[HN Gopher] NSA Codebreaker Challenge 2024
___________________________________________________________________
NSA Codebreaker Challenge 2024
Author : TecoAndJix
Score : 71 points
Date : 2024-09-05 14:32 UTC (8 hours ago)
(HTM) web link (nsa-codebreaker.org)
(TXT) w3m dump (nsa-codebreaker.org)
| sigma5 wrote:
| I got this error while trying to register. Does anyone know a
| simple way to bypass this ?
|
| "Sorry, that email domain is not recognized. -- An email address
| from a recognized U.S. school or university is required. If your
| school's domain is not recognized, please request it to be
| allowed by clicking HERE"
| FanaHOVA wrote:
| If you need HN commenters just to bypass the signup, you will
| not have a good time in the challenge :P
| seabass-labrax wrote:
| Just because it's a computer security challenge doesn't mean
| you should start breaking into the website before the
| challenge begins. That's akin to suggesting that boxers who
| were deemed not to qualify for a competition should punching
| the referee to prove otherwise; what's normal inside the
| sport can be entirely unacceptable outside it.
| Something1234 wrote:
| It is kind of an issue because a lot of people lose their
| school email when they graduate.
|
| Asking the same cause this is one I've never had time to do
| when I was in university and would like to do it now that I'm
| graduated.
| rtkwe wrote:
| It's for recruiting and they mainly want new grads. It's a
| filter not a bug.
|
| It is a shame you can't get access as a non recruitment
| target though.
| derbOac wrote:
| It's also a shame they only see recent grads as recruitment
| targets.
| tekla wrote:
| The people whom this is meant for are not the people who
| would complain about "needing" an EDU email and would
| just get one or figure out a bypass.
| Horffupolde wrote:
| It's part of the test.
| bangaladore wrote:
| I completed the 2022 version of this and received some nice NSA
| memorabilia. It is a fun challenge, but it is pretty difficult to
| complete it all. Looking back at 2022, it looks like maybe 100
| people completed the entire challenge.
| diggan wrote:
| > it looks like maybe 100 people completed the entire
| challenge.
|
| It looks like (https://nsa-codebreaker.org/leaderboard_2022) at
| least 350 schools has a "School Solve Times" that isn't null,
| so unless some students are enrolled in multiple schools, it
| seems like way more than 100 people managed to solve it.
| Jtsummers wrote:
| Go to Task 9 at the bottom. 40-someting schools had people
| score, about 102 people scored on that task (more completed
| it though, not sure what the difference is, hand counted so
| may have miscounted).
| bangaladore wrote:
| Correct, which is why I say 100-something. For some reason,
| they put all the schools in every table. Just a guess, but
| I assume "scorers" are only people who solved it in the
| limited time window.
| nneonneo wrote:
| This has historically been a pretty fun challenge to do. Earlier
| levels are quite easy, but later levels can be quite challenging
| and require specialized skills (e.g. reverse engineering, binary
| exploitation, cryptography). There's a decent focus on "realism"
| which makes the challenge series more interesting than a typical
| CTF. If you're eligible to participate I'd highly recommend
| checking it out.
|
| P.S. if you do well, the NSA sends you swag; I have a couple of
| very nice signed letters and NSA medals that look great in my
| office :)
| diggan wrote:
| > Anyone with an email address from a recognized U.S. school or
| university may participate in the challenge.
|
| Aww, that's not so fun :( Was kind of curious to participate, but
| seems it's US + students only. Kind of makes sense that it's US
| only I guess, but why only students?
| tptacek wrote:
| It's a recruiting event.
| diggan wrote:
| Aha, that'd explain it. NSA only hire people fresh out of
| school?
| tptacek wrote:
| They primarily do. Someone else on the thread says they do
| some industry hires, but everyone I know who worked there
| was recruited from engineering school.
| reaperducer wrote:
| _They primarily do. Someone else on the thread says they
| do some industry hires, but everyone I know who worked
| there was recruited from engineering school._
|
| I remember a bunch of TLAs approached most of my friends
| in college, but never took an interest in me.
|
| At the time I thought, "That's stupid. I'm the best
| phreaker in this NPA!" Later I realized this might be a
| liability, not an asset.
| pclmulqdq wrote:
| I know a few people who went in as experienced hires, but
| the NSA in particular is happy to do high-paid contracts
| if you have the appropriate skills, so most of their
| actual employees seem to be straight out of school.
| hatsunearu wrote:
| They have an internal school that's a few years long (?!)
| that teaches you a bunch of stuff. Or so I heard...
| ganoushoreilly wrote:
| There are many pathways and schools internally for the
| different directorates. Most programs are partnered with
| outside schools, with some giving you course credits for
| internal classified work and only requiring a few outside
| unclassified courses to fulfill needs. Many of these are
| MS degrees. I got one through one of these programs.
| Which come in handy with restrictions on promotions /
| positions based on ed reqs.
| tekla wrote:
| No. They hire plenty out of school, but they generally are
| not the type to be filtered by an email domain requirement.
| Jerrrrrrry wrote:
| but they generally are not the type to be filtered by an
| email domain requirement.
|
| They are exactly the type to filter by something as
| "trivial" - 99% of their target audience is Math nerds
| with .edu emails.
|
| The other 1% will go the other 99% of the way to acquire
| the needed materials to satisfy the target condition.
| Which in this case, is a room-temperature check compared
| to the challenges.
| tptacek wrote:
| I do not think their audience is in fact mostly math
| nerds.
| Jerrrrrrry wrote:
| They hire more Math PhD's than the entire economy
| combined.
|
| If comparable had happened in any other field, to any
| other adversary, that very fact would not be as
| advertised.
| alach11 wrote:
| Anyone in industry is already making more than the NSA can
| afford to pay.
| bitwrangler wrote:
| there's a good list of resources and lectures if you're curious
| to learn more:
|
| https://nsa-codebreaker.org/resources
| quibono wrote:
| Anyone else getting a 403?
| paulluuk wrote:
| After reading "Permanent Record" by Edward Snowden and "Cult of
| the Dead Cow" by Joseph Menn, I can't help but feel like the NSA
| is basically "the bad guys", and I assumed most hackers would
| feel the same. Are people really excited to do challenges like
| these for them?
|
| I don't mean that in an accusatory way, just genuinely curious as
| my perspectives (one from a whistleblower and one from 80s hacker
| culture) are obviously not the same as those of a modern day
| hacker.
| ziddoap wrote:
| While I don't really like the NSA, I certainly respect their
| expertise.
|
| And their expertise is exactly what makes a challenge like this
| difficult and fun.
| YinglingHeavy wrote:
| Someone isn't Comms Aware.
|
| Biggest event of 2013: Snowden.
|
| Biggest film of 2013: Frozen (Let I.T. Go)
|
| Biggest game of 2013: Last of U.S.
|
| The NSA was effectively blinded for a period of time. Do you
| think bad actors didn't take full advantage of this? Where did
| Snowden work prior to NSA? Why doesn't Julian Assange have a
| Hollywood film?
| ricksunny wrote:
| >Assange film
|
| The Fifth Estate.
| jjtheblunt wrote:
| I'd recommend reading James Bamford for a more positive look at
| NSA and their charter...which is essentially math, math, and
| more math, and unrelated to politics within NSA anyway.
|
| The Snowden stuff is extraordinarily excerpted to that which a
| contractor (Snowden) was seeing in a post 9/11 strange fiasco
| which did bring politics into play. Bamford predates that mess.
|
| Here's a link, for example.
|
| https://a.co/d/eMTidtP
| tptacek wrote:
| NSA is an enormous organization with many chartered
| activities, some small amount of which involve math, some of
| which is defensive and benign, some of which is offensive but
| understandable in the same sense our maintenance of a fleet
| of nuclear-powered aircraft carriers, and some of which is
| probably hard for anybody to get comfortable with (much of
| which should be halted). A lot of what NSA does is ultra-
| boring, and some of that should be halted too. Like every
| major federal government bureaucracy, NSA's most important
| charter is to secure more budget for NSA (which I maintain is
| actually an important fact to keep in mind when designing
| technical security countermeasures).
|
| My point being: be wary of any attempt to characterize NSA in
| just a sentence or two.
|
| Some of this puts me in mind of people's mental model of NIST
| as a hive of USG cryptologic activity when it is in reality
| like 3 very overworked cryptographers and a bunch of project
| managers. (Someone correct me on this, and then reach out
| about being on the podcast).
| sneak wrote:
| You're right. The US IC has shown time and time again that they
| have no moral compass, no regard for the US Constitution, and
| no regard for human rights or the rule of law.
|
| That said, neither do a lot of hackers. There is a long history
| of collaboration between hackers and the military-industrial
| complex. Silicon Valley is Silicon Valley because of the DoD.
| And the director of the NSA once gave the keynote at DEF-CON.
|
| Even the best hacker movie, from which I take my nick, ends
| with the hackers assisting the NSA as if they are the good
| guys. :(
|
| Intelligent people like Snowden don't become as deep into the
| NSA as they are without a whole lot of "good guys" propaganda
| for many years first.
| jonnybgood wrote:
| I'm sure you're aware of this but Snowden wasn't in the NSA.
| He worked for a contractor to manage their IT.
| StrauXX wrote:
| He was both! Initially working for a contractor, then for
| them directly. He may have again gone back to a contractor
| afterwards.
| tptacek wrote:
| My understanding is that he worked for some time at CIA,
| but never directly for NSA.
| throwaway48476 wrote:
| It doesn't matter which 3 letter agency is violating the
| constitution. They all need to stop.
| tptacek wrote:
| I would love to hear more about how Menn's book about a clique
| of nerdy teenagers shaped your opinion of NSA. (Some of those
| nerdy teenagers are friends of mine; we were nerdy teenagers of
| the same vintage. I'm not dunking on them.)
| sandworm101 wrote:
| Is it cheating to use commonplace AI? NSA are a practical bunch,
| they probably dont much care how one solves the problems, but AI
| could change the nature of such tests. The rules say no getting
| help from persons, which leaves the AI door open imho.
|
| (Fysa, there is a reasonable chance that someone involved in this
| competition is following this topic. HN is known in the more
| nerdy corners of the int/defense world.)
| not2b wrote:
| I think it would be unlikely to be much help beyond the easy
| problems they start with.
| lallysingh wrote:
| Might be more acceptable if you use a locally hosted version,
| instead of someone else's.
| Jerrrrrrry wrote:
| I would love to see you try to get Gemini to make corporate
| puns, 3-figures removed from practical phishing utility.
| proctrap wrote:
| Hah some networks just get a 403 forbidden accessing this
| drexlspivey wrote:
| Maybe that's the challenge
| m3kw9 wrote:
| First thing people does is feed it into LLM
___________________________________________________________________
(page generated 2024-09-05 23:00 UTC)