What happens when computer security experts in a bunker underneath London are the last line of defence against an online attack which threatens to cripple the country?
Fighting a cyber war from a bunker beneath London
17 Mar 2014
Deep in a bunker beneath Westminster, in the Cabinet War Rooms that were the top-secret heart of government during the Second World War, dozens of people gather around a television.
There is distressing news. A huge cyber attack has crippled the UK and panic is spreading: cash machines have stopped working, the London Stock Exchange has halted trading and critical government networks are infected.
All that stands between the unknown hackers and total control of the country is this crowd of 42 cyber security experts. They instantly set to work.
In the corner of the darkened room a light is cast by a screen charting the malware’s spread. Hubbub builds as the code is isolated, passed around and pored over for potential weak spots.
Time is running out, the Prime Minister has called a meeting of COBRA and is demanding answers. How can this be stopped?
Luckily, this is just a drill. Although it is not the stuff of fiction - many governments now have cyber warfare divisions and traditional conflicts are often accompanied by online attacks.
The problem is that it’s not easy to find people with the skills needed to fend them off.
This event has been devised to find the best of the best, then recruit them. The participants have been whittled down from thousands who initially entered a series of online challenges. They are amateurs, drawn from a wide range of backgrounds, but they have skills which are vital for national security.
This final competition, called the Masterclass, is staged by the not-for-profit company Cyber Security Challenge, set up four years ago to boost UK expertise. Half its money comes from government and the rest from industry - investment which pays dividends when it comes to recruiting. Undercover GCHQ agents and staff from sponsors such as Lockheed Martin roam the event, ready to headhunt those that show potential.
The group is split into teams and tested on more than just technical skill. They also have to make frequent reports to a panel made up of experts from the security and crime prevention agencies. There is little point in knowing how to stop an attack if you can’t pass that information up the chain of command in a way that the armed forces, police and politicians can understand.
Wave after wave of increasingly sophisticated online attacks come, as judges wander the room with BlackBerry Playbooks, observing and scoring teams. Additionally, a rack of equipment - hidden from public view - is used to get empirical data on how well everyone is performing. The “command and control” server already identified by some teams as instructing the malware is also monitoring who is making the correct probes and investigations.
All phones, laptops and tablets have been confiscated, there is no Wi-Fi, and clean computers are provided, making it easier for those controlling the event to have full oversight.
I speak to “Toby” from GCHQ, who cannot be named in full or photographed for security reasons. “We’ve purposefully put in little traps and rabbit holes, and some of them have really gone down those rabbit holes,” he said.
“We’ve tried to make it as realistic as we can. There are elements that we’ve drawn from our experiences, so it’s a fairly real scenario. Some of the skills you see here today are what GCHQ would be doing.
“We want to find the skills and find the talent. In an interview environment that might not shine through. It could be that there’s one guy who’s great at taking apart malware, but that’s all he can do. The ones that will do well have the full package.”
James Arden of the blue team (centre)
James Arden, 23, graduated last year with a degree in maths from Hertfordshire University. Today he is one of the “blue” team. They’ve uncovered the offending malware, called CryptoMocker - a play on the real-world Cryptolocker. It’s a nasty piece of software which infects a PC, encrypts important files and demands a ransom for their release. If you don’t pay up within six hours, it deletes the lot.
“We’re trying to work out what the extent of the damage is and how it’s spreading. We’re putting in constant roadblocks. We keep tearing our hair out every ten minutes,” he says.
As I’m speaking to him the “burgundy” team jump into the lead by a single point. “We’re not quite sure what they’ve found that we haven’t,” James tells me, slipping back into a frantic discussion with his team.
Minutes later burgundy are called in to give their briefing to the board. They’ve uncovered the email which opened the door to the malware on the computer they've been forensically examining. It linked to an encrypted zip file. It’s also logging keystrokes, and the code they've reverse-engineered seems to suggest a group of people is behind the attack as it shows evidence of several different programming styles.
Kevin Williams from the National Crime Agency (NCA) is impressed. “It felt like a briefing I would experience from my own people,” he tells me.
But there’s no time to rest on their laurels. Soon after, the event takes a turn for the worse: a news broadcast warns that banks, businesses, utility companies and airports are all being brought down by the malware, and the NCA say residential homes are also being attacked.
The two-day scenario plays out and develops until a single winner is found. The champion in 2011 was postman Dan Summers. He now works for the IT Security Division of the Royal Mail Group.
Stephanie Daman, chief executive of Cyber Security Challenge, says there is “huge demand” for people with these skills.
“We’ve got a huge skills gap, and that’s particularly important at the moment because so much of our lives are lived online.
“We have hidden talent in this country. We’re very much about identifying these people. We can make a real dent in that skills gap by reaching out.”
The eventual winner of the masterclass was 19-year-old Cambridge student Will Shackleton, who develops mobile apps in his spare time, and recently secured a summer internship at Facebook.
“It’s a big surprise and a huge honour. I never considered a career in cyber security before taking part in the Challenge but playing their competitions and meeting the industry leaders has shown me there are exciting jobs which need filling”, he said.
“I’m convinced security is an area Iwant to pursue and I can’t wait to take what I have learnt from the Challenge into my university studies and summer internship, and eventually into a job where I can do this stuff for real.”
Will will now receive his choice of rewards from a collection of 90 career-enhancing prizes worth over £100,000 including valuable industry training, university courses, and access to strategic industry events.
The organisation is now starting to hold events in schools for children as young as 14, to start guiding more people onto a path that could see them competing in this very room, years from now.
I ask Stephanie how many people here will be hoovered up by the security agencies, but get told with a smile that such things aren't revealed.
But if somebody performed well and then didn’t reappear next year? You can make your own inferences from that, she says: “We’re not a recruitment agency. We provide a place for people to meet.”
• Interested in taking part next year? Registrations are now open for the online competitions from which next year’s finalists will be drawn.
No comments:
Post a Comment