NSA Codebreaker Challenge 2024(nsa-codebreaker.org) |
NSA Codebreaker Challenge 2024(nsa-codebreaker.org) |
P.S. if you do well, the NSA sends you swag; I have a couple of very nice signed letters and NSA medals that look great in my office :)
I don't mean that in an accusatory way, just genuinely curious as my perspectives (one from a whistleblower and one from 80s hacker culture) are obviously not the same as those of a modern day hacker.
The Snowden stuff is extraordinarily excerpted to that which a contractor (Snowden) was seeing in a post 9/11 strange fiasco which did bring politics into play. Bamford predates that mess.
Here's a link, for example.
My point being: be wary of any attempt to characterize NSA in just a sentence or two.
Some of this puts me in mind of people's mental model of NIST as a hive of USG cryptologic activity when it is in reality like 3 very overworked cryptographers and a bunch of project managers. (Someone correct me on this, and then reach out about being on the podcast).
I highly recommend you read his autobiography. The typical Beltway career in IT is getting clearance and then coming in as a contractor, there is nothing out of the ordinary here.
Adding to that, he was directly employed by the CIA from 2006 to 2009. The "contractor" line is a really sad attempt to discredit him.
And their expertise is exactly what makes a challenge like this difficult and fun.
That said, neither do a lot of hackers. There is a long history of collaboration between hackers and the military-industrial complex. Silicon Valley is Silicon Valley because of the DoD. And the director of the NSA once gave the keynote at DEF-CON.
Even the best hacker movie, from which I take my nick, ends with the hackers assisting the NSA as if they are the good guys. :(
Intelligent people like Snowden don’t become as deep into the NSA as they are without a whole lot of “good guys” propaganda for many years first.
Biggest event of 2013: Snowden.
Biggest film of 2013: Frozen (Let I.T. Go)
Biggest game of 2013: Last of U.S.
The NSA was effectively blinded for a period of time. Do you think bad actors didn't take full advantage of this? Where did Snowden work prior to NSA? Why doesn't Julian Assange have a Hollywood film?
The Fifth Estate.
Aww, that's not so fun :( Was kind of curious to participate, but seems it's US + students only. Kind of makes sense that it's US only I guess, but why only students?
It looks like (https://nsa-codebreaker.org/leaderboard_2022) at least 350 schools has a "School Solve Times" that isn't null, so unless some students are enrolled in multiple schools, it seems like way more than 100 people managed to solve it.
"Sorry, that email domain is not recognized. -- An email address from a recognized U.S. school or university is required. If your school's domain is not recognized, please request it to be allowed by clicking HERE"
Asking the same cause this is one I've never had time to do when I was in university and would like to do it now that I'm graduated.
It is a shame you can't get access as a non recruitment target though.
(Fysa, there is a reasonable chance that someone involved in this competition is following this topic. HN is known in the more nerdy corners of the int/defense world.)
https://github.com/luker983/nsa-codebreaker-2018
https://github.com/luker983/nsa-codebreaker-2019
You think being Omni-potent in a modern world wouldn't bring its own shade of problems?
It's more akin to the boxers who were deemed not to qualify cuz their deemed arbitrarily too old remind the judges of their youth, all in good fun.
If you cannot get access to an @edu email for long enough to verify a 2FA between Facebook familiarity and now, you likely aren't of the caliber outside of the domain specialty that can be entrusted with that magnitude of information.
Can you cite a source for this? I'm acquainted with some USAF people and have close friends with fighter pilot siblings (I know, family) and I have never heard this before. If by "family" you mean "a spouse", the people going up in trainers are too young to have built families, so that can't possibly be a DQ.
Although, not too unbelievable for highly-sensitive contexts.
A pilot with less obvious motivation to go AWOL institutionally could only benefit the context.
All of this is covered in his book, which is a decent read. I recommend it because it’s information dense and quick.
Furthermore, I said he was deep into the NSA (which he was), not that he was employed by them.
1. You can get one from Hafis: https://hafis.net/product-category/edu-email/,
2. or host your own mail server after registering an .edu address,
3. or maybe you can find someone in your network who still has a valid .edu address and is willing to register for you.
In fairness: so too does the claim that this is a test of whether you can hack a .edu email address, like it's 1994 and the next test in their CTF is whether you can find an X.25 outdial. No, they're just recruiting from engineering schools, like everyone else!
Career tip: if hoping for a GG-whatever role at NSA, recommend not committing crimes in the process of trying to impress them. They are a lot more boring than you think they are.
Career tip: if hoping for a GG-whatever role at NSA, recommend not committing crimes in the process of trying to impress them. They are a lot more boring than you think they are.
I remember a bunch of TLAs approached most of my friends in college, but never took an interest in me.
At the time I thought, "That's stupid. I'm the best phreaker in this NPA!" Later I realized this might be a liability, not an asset.
but they generally are not the type to be filtered by an email domain requirement.
The other 1% will go the other 99% of the way to acquire the needed materials to satisfy the target condition. Which in this case, is a room-temperature check compared to the challenges.
If comparable had happened in any other field, to any other adversary, that very fact would not be as advertised.
Does "the entire economy" include quantitative trading firms/hedge funds and alike? Feel like they'd probably be able to snap up quite a few.
And the former is similarly not evidence that they mostly hire people with edu emails.
PhD's in Math are very rare, and uneconomic. Aside from Wall Street and Langley, no one outside of SV Talent recruits are paying for someone who has spent their prime thinking years considering the viability of certain types of "up-my-sleeve" numbers - no one else has that capital for specialty, almost certainly fruitlessly, since infosec advantage isn't sum-net-zero. Any APT that will pay will have a slight advantage; that opportunity cannot be simply absconded.
That is why NSA skews the average with their hiring practice, let alone indirect contractor influences - although the pure math SME's are held tighter to the chest than even private contractors can boise.
> aren’t logically inconsistent.
Sure, if you remember PhD's in Ecliptic Curve Cryptography or Number Theory or applied but pure 'XYZ' field of promising arcane mathematics are extraordinarily rare, and skew towards a certain demographic as well. The motivated, undeterred, socially-inept few.
And the former is similarly not evidence that they mostly hire people with edu emails.
As the excellence required increases, the numbers get low enough, you can hire ALL the talent. And have enough 'explanatory' budget left over for institutional-preserving things and normal bureaucratic neo-con noise.
You can hire more Math PhD's than anyone, and still mostly not hire math people.
There are very, very few Math PhD's that can, even theoretically, threaten the current risk portfolio of our nation. But if they even did exist, you would not want to signal them out by being the only one they hired.
All signals require noise. Work cannot be performed absent a temperature gradient.
You are comparing those who speak a language very few can fathom to a magnitude more, less specialized, more general base, which in itself, is a superset of math nerds.
Almost all math nerds are "computer nerds" to the-non STEM type.
Control for proper prevalence and youll find your circle is much smaller than you wish you would believe.
Even if they hired the sum graduating phd class of every math program in the country it wouldn’t change the fact that math phds are not their hiring target.
They have to hire N non-math phds for every M math phd they hire to support their hiring metrics. Like every other large technical bureaucracy in the world.
None of that has anything to do with advanced capabilities and, again like every other technocracy, has to do with management and ops.
Even if they hired the sum graduating phd class of every math program in the country
country it wouldn’t change the fact that math phds are not their hiring target.
but the absolute best of those math PhD's already got poached; the challenge like above is dredging for raw infosec talent
they have to attract and retain the most misunderstood talent in the world in the most specific field with the smallest initial return on investment per head.
not doing so hands the lead over to adversaries, that maintain a near-constant academic/competitive edge due to domestic ...infil.
None of that has anything to do with advanced capabilities and, again like every other technocracy, has to do with management and ops.
It is so bizarre that a very-well known factoid is so earnestly debated.