Post on 15-Jan-2016
James Caroland, U.S. Cyber Command Greg Conti, West Point
http://www.scottmckay.ca/the-blog/tag/briefs
Lessons of the Kobayashi Maru: Cheating is Fundamental
Disclaimer
The views in this article are the authors’ and don’t reflect the official policy or position of the United States MilitaryAcademy, the Department of the Army, the Department of the Navy, United States Cyber Command, the Department of Defense, or the United States Government.
Or in Esperanto...
La views en this paroli are la auxtoro kaj dont reflekti la oficiala policy aux pozicio de la United Stato Military Akademio la Department de la Armeo la Department de la Navy United Stato Cyber Koamandi la Department de Defense aux la United Stato Registaro
http://www.dennismansfield.com/.a/6a00d834530c9c69e201157004e41b970c-800wi
http://www.dennismansfield.com/.a/6a00d834530c9c69e201157004e41b970c-800wi
http://commons.wikimedia.org/wiki/File:Test_%28student_assessment%29.jpeg
http://stuffmysisterswilllike.files.wordpress.com/2011/07/cadet-james-t-kirk-during-the-kobayashi-maru-scenario.jpg
http://i188.photobucket.com/albums/z35/demonoidtmn/Nar24.png
Joint Advanced Cyber Warfare Course (JACWC)
Setup of "Test"• Provide virtually no notice
• Choose "unfair" problem
• Tell students don't want them
to study... we want them to cheat
• Collaborative cheating was
encouraged, but this exercise wasn't a blanket license to cheat throughout the course
3.14159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852105559644622948954930
Examples
The False Book Cover
The Everyday Object
http://www.grainger.com
The Ceiling Tile
http://www.imaginghostingservice.com/d2ap2c11da4087.jpg
Hiding in Plain Sight
http://en.wikipedia.org/wiki/File:Hp_laserjet_4200dtns.jpg
Prepositioned Answers
http://en.wikipedia.org/wiki/File:Mengu_Ziyun_xia_24b.jpg
Alternate Encoding
Morse Code
Story Encoded
http://upload.wikimedia.org/wikipedia/commons/e/e5/Post-it-note-transparent.png
The Classic
http://en.wikipedia.org/wiki/File:EssayImageAction.png
Precompiled Answer
http://en.wikipedia.org/wiki/File:EssayImageAction.png
rand()
3.1415926535 + 90 random digits
http://en.wikipedia.org/wiki/File:Mengu_Ziyun_xia_24b.jpg
Power Point
3.141592653587932384626433327950288419769399375105829749445923078
3.141592653587932384626433327950288419769399375105829749445923078
3.141592653587932384626433327950288419769399375105829749445923078
Slide 1 Slide 2 Slide 3
Hash marks
Obscured by wholesome goodness
Ubiquitous Coffee
Ubiquitous Coffee
demo
Notebook Camouflage
Notebook Camouflage
demo
Roach clip engraving
Fake Barcodes
Customized jewelry
Artist daughter + code
Security Lessons Learned
• Most people are pretty darn good at cheatingo Especially the quiet ones
• Cheaters...o Exploit explicit and implicit trusto Exploit laziness o Exploit predictabilityo Exploit limitations of human and machine senses o Use everyday objectso Look where no one else is lookingo Use uncommon skill setso Have backup plans
AcknowledgementsWe'd like to thank... Mudge, TJ White, Eric McKissick, Mark Moss, and all the JACWC students.
See also... Gregory Conti and James Caroland. "Embracing the Kobayashi Maru - Why You Should Teach Your Students to Cheat." IEEE Security and Privacy, July/August 2011.
Questions?
James CarolandU.S. Cyber Commandjlcarol@cybercom.mil Greg ContiWest Pointgjconti@rumint.org
Teach yourself, your friends and your co-workers to cheat.
Our adversaries already do.