Red Team versus the Agents
At a nuclear weapons lab, a team of elite hackers matches wits with undefeated autonomous defenders
ALBUQUERQUE, N.M.--By the time my escort steers me past the armed guards, key-coded doors, and bags of shredded paper into the heart of Sandia National Laboratories, the rematch has already begun. Inside the Advanced Information Systems Lab, six men sit around a large table loaded with laptops and network cables, which snake over to a rack of high-powered machines labeled BORG SERVER CLUSTER. These men are the defense--the Blue Team in this high-tech version of capture the flag--and they lean back in their chairs confidently. This past March, they claim, their "agents"--computer programs that autonomously cooperate to protect a networked system--became the first defenders ever to thwart Sandia's esteemed Red Team of professional hackers. But that was in a two-day skirmish. Now Steven Y. Goldsmith, the research group's lead scientist, has invited the Red Team to spend this entire week in September trying to dodge, destroy or confuse the agent programs.
Sandia began recruiting some of its most highly skilled computer-security experts for Red Team missions four years ago, as attempts by crackers--malicious hackers--to break into corporate, government and military computer systems appeared to be growing rapidly. In March an annual survey conducted by the Computer Security Institute and the Federal Bureau of Investigation found that 70 percent of such large organizations had detected serious computer-security breaches during the past 12 months--the fourth straight increase. The main aim of Red Team exercises is to find security holes that crackers could exploit, before the crackers do.
"Our general method is to ask system owners: 'What's your worst nightmare?' and then we set about to make that happen," explains Ruth A. Duggan, the Red Team leader. Each nightmare scenario becomes a "flag" to be captured in the mission. "Most often we model a cyberterrorist organization that has mercenary hackers and the resources of a small nation-state," Duggan says. "That means they can buy all the skills they need, information about the design" and even the help of corrupt insiders. In the past two years Sandia's team has been asked to test three dozen supposedly secure systems, including those of military installations, oil companies, banks, electric utilities and e-commerce firms. The team brought home undisputed flags from each encounter, until the one against the agent-protected system in March. The agents are a new kind of opponent, however. Three years in development, these programs are designed to act as artificial organisms. Their code is arranged into "genes," and the agents adapt in response to stimuli and communicate with one another to identify suspicious activity, such as unusual network traffic and unauthorized probes. As a result, the agents can detect and foil many kinds of insider attacks by bought or blackmailed operatives. Combining these capabilities is a new approach in computer security, Goldsmith says.
In this test, the agents are striving to prevent both outsiders and corrupt insiders from tampering with a security system for extremely sensitive facilities--Goldsmith won't say what kind of facilities exactly, but I imagine underground vaults with big red buttons marked DO NOT PUSH. A scattered group of high-level officials uses Web browsers to approve or reject the names of those who request access to the areas. The list of approved names then has to be transmitted across a far-flung network to a guard's desk at each facility.
Four members of the offense now huddle over their own laptops in a closet-size room connected to the lab. On one wall Julie F. Bouchard has hung the "attack tree," a poster-size diagram of the devious steps that the Red Team believes will allow it to capture six distinct flags.
Ray C. Parks, head hacker for this mission, swigs coffee from a thermos and pops Atomic Fireball candies as he watches a commercial program called Net X-Ray probe the Blue Team's security system for holes. A laptop computer next to him runs Snort, a free Linux program, recording all the information zipping around the network. Robert L. Hutchinson looks over Parks's shoulder. "Okay, here's the connection request," he says, pointing at the screen. "There's the acknowledgment ... and there's the name: Charles Carpenter ... ID number 3178633466," he reads, scribbling notes.
Realizing they can steal ID numbers, the team members ask an agent programmer, playing an inside collaborator, to deliberately insert a "bug" into the system. The new code watches for a name to be approved and then immediately transmits a different name--representing an infiltrator--that has the same ID number. They also try it vice versa: bad name followed by good.
In the Blue Team's room, Goldsmith now leans forward, sullen. "The first case crashed a machine, although it did set off alarms," he says. "But in the second case, you achieved one of the major flags--tricking [the guard's computer] into displaying an untrusted name. And it went completely undetected by the agents. Very well done," he concedes. But it is only day two of the seven-day mission, and the Red Team has 13 attack routes remaining on its tree.
Over the next three days the agents put up a noble fight against a variety of network attacks, including so-called SYNYahoo, Amazon, CNN and other Web sites in February. But one by one, the Red Team captures every flag save the last: deceive the central server into adding an invalid name to the list.
It is late on day five when Stephen G. Kaufman bursts into the Red Team room and in a near shout announces: "The agents are communicating in plaintext--we can run files!" Kaufman is the team's expert in LISP, the language in which the system was written, and he has been scouring the system's source code for ways to exploit known weaknesses in the way LISP works on networks.
"Oh, goodie," Parks chuckles as Kaufman shows him how the agent will accept malformed input sent by a utility called NetCat. In the first test the agent gets confused and shuts down. At last Kaufman finds the right syntax, and the agent evaluates--that is, executes--almost any Linux command the Red Team cares to transmit. "Send it 'rm �rf'!" Bouchard exclaims. The team erupts in laughter. That command would delete everything on the Blue Team's hard disks.
But that would be too easy. "The golden egg is to steal the cryptographic keys" from three of the high-level officials' machines, Parks says. "Then we can approve any names we want," thus capturing the last flag. While Parks works on that, Kaufman informs the Blue Team that the Red Team can co-opt the agents. Shannon V. Spires, one of the agents' developers, squints at the news. "So they can get outside code evaluated?" he asks teammate Hamilton E. Link. "So they say," Link responds. "Well, if that's true, it's a huge problem," Spires growls, his face reddening. After more discussion, Spires rises from the table. "This is the master key to the system!" he says as he strides into the Red Team's room.
He looks over Kaufman's shoulder and peppers him with questions, walks back over to Link, and, after a few moments of low conversation, starts swearing and marches back to the Red Team. "Okay, guys, let me sit down here," Spires says. Before long, seven people are craning to watch as he attacks his own system.
After the dust has settled on the final day of the test, the teams compare notes. This last attack, Goldsmith says, "turned out to be the most devastating. We did develop an agent-specific virus that swipes the cryptographic keys. Had you done this attack first, you could have gained control of almost any part of the system--without relying on an insider. However," he adds, pausing for a beat, "adding one line of code--'setf read-eval nil'--fixes the problem. And we guarantee that we will never forget to set read-eval to nil again."
That lesson and a number of others are why regular Red Team trials are part of the design process. "This certainly isn't the last time we'll do this," Goldsmith says. And as a reward for the hackers' efforts, he promises with a smile, "we hope to figure out how to make evil agents that can assist you in making mischief." --W. Wayt Gibbs