I believe just last week I wrote how summer camps are currently being used to train youngsters in the ways of hacking in the legal and ethical way. In other words, the intent of these camps is to get these kids into the mind of a Cyber attacker, and from there, learn how these skills can be used to help protect a business or corporation.
However, this is just one method. There are also others as well, namely those of Cyber security contests and challenges. In fact, one well known exhibition just took place recently in the United Kingdom. The event, which is known as the “Cyber Security Challenge UK” is hosted on annual basis by Her Majesty’s Government Communication Centre (also known as the HMGCC) and a Cyber security company known as “QinetiQ”.
This mock team consisted of four teenagers and one 37-year-old IT professional, in their efforts to hack into a bank, and to steal the personal and confidential information of all its customers. Their official team title is “Great Hyperbolic Omni-Cognate Neutron Wrangler”. This team meant business, as they came into first place in the semifinal round.
This particular Cyber security event drew in 28 participants. In fact, this challenge is not just a one-time event, but rather, it happens several times throughout any given year, with the ultimate goal of getting youngsters just starting out in programming and video gamers involved.
In order to stimulate the minds of these youngsters even further, the concepts of gamification of are also being used.
I also have written about this before, where gamification is being used to help increase the Cyber security motivation of employees in Corporate America. In other words, rather than having upper management simply train and “hound” employees down that they must abide by the Security Policies or else, they are actually being rewarded and recognized for maintaining good “Cyber Hygiene” at their workplace.
This is all in an effort to increase the level of motivation to keep the lines of defense fortified and strong.
In order to make this even more interesting for the youngsters involved, an authentic sounding name was given to this fictitious bank, which was called the “QQGCC”. This setting was unique in the sense that this mock financial institution just didn’t deal with the traditional paper currency; rather they dealt exclusively with just the various Crypto currencies (such as that of Bitcoin), and even by offering its hypothetical customers encrypted wallets.
All of the customers at this mock bank had chosen a unique encryption method in order to conceal the private key that was associated with their bank account. Ultimately, the participants in this Cyber Security challenge were also tasked with hacking into these accounts to covertly steal these private keys, much in the same way a real Cyber attacker would.
The hosts of this Cyber challenge wanted to push the participants to their limits into cracking these private keys, in order to give them the sense that even digital currency has still the same value and impact as traditional paper currency does, which also needs to be protected as well.
My thoughts on this?
After reading the source on this blog, it turns out this Cyber security challenge is not just a new event, it started all the way back in 2010. Although this kind of competition is open to all individuals of all ages, the primary audience is that of the teenager, targeting those under the age of 18.
In order to help these teens, understand how a true Cyber attacker thinks and works, the team meets both face to face and virtually as well.
Actually, having these kinds of contests is not anything new. These kinds of exercises are also being for Penetration Testing teams even here in the United States as well. In these cases, the “Red Team” (the bad guys) are up against the “Blue Team” (the good guys) in an effort to break into the IT Infrastructure of an organization.
But, this is the first time I have read that Crypto currencies are being used in these kinds of simulations. Normally, the ultimate goal of these kinds of competitions are to launch SQL Injection Attacks, Cross Site Scripting Attacks, break into Web based applications, and also hack into the database servers that house the passwords.
Traditionally, these kinds of contests and other forms of camp training occur during the summer time, obviously when every body is outside. But in my opinion, they should be offered year-round, in order help further stimulate the minds of these youngsters and to further encourage them to pursue a career in Cyber security.
In the end, in order to foster a strong sense of maintaining good “Cyber Hygiene”, it takes not only training, but also stimulating and motivating the minds of all individuals, whether they are teenagers at a summer camp or employees at a company.