CyberCenturion IV – Winners Trip – Day 4

I tried to watch a different program than the weather today. I gave up after numerous minutes as, although there is a TV channel list in the room, it mostly only gives you the channel names. I instead tried to get by with just flicking through the channels, which was no use at all, mainly due to every channel having an advert showing. Oh well, time for the weather channel again. It looks like the hurricane is going to hit land but then slow down. It’s also moved south in its predicted track, so who knows what’s going to happen. All I know is that calling places Cape Fear and Cape Lookout are clearly suitable names.

Anyway, during breakfast time today, we’re nearly all getting used to it now. Apart from my waffle overflowing and one of the other students getting theirs stuck to the top of the iron. It also turns out that the students are converting to eating Froot Loops, as using a totally unscientific test of seeing which cereal is eaten most, it’s clearly winning.

A selection of tubes holding breakfast cereal, with Froot Loops having the least

We finished our breakfasts and headed up to our rooms to collect anything that we needed, before meeting up at 9am. Diane also came to the hotel, as we were going to be doing a trip of downtown Washington and the International Spy Museum, then to the British Embassy to meet with the people there who liaise about cyber security between the UK and USA. Despite the weather reports saying that it wasn’t going to be very good weather, we were all surprised when the sun started to come out. This was the first time that we’d seen it since arriving in the USA, and shortly after this patches of blue sky started to appear too.

The trip to Washington took around three quarters of an hour. We crossed the bridge over the Potomac river and were able to see the Lincoln Memorial (well, the outside of it) and the Washington Monument. While we weren’t able to get off the minibus, we managed to take some photos. Diane also pointed out some locations and provided some information. We did go past the White House, but it was hidden behind many trees and very difficult to see. We then took some of the “back roads” to get to the International Spy Museum.

Pulling up, we got out of the minibus and were immediately behind a very large group of elementary school students. Luckily we’d already pre-bought our tickets, but unluckily the children all went in for free (it was only the staff escorting them that had to pay) so we were still behind them in the queue! Oh well, it wasn’t too long to wait. While waiting, we got to see a car used by the bad guy from the film Die Another Day as it was advertising a special exhibit they had on. The queue went in a zig-zag line, and led to a lift that would take you to the start of the museum. We got into the lift and we ascended (the lift had blue lights in the floor illuminating the car, and as this seems to be a running theme throughout the visit, everyone made jokes about the blue lights and them being needed in the school classrooms). During the lift going up, you were introduced to the mission and told that you needed to pay attention to the screen in the next room. After getting out of the lift, the screen told us to pick a identity and remember it, as we’d need to use it during the museum. The identities were displayed around the room, and I picked Antonio Silva, male, 58, a carpenter who was born in Brazil and was heading to Lisbon to meet the family for 6 days. We were then ushered into another room where we watched a film introducing us to spying.

After watching the short film, we exited the auditorium and entered into the actual museum. The museum itself was filled with various spying equipment and history, broken down into various related areas. The first area that you get to is called the “School for Spies“, which had a large selection of equipment that had been used at some point in the past for spying. One of the first items that you reached were a number of screens that put you under interrogation and asked you questions about who you were, based on what you’d memorised before the video screening. I, or more accurately Antonio, successfully passed and received further mission instructions.

However, the most enjoyable exhibit for all of the students was being able to crawl through some ducting. Seriously. They spent many minutes crawling back and forth, trying to take photos of each other. If we’d have known this was all they needed, we could’ve just bought some ducting and handed it to them!

Anyway, there was a lot of equipment that was used in spying at some point, with very detailed descriptions of the items. Some of the tools were surprisingly effective considering that they only had a basic design. We also learnt about the different disciplines of spying (such as cloaking yourself, shadowing people to gain intelligence and escaping should you be discovered) and how they were put to use.

We then moved on through the museum, into the next exhibit showing how spying had changed over time. It discussed going from rotational Cesar ciphers to help spread secret messages to various people, through to how intelligence was gathered using rudimentary cameras and interrogations.

Following on through the museum, we reached a section about the code breakers at Bletchley Park. As was probably inevitable, we came across an(other) Enigma machine. Most people never get to see an Enigma machine. Some people are lucky to see one. We’d seen three so far this trip, and some students that went to The National Museum of Computing to collect their awards from an Extended Project Qualification had also been given a tour of the museum, where they had a chance to see a machine there too. 4 times in 5 days. I’m fairly sure they can build one from memory by now.

An Enigma machine with a description about it
It may seem like I was complaining about seeing so many of these machines. It’s actually quite the opposite. Only from being on this trip have we had the chance to see so many

It then went on to the Second World War, explaining how spies were needed to try and gather intelligence to either gain an advantage or provide false information to the enemy (the use of the word enemy here is relative to the reader) so that they would send their resources to an area that was not going to be used as an invasion point.

In the next part of the museum, the exhibits moved to more modern (again, relatively speaking) times with atomic bombs and the Cold War, explaining how spies were needed to try and avoid nuclear war from happening. Additionally, other spies were gathering intelligence on the progress that the United States were making with developing their atomic bombs, then passing this information over to the Soviet Union so that they would be able to have weapons of equal power.

After passing through all of the exhibits about spying, we had another set of screens where we had to identify ourselves with our spy name and answer questions from our mission. While I didn’t seem to get everything right, I was let past security and managed to pass on the microfiche.

After finishing that floor, we went down and there was an exhibition about James Bond, as he was a spy (yes, I know that’s obvious). There were lots of props and costumes from the films, with information about them too. To keep kids entertained, there was a section with a tunnel to crawl and walk through to try and get codes, while a second player would try to stop them getting the code.

What kept our students entertained and busy was a bar that you would try to see how long you could hang on for. You would press a button that was at the height of your reach, the bar would come down, you’d hang on, it’d raise up and then a timer would start. The timer stopped when you fell off and you feet hit the floor. The worst time that was recorded was 2.6 seconds, followed by 4 seconds (same student) all the way up to 40 something seconds (yours truly). The older students wondered why I didn’t slip off, while for everyone else their hands started to slip off mostly straight away. I’m not sure either, but I’m assuming that it’s due to me having to carry heavy things in work and making sure they don’t slip. That, or I’m secretly an agent in disguise…

After looking at more of the exhibits about the villains of James Bond (well, I did, I think everyone else rushed through as I didn’t see them until I got to the gift shop) we reached the end of the museum. I’m not normally one to buy things in gift shops, but there was a t-shirt that caught my eye. I was going to buy it, but decided against it. We were waiting by the exit to the gift shop for students to finish squishing coins into pictures (one student put in a dime and not a cent, realising afterwards they’d cost themselves) I spotted a number of other t-shirts. One caught my attention, and after some peer pressure from the students, I decided to buy it. To be fair, I did the same peer pressure back and they bought the t-shirt that I was originally thinking of purchasing.

A t-shirt with "The 10 reasons I didn't make it in the CIA"

It was lunchtime by now, and to save time we picked a Shake Shack that was nearby. Google maps said that it was a minute walk around the corner, but upon waking out the entrance to the spy museum, the place was literally next door. We went in and looked at the menu. There was a selection of burgers and hot dogs, but as one student had eaten just burgers for the majority of the meals we had, he didn’t fancy having that again. Another of our students is vegetarian, so all he could have were chips and a portobello mushroom burger. The only problem here (apart from being a vegetarian in the United States) is that he doesn’t like mushrooms, so in the end he only had cheesy chips. Since it was an order for 9 people (our team and Diane) it took a few minutes, and came on three large trays. Everyone enjoyed the meal, as it was totally pig out food. When we finished, we went outside to wait for the minibus to pick us up.

We waited for quite a while, and it was fairly humid outside. We saw some bad driving, such as a car starting to pull straight out in front of a UPS van, getting beeped, then continuing to pull out and drive away quickly in front of the van. Speaking of UPS, they drive everywhere with their doors open, and one that pulled up by us had 2 large trolley loads of boxes. Unfortunately some of these dropped on the floor when he went up a ramp, so hopefully nothing was broken!

About 10-15 minutes had passed by now and we were all wondering when the minibus was going to turn up. When we’d called them to collect us from previous visits they’d shown up fairly quickly. Well, it turned out that Diane thought the computing teacher had called them, and vice versa. Realising the mistake, Diane called them and they turned up a few minutes later. We needed to be at the British Embassy for 3pm, so wanted to get there by 14:45 at the latest. Unfortunately this didn’t leave much time for sightseeing, so we only had chance to have a drive by of the Capitol Building (you can’t stop by it since about 10 years ago). Luckily there is a road that takes you up nearby to it, and there are roundabouts at the end, so everyone on both sides of the minibus managed to get a good look at the building.

From there, we travelled past the White House, the J. Edgar Hoover (FBI) Building, and continued through the city to the embassy district, seeing lots of beautiful buildings. After a bit of driving, we arrived at the British Embassy in Washington, which was a more modern looking building and a lot larger than some of the ones we went past. Most of the embassies had something related to the country outside them, such as Mahatma Gandhi for the Indian one, and Nelson Mandela by the South African one, so of course the British Embassy had a red telephone box. We were taken down a road so the minibus could turn around, and as we saw the Navy Observatory, Diane said that was where the Vice President lives.

We pulled up at the Embassy and showed our passports to the guard at the gate. Most of the students passports were scanned and then looked at on screen for a few seconds, but the guard just scanned mine and had a glimpse at the screen before handing it back. Not saying anything here, but clearly I’m more trusted that the students. Everyone was allowed to enter, so we went through the security gates and entered the compound. It’s a weird feeling. A few seconds ago I was on US soil, now I’m on British soil. Two countries that are separated by the second largest ocean are literally separated by a wall and railings. Additionally, you could tell it was British as there were hundreds of CCTV cameras around the compound, which weren’t visible at any of the other embassies. Anyway, we took photos of the telephone box and of the outside entrance, then went in. After walking through the main entrance, we went past some signs and boxes that read about turning your phone off and dropping them into a box. A student asked me if we should do this, but as Matt (the person escorting us through the building) had already seen us using them to take photos, I said to remain quiet about it and not to get them out while we were inside. We walked past a few meeting rooms and went to one at the far end of the building.

We met up with the other members of staff who were going to be in the meeting. They introduced themselves (Jan was from the Government Communications Headquarters [GCHQ] and National Cyber Security Centre [NCSC] and James worked with the Ministry of Defence [MoD]), explained how they work in different parts of the Embassy but the jobs are related and how they interface with their American counterparts to share information when needed. We introduced ourselves, said how we got into the areas of computing and what ideas the students had for potential careers. The students explained how they had recently won a teen tech award using a solar powered Raspberry Pi, and this went into a discussion about how that would be useful in disaster areas to help provide connectivity and how the students should be very proud of themselves having made it to the final. It was also expressed how there should be a bigger push for female students to take up the CyberCenturion competition. Additionally, the members of staff at the Embassy talked about the students taking part in Capture the Flag competitions and joining up for bug bounty programmes, to help them gain experience and hopefully get some funding for themselves.

James has recently been to DEF CON, and said that one of the skills that is needed is to be able to change from speaking technical to people to speaking so that everyone can understand what you’re going on about. One student had a there’s no place like t-shirt on and I had my xkcd sudo top on (you may have seen it reflected in one of the photos earlier), and he referenced how most people would not have known what these were about. James certainly knew what he was talking about, as he talked about many different items he’s used and some ideas for our student to do. One such thing he did was set up a WiFi Pineapple and saw how many people connected to a WiFi networks called “Starbucks”. Also from his DEF CON visit, he said that people have found out that using custom bar codes they could hack into an automated shopping checkout as some of them run Windows XP in the background.

A photo of the xkcd "sudo" t-shirt
Surely you know which comic I’m referring to?

When the meeting finished, we left the meeting room and I asked James about his visit to DEF CON. This lead to a number of conversations with us standing in the reception area, where he told me of a number of tools I could use, such as a poor man’s rubber ducky. This would install a few things on the computer and would bring attention that the computer hadn’t been locked. He said that despite saying a number of times to staff at the Embassy to not plug in random USB drives, he had “accidentally lost” a number of them in the car park, and he’s aware of 8 computers suddenly playing “Ride of the Valkyries” loudly in the building. Additionally, in this after-meeting meeting, he also said:

  • Satellites are still running Windows 3.11 (because it’s difficult to update them once they’re launched), and you can build a base station in your back yard for around £5000. With this base station, you would be able to pick up and read the unencrypted communications between the satellite and ground transmitters. The contents of the files may be password protected, but could then be brute forced to decrypt it with John the Ripper.
  • Inspired students to do CTF challenges and set up a lab in school with some old equipment for the student to play around with Live CDs, so that they don’t accidentally break the main network.
  • He always goes off to look at the website of the people he’s just met with. My decoy of saying the school’s domain name was didn’t seem to sway him (although he said that had already been scanned).
  • He hangs a pirate flag outside his property instead of an American flag to annoy his neighbours.
  • Knows someone who has added an addition to their laptops of crank handles and chimneys, so that it pumps out smoke when it is on so that it looks steampunk like.
  • The Russian and Chinese embassies are right next door, and the place where you have to get your ID is past the Chinese embassy, so they assume everyone has their photos taken.

There certainly did seem to be more conversations going on outside of the meeting room, mainly due to it having a more relaxed atmosphere, which our students prefer. While we could have carried on talking like this for a lot longer, the staff at the Embassy did have some actual work to do, so eventually they had to leave. We then exited the Embassy building and took some photos of the students by the phone box and in front of a banner (but covering out non Northrop Grumman logos) [Side Note: I somehow found a link to the image by searching for “team uk banner tier 2“, which was the text written on the banner and not on the Facebook page – Google has just gone up in my opinion].

After leaving the Embassy compound and coming back onto US soil, we got onto the minibus to head to the hotel to drop Diane off. On the journey back, as I was trying to write up some information about what had been happening during that day for this blog post (I had time as we were stuck in traffic and it would save me having to write it up in my room at night. [Luckily I hadn’t got to this part yet, otherwise I would have had to write up about writing up this part, and that would’ve become messy]), one of the students noticed what I was doing and it then sparked a conversation about my blog [shameless plug]. One student had accidentally found out about it by noticing an image of the classroom whiteboard on Google images when looking for help with CyberCenturion. Anyway, this then led to a conversation about me writing up what’s been happening on the trip as we’d all forget about the majority of things we’d done in a few years time. The students then promptly went onto my website and reread the post about this year’s competition final, saying that they had indeed forgotten about some of the things that had happened. Anyway, for most of the journey back the students then read various other blog posts and occasionally asked me questions about them. I like to think that I helped keep them entertained, so I’d like to thank previous versions of myself for help with this.

We dropped Diane off and had a quick stop at the hotel to drop cameras off and collect any money, as we then headed off to Leesburg Corner shopping outlet. After getting off the minibus once we arrived at the outlet mall, we had a look at a stores directory sign to see if there what shops were available. Either we looked lost or suspicious, as soon afterwards a member of the security team came over to us on a three-wheeled Segway to ask if we needed any help. We said that we were just looking at the map and the security officer drove off. We agreed to meet up around an hour and a half later, then split up to do whatever shopping was needed.

I’m not much of a shopper, and apart from trying to look for Froot Loops, there wasn’t much that I wanted. I may have gone into some of the stores just to have a look at what products they had, but as most of them only had the owners standing around, it was quite awkward to go in. Instead, I decided to just walk around the place. This was useful, as tomorrow I’d be sitting down quite a bit as we’d be back on the plane. Apart from it being a warm evening with a nice sunset, walking around was pretty uneventful until I spotted a really large spider hanging from a sign. I’m not sure what it’s called, but it’s abdomen was a shiny grey/blue and it was about an inch wide. I took a few photos of that, then walking past a shop window there was a praying mantis. That was something I certainly wasn’t expecting to see! I watched it for a few minutes, and in response it watched me. When I walked around to see a different side of it, its head would follow. Eventually it started to walk off, presumably due to me disturbing it. It was heading towards one of those large spiders, but although I thought there may be a stand off, nothing happened. I carried on walking around the centre and found another praying mantis too.

After that, I had food from the food court and ate it outside, as some of our student had done the same. By the time I’d got to the food court, only a pizza place was open, so I had 2 pizza slices and a garlic bread (the size of one pizza slice would be equivalent to two of our British-sized slices). We all had a talk about how the day had gone, how the trip had been very enjoyable and interesting, and general “stuff”. One student said that they’d spent a few hundred dollars in the end, mostly on a hundred dollar plus pair of sunglasses.

Once everyone had met up and had some food, we got back onto the minibus and headed back to the hotel. On the journey we spotted some more Northrop Grumman premises, helped by their logos being lit up. After arriving at the hotel and thanking our driver, we had a debrief in the lobby area of the hotel. This allowed us to reflect on all of the information that had been said in the Embassy, and in general over the last few days. Everyone had said they’d found it very interesting and insightful, and those students who are in the Sixth Form and heading off to university had an idea of looking into internships. It was speculated that an internship in America may be possible, as we’ve become well known to a number of high level people in Northrop Grumman. As it was the last night, we also talked about making sure cases were packed and brought down ready to go onto the minibus in the morning, then headed off to our rooms.

Well, a few hours after we’d left the lobby, I’ve packed my case, written up what’s been happening today and am just watching the weather channel before I go off to sleep. It seems that the hurricane has slowed down quite a bit today and has gone from a category 4 to a category 2. Still destructive, but not as bad. Also the path seems to now be predicted to be further away from where we are located, so that should mean our flight isn’t disrupted.

The TV showing an enhanced satellite image of Hurricane Florence and the predicted path

Then again, I’ve just had a notification on my phone about the hurricane…

A Google map showing a warning for Hurricane Florence
Did you know that Google provides public alerts? You do now. But only for certain countries. I don’t know if it’s good or bad the UK isn’t on the list…

Leave a Reply

Your email address will not be published. Required fields are marked *