National Missing Persons Hackathon 2019
‘Cyber Trace a Missing Face’
What is the National Missing Persons Hackathon?
The AustCyber Canberra Innovation Node has partnered with the Australian Federal Police, the National Missing Persons Coordination Centre and Trace Labs to conduct a missing person capture the flag (CTF) event (aka Hackathon) on Friday 11th October 2019. The event will see the gathering of ethical hackers and investigators using online investigative techniques within the bounds of the law to find new leads on real missing persons cases in Australia.
Contestants will be using their cyber skills to gather open source intelligence (OSINT) on long-term and current missing persons using only information that is publicly available on the internet. The goal of this is to generate new leads on cases that can provide assistance to the relevant Australian policing jurisdictions in their investigations.
The event has been modelled against 20 successful missing persons hackathons run by the not-for-profit organisation Trace Labs in partnership with various security conferences, universities, and community organisations within the USA, Canada, UK, and Australia.
This is the first ‘large scale’ crowdsourced open source intelligence gathering of its kind in Australia for missing persons.
If you see yourself as an ‘online investigator’, 'cyber hacker' or a 'cyber sleuth', then this is the event for YOU!
How does it work?
The CTF will run for a duration of 6 hours and physical attendance is required at the participating locations across Australia. The main event will be in the ACT with the event live streamed across several platforms for simultaneous participation at nominated locations and for public viewing.
Twelve missing persons will be selected from existing National Missing Person Coordination Centre cases for participants to collect OSINT on, and to generate new leads. At the start of the event, contestants will be able to view the missing persons case details by logging into the CTF platform at ctf.tracelabs.org with their own credentials (Registration e-mail to be sent one day prior to the CTF for those who have pre-registered).
For each OSINT Flag submitted on one of the missing persons that falls into any of the categories listed here, the flag will be validated by one of our Judges prior to awarding points.
The top 3 individual/teams awarded the most points will receive a National Hackathon prize. There may be State/Territory awards as well.
For first time contestants, please review Trace Labs CTF rules here.
All leads generated on the missing person cases will be handed to the National Missing Persons Coordination Centre.
Where is it being held?
The main event will be hosted in the ACT with a live stream to other State/Territory locations. Tickets are available for the following locations:
Adelaide - 28 Leigh Street, Adelaide City
Brisbane - TAFE Queensland, Southbank Campus, 66 Ernest Street, South Brisbane
Canberra - Telstra Corporate Office, Ground Floor 16-18 Mort Street, Canberra City
Darwin - Charles Darwin University, Casuarina Campus, Ellengowan Drive Casuarina
Gold Coast - TAFE Queensland, Coomera Campus, 198 Foxwell Road, Coomera
Hobart - Enterprize Hobart, Level 5, 24 Davey Street, Hobart
Launceston - Enterprize Launceston, Macquarie House, Civic Square, Launceston
Melbourne - CyRise, 710 Collins Street, Docklands
Perth - Flux Basement 191 St. Georges Terrace, Perth
Sunshine Coast - TAFE Queensland, Mooloolaba Campus, 34 Lady Musgrave Drive, Mountain Creek
Sydney - Room 113, Building K17, School of Computer Science & Engineering, UNSW Sydney, Kensington
Wollongong - Room 105, SMART Building 6, University of Wollongong, Northfield Avenue, Wollongong
What is the program for the day?
The schedule of the day is subject to change. The main event will be hosted in the ACT with a live stream to other State/Territory locations. A Hackathon Finale Event for participants is being scheduled following the end of the Hackathon in the ACT.
Please check times carefully for time zone differences:
1.5hrs prior to live stream (check start time below)
30 minutes prior to live stream (check start time below)
Live Stream Commence:
11am AEDT (Canberra, Sydney, Hobart, Melbourne)
10am AEST (Brisbane, Sunshine Coast, Gold Coast)
10.30am ACDT (Adelaide)
8am AWST (Perth)
9.30am ACST (Darwin)
CTF Starts: 11.30am (AEDT)
CTF Finish: 5.30pm (AEDT)
Top 3 National teams announcement:
5.45pm AEDT(Canberra, Sydney, Hobart)
4.45pm AEST (Brisbane, Sunshine Coast, Gold Coast)
5.15pm ACDT (Adelaide)
2.45pm AWST (Perth)
4.15pm ACST (Darwin)
Live Stream Finish: 6pm AEDT
ACT Awards Event: 6.30pm AEDT
What are the Hackathon Prizes?
The National Missing Persons Hackathon prizes are provided by our generous sponsors for the event.
NATIONAL - The top three teams with the most points will receive:
First Prize: $1600 AmazonAU Gift Card
Second Prize: Access to the "Penetration With Kali" (PWK) online course for up to 3 team members from Offensive-Security! This comes with 30 days lab access and one attempt at the OSCP exam! (valued at USD $800)
Third Prize: Up to 4 Hunchly licenses for each of their team members (valued at USD $130)
STATE - Each State/Territory may award separate category of prizes. Updates will be provided as information is made available.
ACT: Prizes will be awarded to the top two ACT individuals/teams with the most points and a community award:
First Prize: Up to 4 positions on a WorldStack OSINT program (valued at $1600)
Runner-up: Up to 4 full admission tickets to BSides Canberra May 2020 (valued at $100)
Community: Plaque (Valued at $90)
NSW: The following prize will be awarded to the top NSW individual/team with the most points:
An invite only dinner for a one-on-one opportunity to chat with, and learn from, Micah Hoffman, a leader in OSINT, penetrating testing and incident response and a certified SANS Instructor. It is anticipated that the dinner will be hosted during the period 4-9 November 2019.
IMPORTANT INFORMATION FOR PARTICIPANTS
This is a ticketed event with a cost of $35 per registered participant.
This is NOT a virtual CTF - physical attendance at nominated venues is required for participation.
This is a BYO device event
You must allow sufficient time to arrive and pre-register to be able to participate. You will not be permitted to join if you have not registered before the commencement of the Housekeeping Pre-Brief (30mins prior to live stream).
For this CTF, contestants can participate as either a solo team (an individual) or a team of up to 4.
Due to the unknown nature of the web, if you are between the ages of 16 and 18, you will need parental or guardian consent to participate.
Instructions for Forming a Team
When registering for this CTF, you can join as a solo team (individual), existing team or create a new team (maximum of 4 per team)
When creating a new team, you will have to set a password on it and provide that password to any individual who wants to join you team
If joining an existing team you will need to type in the team name in the "Join A Team" field on the register page and enter the password of that team
In the days leading up to the start of the CTF, registered contestants will be emailed a registration link to be on boarded to the CTF platform.
How to prepare for the event
1. Review Trace Labs training video(s)
View our Contestant training video here: https://www.youtube.com/watch?v=2DR7cOqy0c4
Optionally, you can also view the Judge training video to see how your submissions will be vetted: https://www.youtube.com/watch?v=x1YNxcICw7c
2. Have a personal laptop ready for use Note: it is highly recommended to not use a work laptop
3. Get on boarded to our Missing CTF platform
You will be e-mailed a link to register on the CTF platform in the days leading up to the event.
The registration email will originate from "firstname.lastname@example.org" with the subject line "Set New Password On Your Trace Labs Missing CTF Account"
4. Join the Trace Labs Slack group here
Event communication will take place in the #national-aust-2019 channel in this slack group so please do sign up prior! Secondary method of communications is from the Trace Labs Twitter
5. Prepare your "Work Environment" ahead of time to help you stay anonymous when gathering OSINT on the missing persons at the event
Recommended to use a virtual machine or run a Linux distribution such as Buscador
Buscador is a Linux distribution built specifically for OSINT investigations that comes with several pre-installed OSINT tools
- An installation guide for Buscador can be found here: https://null-byte.wonderhowto.com/how-to/use-buscador-osint-vm-for-conducting-online-investigations-0186611/
Windows and MacOS operating systems will work as well, but you will be responsible for configuring/installing your own tools
- Setup your browsers and plugins such as EXIF Viewer plugins.
Use a VPN or use TOR. You likely want to hide your trail.
Setup burner social media accounts (Facebook, LinkedIn, Instagram, Twitter, Google +, etc.) - Not recommended to be logged into your own personal social media account when viewing profiles of missing persons
If you have any technical questions on the CTF, please reach out to email@example.com
If you have any questions in relation to the event, please reach out to us at firstname.lastname@example.org