This has historically been a pretty fun challenge to do. Earlier levels are quite easy, but later levels can be quite challenging and require specialized skills (e.g. reverse engineering, binary exploitation, cryptography). There’s a decent focus on “realism” which makes the challenge series more interesting than a typical CTF. If you’re eligible to participate I’d highly recommend checking it out.
P.S. if you do well, the NSA sends you swag; I have a couple of very nice signed letters and NSA medals that look great in my office :)
After reading "Permanent Record" by Edward Snowden and "Cult of the Dead Cow" by Joseph Menn, I can't help but feel like the NSA is basically "the bad guys", and I assumed most hackers would feel the same. Are people really excited to do challenges like these for them?
I don't mean that in an accusatory way, just genuinely curious as my perspectives (one from a whistleblower and one from 80s hacker culture) are obviously not the same as those of a modern day hacker.
I'd recommend reading James Bamford for a more positive look at NSA and their charter...which is essentially math, math, and more math, and unrelated to politics within NSA anyway.
The Snowden stuff is extraordinarily excerpted to that which a contractor (Snowden) was seeing in a post 9/11 strange fiasco which did bring politics into play. Bamford predates that mess.
NSA is an enormous organization with many chartered activities, some small amount of which involve math, some of which is defensive and benign, some of which is offensive but understandable in the same sense our maintenance of a fleet of nuclear-powered aircraft carriers, and some of which is probably hard for anybody to get comfortable with (much of which should be halted). A lot of what NSA does is ultra-boring, and some of that should be halted too. Like every major federal government bureaucracy, NSA's most important charter is to secure more budget for NSA (which I maintain is actually an important fact to keep in mind when designing technical security countermeasures).
My point being: be wary of any attempt to characterize NSA in just a sentence or two.
Some of this puts me in mind of people's mental model of NIST as a hive of USG cryptologic activity when it is in reality like 3 very overworked cryptographers and a bunch of project managers. (Someone correct me on this, and then reach out about being on the podcast).
> The Snowden stuff is extraordinarily excerpted to that which a contractor (Snowden) was seeing
I highly recommend you read his autobiography. The typical Beltway career in IT is getting clearance and then coming in as a contractor, there is nothing out of the ordinary here.
Adding to that, he was directly employed by the CIA from 2006 to 2009. The "contractor" line is a really sad attempt to discredit him.
I would love to hear more about how Menn's book about a clique of nerdy teenagers shaped your opinion of NSA. (Some of those nerdy teenagers are friends of mine; we were nerdy teenagers of the same vintage. I'm not dunking on them.)
You’re right. The US IC has shown time and time again that they have no moral compass, no regard for the US Constitution, and no regard for human rights or the rule of law.
That said, neither do a lot of hackers. There is a long history of collaboration between hackers and the military-industrial complex. Silicon Valley is Silicon Valley because of the DoD. And the director of the NSA once gave the keynote at DEF-CON.
Even the best hacker movie, from which I take my nick, ends with the hackers assisting the NSA as if they are the good guys. :(
Intelligent people like Snowden don’t become
as deep into the NSA as they are without a whole lot of “good guys” propaganda for many years first.
That’s a distinction without a difference. He was directly CIA for a bit, and went through the revolving door to a contractor who was placed at the NSA. It really doesn’t matter which corporate entity’s name is on the pay stub; it’s all the same public-private scam. Whether or not Booz gets a percentage of the tax money firehose for running the payroll or not is of no import.
All of this is covered in his book, which is a decent read. I recommend it because it’s information dense and quick.
Furthermore, I said he was deep into the NSA (which he was), not that he was employed by them.
The NSA was effectively blinded for a period of time. Do you think bad actors didn't take full advantage of this? Where did Snowden work prior to NSA? Why doesn't Julian Assange have a Hollywood film?
> Anyone with an email address from a recognized U.S. school or university may participate in the challenge.
Aww, that's not so fun :( Was kind of curious to participate, but seems it's US + students only. Kind of makes sense that it's US only I guess, but why only students?
They primarily do. Someone else on the thread says they do some industry hires, but everyone I know who worked there was recruited from engineering school.
I know a few people who went in as experienced hires, but the NSA in particular is happy to do high-paid contracts if you have the appropriate skills, so most of their actual employees seem to be straight out of school.
They primarily do. Someone else on the thread says they do some industry hires, but everyone I know who worked there was recruited from engineering school.
I remember a bunch of TLAs approached most of my friends in college, but never took an interest in me.
At the time I thought, "That's stupid. I'm the best phreaker in this NPA!" Later I realized this might be a liability, not an asset.
There are many pathways and schools internally for the different directorates.
Most programs are partnered with outside schools, with some giving you course credits for internal classified work and only requiring a few outside unclassified courses to fulfill needs. Many of these are MS degrees. I got one through one of these programs. Which come in handy with restrictions on promotions / positions based on ed reqs.
but they generally are not the type to be filtered by an email domain requirement.
They are exactly the type to filter by something as "trivial" - 99% of their target audience is Math nerds with .edu emails.
The other 1% will go the other 99% of the way to acquire the needed materials to satisfy the target condition. Which in this case, is a room-temperature check compared to the challenges.
I completed the 2022 version of this and received some nice NSA memorabilia. It is a fun challenge, but it is pretty difficult to complete it all. Looking back at 2022, it looks like maybe 100 people completed the entire challenge.
> it looks like maybe 100 people completed the entire challenge.
It looks like (https://nsa-codebreaker.org/leaderboard_2022) at least 350 schools has a "School Solve Times" that isn't null, so unless some students are enrolled in multiple schools, it seems like way more than 100 people managed to solve it.
Go to Task 9 at the bottom. 40-someting schools had people score, about 102 people scored on that task (more completed it though, not sure what the difference is, hand counted so may have miscounted).
Correct, which is why I say 100-something. For some reason, they put all the schools in every table. Just a guess, but I assume "scorers" are only people who solved it in the limited time window.
I got this error while trying to register. Does anyone know a simple way to bypass this ?
"Sorry, that email domain is not recognized. -- An email address from a recognized U.S. school or university is required. If your school's domain is not recognized, please request it to be allowed by clicking HERE"
Just because it's a computer security challenge doesn't mean you should start breaking into the website before the challenge begins. That's akin to suggesting that boxers who were deemed not to qualify for a competition should punching the referee to prove otherwise; what's normal inside the sport can be entirely unacceptable outside it.
I agree, but it clearly says you need an edu email. Either you have an edu email, or by asking how to skip that check you're trying to circumvent the website limitations. So in spirit, you're already trying to break in, just through different means :)
If you don't have a family, the Air Force won't let you fly a plane.
You think being Omni-potent in a modern world wouldn't bring its own shade of problems?
It's more akin to the boxers who were deemed not to qualify cuz their deemed arbitrarily too old remind the judges of their youth, all in good fun.
If you cannot get access to an @edu email for long enough to verify a 2FA between Facebook familiarity and now, you likely aren't of the caliber outside of the domain specialty that can be entrusted with that magnitude of information.
If you don't have a family, the Air Force won't let you fly a plane.
Can you cite a source for this? I'm acquainted with some USAF people and have close friends with fighter pilot siblings (I know, family) and I have never heard this before. If by "family" you mean "a spouse", the people going up in trainers are too young to have built families, so that can't possibly be a DQ.
Is it cheating to use commonplace AI? NSA are a practical bunch, they probably dont much care how one solves the problems, but AI could change the nature of such tests. The rules say no getting help from persons, which leaves the AI door open imho.
(Fysa, there is a reasonable chance that someone involved in this competition is following this topic. HN is known in the more nerdy corners of the int/defense world.)
P.S. if you do well, the NSA sends you swag; I have a couple of very nice signed letters and NSA medals that look great in my office :)