6 minute read
THE—CYBERSECURITY— RUMBLE IN THE JUNGLE
by Simon Carabetta , Project Coordinator at ES2
There were just four minutes remaining on the clock. I looked over to both of my co-commentators and could sense their anticipation and excitement. The three of us had been speaking on and off for the past five hours, keeping tabs on the leader board the entire time, and ensuring our audience remained connected to what was happening between 54 laptops across Asia Pacific. Three minutes to go, and our hearts were jackhammers. As much as we wanted a neck-and-neck race to the finish, that desired narrative was looking increasingly unachievable. The tension in the hotel from which we were livestreaming was palpable. without the excited commentary from my team, you would have heard a pin drop.
Just two minutes left on the clock now, and I looked over at the two roundtables set up in the room — one for each of the Malaysian in-person teams whose members preferred to attend the event physically. Both teams had resigned themselves to knowing they were no longer in contention for first place, even though I and the other commentators had decided to stop sharing the leader board more than 30 minutes prior. One minute to go, and only a handful of audience members remained in the room. The excitement, action and intensity of the packed crowd of spectators at the beginning of the competition had been superseded by fatigue, sore heads and boredom. I watched minutes reduce to seconds and could not believe we had finally arrived at this point.
Flashback to only two months prior. I am attending an after work function for Australian cybersecurity company ES2 when I receive a message from my good friend and industry colleague, Daisy Sinclair
“Yo Simon. What are you doing on the 19th – 20th May?”
“Not sure, how come?”
“Can I take you to Borneo to be a commentator for the Asia Pacific Cyber Attack Challenge?”
“Borneo!”
Now, I have to admit, this is not the first place that comes to mind when I think of cybersecurity, let alone some kind of cyber attack competition.
So, I ask her to continue, then give her a call and it all becomes clear. This was happening, and her home region of Sarawak, Malaysia, was hosting its first ever cybersecurity conference, APSec 2023. Sarawak is a region of Malaysia located on the island of Borneo. Malaysia shares the island with Indonesia and Brunei. The city in which APSec was to be hosted was Kuching, the largest city and the capital of Sarawak. It is a stunning city, situated on the Sarawak River and surrounded by greenery, mountains and lush jungle.
Looking into the conference a little more, I could see three other Australian presenters had been invited, along with a host of experts from across the Asia Pacific region. I was looking forward to some good networking as well as the Challenge itself.
Now, for those of you who are not familiar with Daisy, not only is she the CEO and founder of Cyber8Lab, WA’s foremost cyber attack response drill company, she is also a bundle of energy, accomplishing work in mere days that would take others weeks. I found out very early on that she had taken on full responsibility for organising the entire Challenge herself – from developing each task that teams would need to accomplish, to registering teams, getting sponsors on board, organising the production and live stream and pretty much everything in between, such as trophies, prizes and marketing collateral. Just typing the list of what she was responsible for has worn me out!
COFFEE-FUELLED CHALLENGE PREPARATION
Over the month leading up to the event there were a number of meetings where copious cups of coffee were procured and their contents ingested. We would discuss each of the scenarios in the Challenge and the real world implications, including examples to which we could relate. Sadly, there were far too many recent case studies and far, far too many close to home, such as the Optus and Medibank data breaches. However, such events help boost our security capabilities by providing students and professionals alike with hands-on experience.
Before too long I was on a plane early one Tuesday morning bound for Kuala Lumpur. Daisy had arrived the day before and was already waiting for me at Kuala Lumpur International Airport Terminal 2, ready for another flight to Kuching. We get in, I check into my room and I crash on the bed after spending a couple of hours going over my own notes for each scenario. The nervousness I felt about being part of the commentary team was growing and I really needed to get it under control. Fatigue helped.
I awoke the next morning and was surprised and happy to see the weather was far more pleasant than predicted by the forecast put out the day before. I was expecting an entire week of tropical thunderstorms, but instead I was greeted with sunshine. I planned to go for a short walk just after breakfast. Having to work remotely, prepare for the Challenge and wanting to sightsee, I would have to manage my time very well. Realistically, work is always the priority, and I spent a good amount of time in my hotel room in meetings, responding to emails and managing projects. Alas, I had no time for any tourist activities, apart from eating some really nice local food.
After what felt like two very long days couped up in my hotel room, sitting at my laptop with my Radiohead playlist in the background to kill the silence (with one little break to cheekily bring my laptop into the hotel’s cigar room and enjoy a nice Cuban while responding to emails), I finally emerged on Friday morning to attend the first satellite event of the conference, the business matching forum at the Sarawak Museum. This is an incredibly welldesigned building which I would have liked more time to explore, but after lunch it was back to the hotel to meet the rest of the team and set up for the big event next day: the Asia Pacific Cyber Attack Challenge.
18 Competing Teams From Six Countries
The Challenge itself was monumental: 27 unique scenarios with varying degrees of difficulty requiring either hacking or investigative skills. My thanks go to the amazing team at Cybexer Technologies, based in Estonia, for providing the Cyber Range to deliver the Challenge. We had 18 teams, with 54 competitors from six countries competing. So we knew it was going to be big. We also understood how challenging it would be to commentate for five hours, let alone stay in touch with the leader board, monitor the teams, help them respond to tickets
(lag was definitely a factor) and ensure the live stream was both entertaining and informative for our entire audience.
Armed with the best television sports caster voice I could muster, I had more fun than I should have, and as exhausting and energy sapping as five hours of being ‘switched on’ and engaging can be, it was still nothing compared to my teaching days. I had a good time bantering with my commentary team, cracking jokes every now and then, and ensuring the excitement of what was happening on the screens in front of us was translated correctly for everybody watching.
Much like other Capture the Flag competitions, teams were awarded points for the various scenarios they were able to solve. What surprised me was how many teams preferred to complete the hacking challenges rather than the investigative ones. Looking at the teams who ended in the top four, it was easy to see why they did so well: it was simply that they had a mix of forensic and hacking skills in their teams, because approximately equal numbers of both types of challenges were attempted and successfully solved.
Trailblazers Win The Day
In the end, the team crowned champion had been in the top three throughout the competition. The team hailed from Kuala Lumpur and its name, Trailblazers, gave me inspiration for many puns and plays on word throughout the day. Its members gained my great respect when they gained their final 400 points in the last moments of the Challenge, putting their team well head of every other. That said, I also had great respect for every other team and every single competitor in the Challenge. To stay focused for five hours, sticking with the task until the end was an incredible accomplishment, and I commend them all for it.
I would also like to give a big thank you first of all to my employer, ES2, for allowing me to fly to Borneo to pursue this event and take part in bringing it to a live audience. It was a challenge in itself to work remotely for so long and I am deeply appreciative. A massive shout out also to the organisers of the conference, the Institute of Management Sarawak and Malaysian IT company SAINS, as well as the Pullman Hotel in Kuching for hosting such a large contingent (over 500 attendees).
Last, but certainly not least, I would like to thank Daisy for not only believing in me and giving me this amazing opportunity, but for all of her support and mentoring throughout. I really feel I have learnt a great deal these past months, and especially during my time in Borneo.
Selamat tinggal!
www.linkedin.com/in/simoncarabetta
