Team DRDC
Grant Vandenberghe
LOURA
(ADMIN) added the following links for the contestant
MC1.1: Identify which computer(s) the employee most
likely used to send
information to his contact in a tab-delimited table which
contains for
each computer identified: when the information was sent,
how much
information was sent and where that information was sent.
TIME Source
IP Target IP Outbound Bytes Inbound Bytes
2008-01-08 17:01:33.001 37.170.100.31 100.59.151.133 8889677 12223
2008-01-10 14:27:12.238 37.170.100.31 100.59.151.133 6543216 22315
2008-01-10 16:01:53.956 37.170.100.16 100.59.151.133 8543125 12312
2008-01-15 16:14:34.563 37.170.100.16 100.59.151.133 6773214 24661
2008-01-15 17:03:29.342 37.170.100.31 100.59.151.133 9513313 14324
2008-01-17 12:12:10.990 37.170.100.41 100.59.151.133 3679122 24423
2008-01-17 17:57:19.341 37.170.100.18 100.59.151.133 5873546 25234
2008-01-22 08:50:21.894 37.170.100.13 100.59.151.133 9984318 42231
2008-01-22 17:41:55.862 37.170.100.16 100.59.151.133 8873483 16778
2008-01-24 09:46:34.452 37.170.100.10 100.59.151.133 7825451 23783
2008-01-24 10:26:31.321 37.170.100.32 100.59.151.133 5531674 22479
2008-01-24 17:07:34.775 37.170.100.20 100.59.151.133 9732417 42347
2008-01-29 15:41:32.763 37.170.100.56 100.59.151.133 10024754 29565
2008-01-29 16:08:10.892 37.170.100.41 100.59.151.133 6752212 57865
2008-01-29 16:38:06.553 37.170.100.20 100.59.151.133 7763897 54565
2008-01-31 09:41:03.815 37.170.100.52 100.59.151.133 5579339 22147
2008-01-31 13:10:23.841 37.170.100.15 100.59.151.133 9064720 11238
2008-01-31 16:02:44.572 37.170.100.8 100.59.151.133 13687307 485421
MC1.2:
Characterize the patterns of behavior of suspicious computer use.
Large session are sent after an employee leaves their
desk. Packets are sent to a single external IP address.
MC2.1: Which of the two social structures, A or B, most
closely match
the scenario you have identified in the data? A
MC2.2: Provide the
social network structure you have identified as a
tab delimitated file. It should contain the employee, one
or more
handler, any middle folks, and the localized leader with
their
international
contacts.
100 Employee @schaffter
251 Handler @benassi
194 Handler @reitenspies
563 Handler @pettersson
4994 Middleman @good
92 Leader's
International Contact @tolbert
4 Fearless
Leader @szemeredi
92 Leader's
International Contact @tolbert
282 Leader's
International Contact @decker
551 Leader's
International Contact @chandru
589 Leader's
International Contact @kodama
629 Leader's
International Contact @nakhaeizadeh
1450 Leader's
International Contact @barvinok
1630 Leader's
International Contact @heyderhoff
2077 Leader's
International Contact @streng
2103 Leader's
International Contact @wotawa
3235 Leader's
International Contact @reed
3946 Leader's
International Contact @hogstedt
4776 Leader's
International Contact @bolotov
5078 Leader's
International Contact @avouris
5561 Leader's
International Contact @wenocur
MC2.3:
Characterize the difference between your social network and the
closest social structure you selected (A or B). If you
include extra
nodes please explain how they fit in to your scenario or
analysis.
There is a more direct path between the fearless leader
and the employee (through 14, 22, 170, 351)
MC2.4: How is your
hypothesis about the social structure in Part 1
supported by the city locations of Flovania? What
part(s), if any, did
the role of geographical information play in the social
network of part
one?
The handlers are located in the same city as the
employee.
MC2.5: In general,
how are the Flitter users dispersed throughout the
cities of this challenge? Which of the surrounding
countries may have
ties to this criminal operation? Why might some be of more significant
concern than others?
The social networking group is predominantly Flovanian.
There is slightly more international contacts associated with Posana both in
terms of the Fearless Leaders Contacts and the Social network in general.