STEM - Hack the Gibson

Two of my, now postgraduate, friends from university: Matt Pugh and Max Walker,
ran a STEM activity for the Computer Science department. I was invited along to
help run one of these sessions; providing the usual malarky of slide turner and
general oddsbody, pointing those who were confused the the activity in the
right direction and, ocasionally, getting them back to where they'd got to,
before they'd done something silly, like reset the browser they were working
in.

The activity was rather cool from the CompSci perspective; the year 9 children
had been given control of a network of computers and had to find and stop a
cracker1 that had accessed their network. This process was
only slightly exagerrated: emails were just files in a directory and there was
an decrypt command, that would have taken at least ten arguments, rather than
the answer to a number puzzle. But it was meant as an educational activity, not
a realistic one, but, for the most part, all the commands could have been typed
into a regular Linux/UNIX terminal and would have given the same effect.

Once the kids had settled into their groups around the correct computers, we
gave them a quick talk and then proceded to take them through the first
computer.

To start with the game starts like this:

The Admin Console

The idea from here is to use the basic Linux/UNIX tools: ls, pwd, cd and
cat to navigate the filesystem to the emails directory and read the email there.

The email explains the scenario: the lead sysadmin is away and its now your
task to connect to another computer and investigate the problems its having.
Moving back up to the home directory there is then a file which contains IPv4
addresses and passwords for other machines. We then teach them about the ssh
command and how to get into the next machine; this is a great moment for them
as they feel they've hacked into someone elses computer; ignoring the fact that
they were asked to and given the passwords.

SSHing into another box

From here they're more or less left to their own devices, the actual flow of
the game is fairly repatative: go into emails; find the important one - there
was even some spam emails put in there for realism; and then find the IP
address and password using the information from this email.

This is where a fun non-Linux/UNIX command comes in: decrypt. Items like a
user log file are encrypted in this network and to reveal the contents of them
they must be decrypted.

Dencryption of a log file

Finally they reach the final computer on their network, this is where most of
the kids finish due to time constraints, but the really clever ones start
finding the IPv6 address of the cracker.

Partial IPv6 address of the attacker

Of course they're going to want to SSH into it to and find a way to make them
stop, but I won't spoil the ending ;-).

The final part is a quick discussion of whether they enjoyed it and if it had
made them consider a future in Computer Science; there's a big push towards it
in the education system and certainly some of the schools attending said that
they would be running their first computer science courses in the following
year.


1 I use cracker instead of hacker because to
myself, a hacker is someone who tinkers with existing programs for
non-nefarious purposes.