Tracelabs DEFCON 30 CTF
Although not there in person I got to be there virtually as a judge for the first time!
So the amazing cyber conference DEFCON really needs no introduction! Which is quite the relief because I’ve not actually been there, therefore don’t feel qualified to talk about it! I do know quite a few of the goons that help make it happen and watched the DEFCON talks during COVID though so it’s not completely alien to me. One day I hope to descend on Las Vegas with the rest of the cyber industry and turn up one year!
Anyhow DEFCON 30 had a Tracelabs Missing Person’s Search Party CTF - something I do know about! Phew!
Although I couldn't take part, as to be a contestant you had to be at DEFCON in person, I was able to request to be a judge. It was a hugely rewarding experience and I recommend any Tracelabs participant to do it at least once.
I’ll be the judge of that. No really.
So the first thing is that to judge you do not need to pay the donation that you do to participate. If money is tight but you still want to help find the missing people in some way then this is a great way to do it.
What is really good is that you get a good walkthrough of what is expected and what to do not only to avoid conflict, but where to flag if it’s unavoidable. There is also a judges Discord channel where we can get advice from Senior Judges and other members of staff if we’re not sure. You are supported but also empowered to make decisions. Appeals may be raised and your side is taken into account. Tracelabs make very clear that they’re thankful for the help and that you’re not on your own. For someone doing it for their first time this was reassuring.
The platform we have as judges is the same as the contestants use, except we have options to approve or deny findings with comments. We are encouraged in the walkthrough to give comments when making decisions as this may help teams to understand that they’re going in the right direction, or perhaps what might be needed to get the evidence points they need, as said previously when I wrote about me participating, different pieces of evidence have different points values attached to them, based on their value to an investigation. One thing you can’t do is increase the points value if the evidence could have obtained a higher points value. However teams can ask to cancel the points and go for the higher value later, if they made a mistake.
I was given one team to look after as it was my first time called BoomBoomLemon and they produced some great intel! They finished 8th overall - fantastic work team! They challenged where they thought they had a case or wanted clarification around points scores, but also did it respectfully and politely. It was a pleasure working with them.
Harsh Realities
Although we can’t talk about the individual cases, one thing in particular was that in the 8 cases searched for, there were a high percentage of women. A few under 18 and most under 30. I think it’s important to sit with that for a bit and why that might be, and also to get angry and sad about that. We need to do more as a society really.
We need to call out bad behaviour of other men that may cause this. And although it’s not every man, even looking in at the results of these missing people shows that if they’ve been kidnapped, the only gender I’ve seen doing the kidnapping is men. A study from 2013 in the UK showed that 95% of kidnappers were men, statistics from 2015 in Canada also show kidnapping to be carried out by men in 90% of cases. When it’s figures of over 90% across multiple countries, I think we can say this is a problem for men, without a not all men caveat.
Managing Conflict
There were some cases where perhaps one judge may have given points for something that another judge didn’t. These are the kinds of things that get called in appeal.
Sometimes it’s a mistake and both keep the points, other times after appeal both teams have their points annulled because it wasn’t actually valid after a serious judge has seen it.
Another thing is that sometimes if I have some quiet time I can ask to help another judge who may be swamped. When this happens, I don’t know what the other judge has said in previous evidence found, in fact, I can’t see it. So if a ticket is submitted without explaining how that case is built, well I don’t know. Just because it may be obvious if you have all the tickets, it doesn’t mean it is if you don’t.
This may cause friction sometimes but it’s important for participants to remember that all of this stuff gets put into a document that hopefully makes sense to a member of law enforcement so they can find a missing person. It’s certainly made me think to be more mindful of that as a participant going forward. I will certainly build more of a story in individual tickets too in case another judge marks some of mine to be helpful.
Prepare For Carnage
So far, so organised! And for most of the time this was the case! However in the last 30 minutes there seems to be a frenzy to gain points and now this moves into an all hands on deck scenario to get people their points. I always wondered why sometimes it takes a long time to collate the results for a Tracelabs event (an hour, sometimes longer after close). Well the reason is that in the last 30 minutes, so teams decide to hammer their submissions. In that last 30 minutes I received duplicate tickets, tickets resubmitted that had been denied and nothing changed, tickets with unclear explanations on them, tickets for much higher points than the intel warranted. The time taken is for judges and Tracelabs volunteers to accurately sift through that and to ensure teams points in the leaderboard are compared and validated.
This was a bit disappointing to see tbh. I know it’s gamified and points are great but we shouldn’t be wanting to do this just to score points. There are plenty of games for that. Pick those instead. As said many times, these are real missing people. The things found go on to build a proper document circulated to law enforcement with the aim of bringing those missing people home.
In my opinion, if you’re intentionally putting in bad intel, which has a chance of tainting or jeopardising the integrity of that document, then you probably should do something else with your time, or have a word with yourself before you come back.
The Real Winners
Luckily it’s a good thing that the vast majority of people don’t do this they’re there to give great intel of which everyone is hugely appreciative of! I thought it might be worth mentioning the struggles involved behind the scenes above as it certainly was an eye-opener for me and I will be a more considerate contestant in the future.
Also though it’s worth mentioning that the real prize is the MVO - Most Valuable OSINT. And this is why this award gets the most prizes attached to it, along with the equivalent of the DEFCON Black Badge in Kudos.
I must say this is actually the focus for judges. The Tracelabs volunteers regularly check in to ask what your most valuable OSINT found so far is. You’re encouraged to share bits with the team so they can judge it and everyone talks between them to decide what was the most valuable. it can be one massive help, or a really wonderfully methodical way they’ve chained evidence after evidence together to explain perfectly what they’ve found. It really is like looking at art when seeing the care put into these.
And that was that! I think it was around 7am UK time when I go to bed but it was a hugely rewarding experience. Till the next time!