New Delhi: CyberPeace Foundation (CPF) an award-winning nonpartisan civil society organization, think tank of cybersecurity and policy experts in association with ministry of electronics and information technology (MeitY), government of India and eSafety, government of Australia is hosting the second edition Global Cyberpeace Challenge 2.0 (GCC-2.0). The championship beginning with registration of participants will conclude on February 9 with announcement of results and cash awards worth millions.
Apart from the government agencies private players in the field of information technology and security like Tech Accord, Palo Alto Networks, The Hacking Lab, Kaspersky, Cyberdome – Kerala Police, Maltego, Ostrom Workshop – Indiana University, SANS, POLCYB, International Center for Missing & Exploited Children (ICMEC), National Center for Missing & Exploited Children (NCMEC), VJTI and Buffalo Soldiers are also participating in hosting the event.
Vineet Kumar founding president of CPF said that after successful completion of GCC 1.0, they were encouraged to launch the second global event in which around 50,000 people are likely to participate globally. “The previous version of the cyber challenge prime minister Narendra Modi accompanied by the Prime Minister of Sri Lanka Ranil Wickremesinghe and Secretary-General of ITU, Houlin Zhao handed over the prizes to the winners. The results would be announced on occasion of safer internet day—February 9 and a similar prize distribution event would be organised,” he said.
The competition has been divided into three parts— Cyber Policy & Strategy Challenge, Peace-a-Thon: The innovation challenge and Capture the Flag (CTF).– Download the brochure here
Cyber Policy & Strategy Challenge
This is a competitive scenario simulation exercise to respond to a realistic, evolving international cyber crisis. The main aim of this simulation is to understand the policy and strategy challenge associated with management of trade-offs during the cyber crisis.
This also helps us assess the cyber capabilities, responsibilities, policy and the current cyber-governance structure. A cyber crisis scenario will be presented to the teams. The team that is best equipped with knowledge of foreign policy and cybersecurity, to solve the issue, will be declared the winner.
1- Participants can register themselves by visiting the GCC official website (www.cyberchallenge.net)
2- Participants must provide their respective profiles that demonstrate their efficiency in the Strategy and Policy Domain.
3- Participants must adhere to the guidelines when filling up the form.
4- Entries will be shortlisted as per the data provided during the registration
1- Top 50 shortlisted participants will be required to present their policy against the problem statement provided
2- The problem statement will be shared one-hour prior with the participants
3- A window of 48-hours will be provided for the final submission of the policy
4- The participants are required to produce original ideas, content if found plagiarized will be disqualified
Peace-a-Thon: The innovation challenge
Peace-a-Thon will be hosted online globally. The competition will be hosted in two phases–Ideathon and Finale Participants can register as individuals or as a team of three members. Participants will be required to develop a working solution to the given problem statement
1- Participants can register themselves by visiting the official website of Global CyberPeace Challenge 2.0 (www.cyberchallenge.net)
2- A set of problem statements will be published on the website, participants will be selecting any of them as challenge to develop the solution
3- Participants need to submit their idea and technology to be used at the time of registration
4- Shortlisting of the participants/Teams will be done on the basis of the ideas submitted
5- One team/Participant can submit only one idea
1- Shortlisted participants will be called for the Grand Finale of the Global CyberPeace Challenge 2.0
2- The grand finale of Peace-a-Thon will be hosted on Zoom
3- Link to join the competition will be mailed to the participants one hour prior to the start of competition
4- The grand finale will be a 48-hour long event, participants are requested to be online for the whole event
5- Multiple sessions will be organized for the participants during the grand finale
Capture the Flag (CTF)
Capture The Flag (CTF) will be hosted online globally. CTF will be hosted in two phases – Elimination Round and Finale. Participants can participate individually or in the form of a team. Participants will be required to find the vulnerability in the CyberPeace Range created by the hosting committee
1- Participants can register themselves by visiting the GCC official website (www.cyberchallenge.net)
2- Participants must provide their respective profiles that demonstrates their efficiency in the cyberPeace security domain
3- One entry per participant will be accepted
4- Participants must adhere to the guidelines when filling up the form
1- Post registration participants will be given the link to elimination round
2- Elimination Round will be live for three weeks
3- 24 IT Challenges will be created
4- Primary ranking will be according to points from solved challenges. Ties will be broken by using each teams’ average time between “release” of challenge to time of solution submission
5- Mode will be Flag + Writeup, so teams must hand in a description of how they solved the challenge
1- The Grand Finale of GCC-CTF 2.0 will be hosted on 28 and 29 January 2020
2- Selected candidates will be given the credentials of CTF one hour prior the start of competition
3- A total of 12 challenges will be provided
4- Mode is Flag + Writeup, ties will be broken by writeup quality
5- Winners of the GCC-CTF 2.0 will be announced on 9th February 2021.
CTF Types :
Global CyberPeace Challenge 2.0 CTF has two types of contests —
- Information Technology Capture the Flag.
- Operational Technology Capture the Flag.
Information Technology Capture the Flag (ITCTF):
- In this type of CTF a different platform will be provided where participants/teams have to register or login with predefined credentials separately and all the information will be sent to their registered email address.
- Participants/teams will be provided puzzles, programs with security vulnerabilities. There is a Secret key called ‘flag’ embedded with each of the puzzles. Finding the same is proof that participants have solved the particular challenge and by submitting the flag earns the points.
- Flags are chosen to look very distinctive and a special type of formatting that participants can easily recognize that it is the flag.
- Task will be categorized as Cryptographic challenge, Steganographic challenge, Web based, Reverse engineering, Networking, Forensicsand others.
- Each problem statement has its own points which depends on the hardness of the problem.
- The marking procedure depends on how many points participants would have earned and how much time they have taken to submit the flags.
Operational Technology Capture the Flag (OTCTF) :
- The registered participants will be given remote VPN access to the OTCTF platform. They have to log in to the system first as per the credential and specific time slot provided to them by the organizers.
- The system will be a non hardened Industrial Control System (ICS) with the pre configured vulnerabilities.
- The task can be divided as– Participants have to discover the IP range of the OT Network, discover the devices connected to the network and its running protocols. Find the device or devices with vulnerabilities and exploit the system to gain access to the system.
- The infrastructure can be as complex as a real Industrial Control System used to have.
- A Proof of Concept report with proper screenshots needs to be sent with all the information like discovered IP range, connected devices, running protocols, and attack methodology to the organizer to the email@example.com email id. Also mention the tools and if any script is used in the attack methodology.
- The marking procedure depends on discovered IP range, number of devices and protocols, number of compromised devices and also on the time taken to send the Proof of Concept report and its strength.
- CAUTION: The participants need to secure their attacking system first before entering the OT Network. As their System is suspected to be attacked by the other attackers. The organizer will not be responsible for any kind of damage.
Guidelines and Rules for participation :
- Participants should provide truthful and authentic information to the organisers while registration.
- Don’t Delete Files or edit Services and ruin the fun for other players.
- Don’t share flags or ask for flags. It’s a competition, do your personal best.
- Don’t register multiple accounts.
- Participants can participate individually or in Teams (max. 3 participants).
- Participants shall keep their contact information accurate and up-to-date.
- Don’t generate excessive load. DDOS will not be necessary.
- Any malicious activity against the challenge infrastructure and framework will cause immediate disqualification from the challenge.
- The participant shall not use this contest to do anything unlawful, misleading.
- If any participant is found to have violated the terms & conditions of the contest, the Organizing Team has all the right to disqualify the participant/team without prior notice.
- Jury has all the rights reserved, in case of any conflict, the decision of Jury shall be final.
- Global CyberPeace Challenge Team reserves the right to change Terms and Conditions.
Why Cyberpeace Challenge matters
Security of Smart Homes (5G & IoT)
So why are we talking about smart homes? Network service providers will have extensive access to large amounts of data transferred by user devices and so-called smart homes. It could show exactly what is happening inside a user’s home and describe their living environment, in-house sensors and parameters via metadata.
In some cases, vulnerabilities could cause injuries or ill health, for instance, if a client’s therapeutic gadgets are disconnected and not operational. The potential threats may become even greater when critical infrastructure components such as water and energy equipment are put at risk. Research this new technology and help users to stay safe in the 5G-covered world!
Driving Innovation to Monitor Online Sexual Abuse Against Children
Description: “Across the world the production and distribution of images and video depicting the sexual abuse of children has reached a level that is exceeding the capabilities of law enforcement to investigate and prosecute. The sexual abuse of a child is a crime and requires investigation and intervention when detected. What technological solutions can be implemented to stop the flow of these images into, across and out of India whilst ensuring that appropriate action is taken to locate and identify child victims? “
What technological solutions can be given to law enforcement to help them handle the volume of referrals they are getting daily? How can they easily triage the information they are receiving to determine which cases are a priority?
Reports of child sexual abuse material (CSAM) have dramatically increased over the years and is still growing. The National Center for Missing and Exploited Children has received over 80 million reports regarding the exploitation of children that resolve globally. The internet has made it easy for abusers to create images and videos and to share these files with other abusers. This in turn perpetuates the abuse and retraumatizes the child each time that image or video is shared. Offenders are getting more and more technically savvy in hiding their identities online and hiding the identifies of the victims.
Around the world many countries have hotlines that allow citizens to make reports regarding websites that contain CSAM. Help create a reporting mechanism that allows citizens of India and victims to easily submit reports that can be taken and forwarded onto law enforcement for investigation or notify ISP’s of this material, so it can be taken down.
Integrated Recourse for Cybercrime Victims
Description: Technology has played an important role in transforming lives by providing digital authentication, facilitating digital payments and extending the service to citizens through digital means. Banking, communication, government services, ecommerce etc. is available on the fingertips and, in event of a disruption, can lead to national chaos or disrupt our personal life. Due to the nature of cyber (or technology) integration in our life and work, it is important that citizen support should be all encompassing and be available through a single channel.
The challenge here is to facilitate citizens at different levels for reporting any incident related to Digital Payment through a single channel preferably through an app or website. The solution should be capable of advising remedial actions. Solution shall carry out historical analysis based on the incidents reported to it and generate regular advisories to its users. It shall also provide correct and updated contact details for reporting incidents to Regulatory Authorities/Law Enforcement Authorities, if required all necessary communication may also be initiated through app/website only on behalf of the user (one stop shop for all complaints related to digital payments). This will not only help citizens but also it will emerge as a central helpline for all incidents related to Digital Payments regardless of industry/sector.
Description: Stalker ware is (primarily mobile) spyware that is often used in abusive relationships by partners or ex-partners to exert power and control over survivors. It allows an abuser to remotely monitor activity on the phone, including message content and browsing activity, and track the phone’s location, often in real time, activity that is tremendously invasive and causes significant psychological trauma. Though technically not very different from malware, traditional anti-malware techniques are not suitable due to the power and control dynamics in abusive relationships. For example, a survivor may not want to remove stalker ware because it may alert the abuser and that could result in the escalation of the abuse. What technical or non-technical solutions (or a combination thereof) can be implemented to limit the harm caused by stalker ware while keeping abuse victims safe?
Intimate Partner Violence Threat Model:
Description: Intimate Partner Violence (IPV, sometimes referred to as domestic violence) is an age-old problem that persists around the world. Technology has given abusers extra abilities they did not have in the past and would allow them to spy on an (ex-) partner’s phone or remotely control Internet-connected devices (like lights or locks) in their house. Though technologists are aware of security threats, they often do not consider threats posed by an intimate (ex-)partner when designing, testing, or deploying products and services. Unlike a typical cybercriminal, abusers are often in physical proximity to their target and may know enough information about them to access their accounts or circumvent security controls. What can we do to make technologists consider this particular and important threat when developing software and devices? You might also like to consider image-based abuse.