Cyber Soldiers participate in CTF for Missing Persons

By Mr. Steven P Stover (INSCOM)July 29, 2019

'Doing Great Things' 100CST
FORT GEORGE G. MEADE, Md. --Soldiers from the 100 Combat Support Team, E Company, 782nd Military Intelligence Battalion (Cyber), (from left to right) Staff Sgt. James Hansen, a signals intelligence analyst (35N), Staff Sgt. Joseph Rosales, a cryptolo... (Photo Credit: U.S. Army) VIEW ORIGINAL

FORT GEORGE G. MEADE, Md. -- Soldiers from the 100 Combat Support Team, E Company, 782nd Military Intelligence Battalion (Cyber), participated in the Trace Labs Global Missing CTF (Capture the Flag) 2 event, an Open Source Intelligence (OSINT) CTF for Missing Persons on July 13, and took third place out of approximately 100 teams.

According to their website, Trace Labs is a "not-for-profit organization whose mission is to crowdsource the collection of OSINT to generate new leads on active missing persons' investigations…The CTF's purpose is to use OSINT tools and techniques to locate real missing persons around the world."

"The TraceLabs Missing Persons CTF is unlike any other CTF on the internet," said Capt. Mark Klink, the 100CST team lead. "By using OSINT tools and techniques, competitors submit information (instead of flags) that is used by local and federal law enforcement agencies to locate real missing persons, missing from a matter of days to nearly 10-years. Due to the scope and the purpose of the CTF, a high degree of technical knowledge isn't required, and it's a good opportunity for the non-17 series (cyber operations specialists) members in our brigade to get experience competing in a CTF-like environment. In fact, many of our 35-series counterparts perform better in a CTF like this."

Competitors could participate as either a one- or four-person team. The four-person team from the 100CST included: Capt. Klink, Staff Sgt. Joseph Rosales, a cryptologic linguist (35P), Staff Sgt. James Hansen, a signals intelligence analyst (35N), and Staff Sgt. Jackson Rolf, a cryptologic cyberspace intelligence collector/analyst (35Q).

"Having no prior experience with CTFs, I didn't have an established set of OSINT tools going into this," said Rosales. "After the event, I believe we all came away better at gathering public information, which comes in handy not only for CTFs like this, but when it comes to my job as well."

"I was interested in competing because I saw it as an opportunity to sharpen some of my skills while contributing to a worthy cause," said Rolf. "Using OSINT tools should always be the first step when performing analysis, and I saw this event as way to learn new tools within the OSINT framework and improve my intuition during initial analysis."

In addition to be a worthy cause, Rolf highly recommends that other Soldiers participate in CTFs. "Analysts should have a good understanding of how to gather as much information as possible using open source tools because this is the least 'noisy' form of information gathering. Participating in this event reinforced just how much useful information can be gathered on a subject using OSINT tools. I'd highly recommend that others participate in CTFs because they are great way to improve your analytic techniques, and they are a lot of fun."

Klink believes CTFs are an excellent way for Army Cyber and MI Soldiers, and Civilians, to stay sharp on tools and techniques they may not experience on a daily basis.

"Similar to crossword puzzles, Sudoku, Rubik's cubes, and other puzzles, CTFs allow individuals the opportunity to think critically and compete with peers, subordinates, and industry professionals all over the world," said Klink "In the case of the Trace Labs Missing persons CTF, nearly 100 teams submitted thousands of links to information regarding real-world missing persons information, including last known whereabouts, images, CCTV snapshots and more. This information is given directly to law enforcement agencies at the end of the CTF for use in locating the missing persons. Trace Labs tends to use the tag, #OSINT4GOOD, clearly stating that this CTF is "more" than your average competition, but directly contributing to the community and making the world a better place."

According to Klink, the CTF was very competitive, and although the event only lasted for eight hours "the fight for the top three changed pretty frequently up until about the last 60-minutes."

In total, there were nearly 100 teams and more than 200 individuals competing and the 100CST team, "Doing Great Things" came in 3rd place by a fair margin.

Klink remarked that it was the first time that two of the four people on their team had competed in any kind of CTF at all, and they certainly plan on competing next year at the next remote Trace Labs CTF, with the possibility of traveling to DefCon and competing at the 2nd Annual Trace Labs Missing Persons CTF at Defcon 2020.

"The competition was very competitive from the beginning. Our team had experienced analysts who were all taking it very seriously, and we still were unable to come out on top," said Rolf. "Our team was very much focused, breaking for only 20 minutes for lunch, during the eight-hour stretch of the competition. We came pretty close to breaking second place a few times, and I have no doubt that our team would have been neck-in-neck with first if we could do it again."

"The event was long, but knowing it was for a good cause kept me from taking many breaks," added Rosales. "I look forward to the next opportunity to compete in a CTF like this one."

The CTF was 100 percent virtual, so the contestants could participate from any geographic location, and although there was a minimal entry fee, all the proceeds went towards supporting the Trace Labs infrastructure and operating costs to enable the organization to continue crowdsourcing OSINT to assist in locating missing persons.

For more information on Trace Labs and upcoming CTF events, visit the Trace Labs Website at https://www.tracelabs.org/.