Capitol Tech's Signal-9 Sinks, Swims, and Hacks
April 8, 2022Following a jam-packed spring competition season and right on the tail of their 2022 MACCDC Regionals run, members of Capitol’s cyber battle team, Signal-9, made a splash at their last event of the semester: Hack the Port.
Hack the Port was a 5 day cybersecurity conference that ran from March 21-25 in Fort Lauderdale, Florida. Hosted by the Maryland Innovation and Security Institute (MISI) and Dreamport in partnership with the US Cyber Command, the event included keynote speakers, educational workshops, lectures, and a cybersecurity competition made up of challenges modeled after real-world scenarios in the maritime industry. Signal-9 sent five of their strongest hackers to represent the team for the competition. Team captain Jake Crowley, Michael Crank, Robbie Lairson, Darius Nalley-Stoddard, and Jack Vantran were all in attendance, accompanied by Dr. Kellep Charles, Chair of cybersecurity programs at Capitol. Though this was the team’s first time in Fort Lauderdale, they are MISI and Dreamport veterans, having participated in the organization’s “Hack the Building” event in 2021.
When the team arrived in Florida, they were briefed on the conference agenda, as well as the competition structure and rules. Hack the Port was a red team vs. blue team event, meaning colleges entered as either system attackers (red team) or defenders (blue team). Signal-9 got to flex their hacking muscles as they were playing for the red team this time around, a big change from just a few weeks prior when they fought hard as blue teamers during the MACCDC Regional finals.
The team immediately began preparing on their first night in town, with several members attending lectures and trainings at the conference venue to gather necessary knowledge for the competition, while the other members got a head start on building the malware for the week back in the hotel room. "Each member of the team brought a particular skill that allowed us to compete and fare very well [in the competition]," said Dr. Charles.
In the coming days, the normally righteous and ethical Signal-9 members would play the roles of hostile terrorists attempting to occupy a shipping port. They would complete cyber challenges such as overloading computer systems, hacking into port building databases, and of course, sinking ships.
These challenges demonstrated the ease in which even complex systems and critical infrastructure can be taken down through compromised cyber defenses. Last year’s Colonial Pipeline hack is a perfect real world example of how just one small breach can lead to a snowball effect of devastation, and Signal-9’s goal was to recreate that same level of destruction in a simulated environment.
While there were a variety of tasks for teams to complete throughout the week, they got to choose which puzzles to work through and did not have to attempt all of them. However, on day one, all teams were presented with the same initial challenge which was to escape a simulated foreign trade zone. After completing this first challenge, participants were then free to choose how to proceed with the rest of the event.
Signal-9’s first order of business as the "bad guys" was to send offensive ships into port. They began their attack strategy by sending the port (made up of blue team members) a malicious code which compromised the supply chain. Throughout the week, the hackers used electronic boards with PLCs (programmable logic controllers, which are small computers adapted for use in industrial and manufacturing processes) to monitor their activity and progress in real time, allowing them to see the effects of their attacks as they decided their next move.
Later in the week, Signal-9 attackers targeted a cargo train system that was used to transport goods around the port. By breaching the train’s computer network, they overtook the mechanisms that controlled the track switches and forced collisions and derailments, destroying cargo and causing complete disaster.
Members also took on what they all agreed was the hardest challenge of the event, taking down a hospital website with malware. This was achieved through first breaking the hospital’s domain controller, a very difficult task because domain controllers are designed to verify and authenticate the security of users on a server and are therefore hard to breach. Once the controller was broken however, Signal-9 was able to run their malicious script on the hospital computers and download homemade ransomware by disguising it as patient files.
Hack the Port’s most talked about challenge, and the final mission of the week for the Signal-9 hackers, was the task of taking down an entire ship. The ship was represented by a kayak floating in a kiddie pool, and teams each got an hour to try and sink it using PLCs attached to pumps in the “ship’s” 3 ballasts. The key to solving the challenge was misconfiguring the network connection so that the hackers could be on the same subnet that the boat was on, according to Signal-9 member Robbie Lairson. “We started by overthinking it, but all we really had to do was change our static IP to the subnet,” he explained.
After the team made it onto the same subnet as the ship, they were able to run a Python script which triggered the PLC attached to the pumps in the ship’s ballasts. This caused the ballasts to fill with water, thus sinking the ship.
To conclude their long and exhausting week of hacking, the Signal-9 members went out for a celebratory dinner in town with Dr. Charles, who was thrilled with the team's performance. "This was an excellent opportunity for our team to test many of the concepts that was thought in the classroom as well as gain new knowledge areas especially in the OT [Operational Technology] space," he said.
The students treasure the unique experience they had in Fort Lauderdale, and are already eyeing next year’s challenge and planning what they need to work on in order to bring their A-game when it’s time to hack again.