James Caroland, U.S. Cyber Command

1
Lessons of the Kobayashi Maru Cheating is
Fundamental

• James Caroland, U.S. Cyber Command
• Greg Conti, West Point

http//www.scottmckay.ca/the-blog/tag/briefs
2
Disclaimer

• The views in this article are the authors and
  dont reflect the official policy or position of
  the United States Military
• Academy, the Department of the Army, the
  Department of the Navy, United States Cyber
  Command, the Department of Defense, or the
  United States Government.
• Or in Esperanto...
• La views en this paroli are la auxtoro kaj dont
  reflekti la oficiala policy aux pozicio de la
  United Stato Military Akademio la Department de
  la Armeo la Department de la Navy United Stato
  Cyber Koamandi la Department de Defense aux la
  United Stato Registaro

3
http//www.dennismansfield.com/.a/6a00d834530c9c69
e201157004e41b970c-800wi

•  

4
http//www.dennismansfield.com/.a/6a00d834530c9c69
e201157004e41b970c-800wi
5
http//commons.wikimedia.org/wiki/FileTest_28stu
dent_assessment29.jpeg
6
http//stuffmysisterswilllike.files.wordpress.com/
2011/07/cadet-james-t-kirk-during-the-kobayashi-ma
ru-scenario.jpg
7
http//i188.photobucket.com/albums/z35/demonoidtmn
/Nar24.png
8
Joint Advanced Cyber Warfare Course (JACWC)
9
Setup of "Test"
3.141592653589 79323846264338 32795028841971 69399
375105820 97494459230781 64062862089986 2803482534
2117 06798214808651 32823066470938 44609550582231
72535940812848 11174502841027 01938521055596 44622
948954930

• Provide virtually no notice
•  
• Choose "unfair" problem
•  
• Tell students don't want them to study... we want
  them to cheat
•  
• Collaborative cheating was encouraged, but this
  exercise wasn't a blanket license to cheat
  throughout the course
•  
•  

10
Examples
11
The False Book Cover
12
The Everyday Object
13
http//www.grainger.com
The Ceiling Tile
14
http//www.imaginghostingservice.com/d2ap2c11da408
7.jpg
Hiding in Plain Sight
15
http//en.wikipedia.org/wiki/FileHp_laserjet_4200
dtns.jpg
Prepositioned Answers
16
http//en.wikipedia.org/wiki/FileMengu_Ziyun_xia_
24b.jpg
Alternate Encoding
17
Morse Code
18
Story Encoded
19
http//upload.wikimedia.org/wikipedia/commons/e/e5
/Post-it-note-transparent.png
The Classic
20
http//en.wikipedia.org/wiki/FileEssayImageAction
.png
Precompiled Answer
21
http//en.wikipedia.org/wiki/FileEssayImageAction
.png
rand()
3.1415926535 90 random digits
22
http//en.wikipedia.org/wiki/FileMengu_Ziyun_xia_
24b.jpg
Power Point
3.14159265358 7932384626433 3279502884197 69399375
10582 9749445923078
3.14159265358 7932384626433 3279502884197 69399375
10582 9749445923078
3.14159265358 7932384626433 3279502884197 69399375
10582 9749445923078
  Slide 1                          Slide
2                          Slide 3
23
Hash marks
24
Obscured by wholesome goodness
25
Ubiquitous Coffee
26
Ubiquitous Coffee
demo
27
Notebook Camouflage
28
Notebook Camouflage
demo
29
Roach clip engraving
30
Fake Barcodes
31
Customized jewelry
32
Artist daughter code
33
Security Lessons Learned

•  Most people are pretty darn good at cheating
• Especially the quiet ones
•  Cheaters...
• Exploit explicit and implicit trust
• Exploit laziness
• Exploit predictability
• Exploit limitations of human and machine senses
• Use everyday objects
• Look where no one else is looking
• Use uncommon skill sets
• Have backup plans

34
Acknowledgements

• We'd like to thank... 
•      
• Mudge, TJ White, Eric McKissick, Mark Moss, and 
• all the JACWC students.
•  
• See also...
•  
• Gregory Conti and James Caroland.  "Embracing the
  Kobayashi Maru - Why You Should Teach Your
  Students to Cheat."  IEEE Security and Privacy,
  July/August 2011.

35
Questions?
James Caroland U.S. Cyber Command jlcarol_at_cybercom
.mil   Greg Conti West Point gjconti_at_rumint.org
Teach yourself, your friends and your co-workers
to cheat.     Our adversaries already do.