NSA Codebreaker Challenge 3.0 Source: Sue Gee
NSA, the United States National Security Agency, is challenging university students in the US to exercise their reverse engineering and low-level code analysis skills while working on a fictitious, yet realistic, security threat.
The challenge consists of multiple tiers that become progressively harder. Last year, only 10 students solved the fourth and final tier problem but perhaps the fact that for this year's challenges prizes will be awarded to the first 50 students to complete all four tasks will attract more entrants.
This sounds like a great opportunity for Computer Science students to get to grips with some really interesting tools. The rubric states:
To solve these challenges, you will need to analyze the executable file with low-level tools such as a disassembler, debugger, hex editor, Linux binutils, etc
It recommends the use of the IDA disassembler from which it describes as:   
a very powerful reverse-engineering tool and used by professional security researchers around the world.
You can only register for this challenge using a valid .edu address so we reached out to NSA for more information about why it runs this challenge and how it operates.
The challenge started when NSA's Signals Intelligence Directorate sought ways to attract top talent with an interest in the Science, Technology, Engineering, and Mathematics disciplines to a career in national security. The first iteration was called the Senior Class Project, in which NSA provided university professors with a problem for students to solve. The problem scenario, which would take a semester to complete, was similar to an existing challenge for NSA employees.
To reach more students, NSA then created the Codebreaker Challenge, where it provided a problem in need of a creative solution, again also similar to an existing challenge for NSA employees. Three years ago only 13 schools were involved and a small team of volunteers visited the schools to provide guidance to students working on the challenge and evaluate the submissions, but this year, NSA created a website for students to download the problem and track their progress.
This has enabled many more universities to join in and NSA told us that already more than 1,000 participants from 130 schools are taking part in the new online version of the challenge and that it is not too late to sign up (using your .edu email address) at    https://codebreaker.Ltsnet.
According to the information supplied to us:
Not every problem is the same. Each participant who downloads the problem receives a identifier with slight modifications to the problem, which gives everyone a unique experience. The website also includes a leaderboard so schools can compete for bragging rights.
NSA also stated:
We do not want to give away specifics details about the Codebreaker Challenge. As one completes each step he/she will be given another, more difficult, scenario. To complete the challenge, one needs to employ great technical knowledge, creativity, and determination.
For those who are signed up, a virtual tech talk has been scheduled for September 17th from 2:00 to 3:00 PM EST. This will introduce the challenge, present some reverse engineering techniques, and walk through the solution to the challenge from last year.
nsacodesq
Even if you are not eligible to sign up you can access the slides from last year's Tech Talk that walk through solving the 2013 challenge.
There is also open access to a series of five Reverse Engineering Lectures that are provided as part of the course resources.
The Codebreaker Challenge site FAQ points out that reverse engineering is a crucial skill for those involved in the fight against malware, advanced persistent threats, and similar malicious cyber activities and admits that:
as the organization tasked with protecting U.S. government national security information systems, NSA is looking to develop these skills in university students (and prospective future employees!)
It also says:
NSA isn’t the only organization interested in these skills - many Fortune 500 companies are also looking for individuals with reverse engineering abilities, as they work to protect their corporate and organizational computer systems and networks.
Even if you are not looking for a new career the same techniques used to reverse engineer an unknown binary can often be applied to diagnose and fix bugs in your own applications, especially if they are low-level ones like those introduced by a compiler.
| }
|