From April 30th-May 1st, a small group of students from Capitol Technology University participated in the BSidesCharm information security conference in Towson, Maryland. Rob Lairson, Beth Moseng, Lynn Morlier, and Derek Akrofi, all independently decided to attend the 2-day event, which consisted of guest speakers, panel discussions, job fairs, several hacking villages, and cyber capture the flag (CTF) activities. Once the students discovered that they all were in attendance, they decided to form a team and take on the ICS Village CTF competition together.
The CTF competition was similar to the recent Hack the Port event that members of Capitol Tech’s Signal-9 cyber team did in Florida in that it involved taking control of a simulated maritime vessel through hacking. The simulated vessel for the BSides Charm competition was a machine called the Grace Maritime Cyber Test Bed, sponsored by Fathom 5, an Austin, Texas-based technology company.
The students used operational technology (OT) provided by the competition organizers in order to accomplish this. OT refers to the operation of physical processes and the machines used to carry them out, which is how the students were able to interact with various aspects of the “ship’s” computer system such as maritime bridge (a ship’s command room), propulsion, and hydraulic steering systems. The goal was to take over the ship’s rudder and throttle control systems, as well as to spoof data in the ship’s bridge system.
In the hour that was allotted for the challenge, the Capitol Tech group managed to take control of the ship’s steering, throttle, and navigation. Each element that the hackers were able to gain control of would earn the team different point values, and the team with the most points at the end would be declared the winner. Lairson, who had participated in a similar type of hacking exercise before, said it was not too difficult though he wasn’t sure how the team would ultimately fare. “The last time I did something like this, I got third place, but I was not certain if we’d win this time around,” he said.
In the end, Capitol’s group ended up being the only team that was able to control both the ship’s steering and speed at the same time, earning them more than 2,200 total points and leading them to a triumphant first-place victory for the event. This was a delight for the spontaneously-formed four piece group, who only decided to take part in the challenge on a whim. Though not an official Signal-9 team event, this CTF allowed some of Capitol’s most brilliant minds in cyber to come together to show that they’re a force to be reckoned with.