in cyber operations,” said Dr. Timothy Lacey, director of Information Technology for AFIT’s Center for Cyberspace Research.
Students who complete the ACE course often return to AFIT for graduate study, he added.
This year marks AFIT’s 100th anniversary. AFIT’s Graduate School of Engineering and Management is a research-based institution offering graduate programs leading to Master of Science and Doctor of Philosophy degrees in engineering, applied science and selected areas of management. The mission is to provide high-quality graduate education programs and engage in research activities that enable the Air Force to maintain its scientific and technological dominance.