An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

67 NWW Holds Inaugural Network Warfare “Turkey Shoot”

  • Published
  • By Capt David Trollman
  • 33d Network Warfare Squadron
Kelly Field Annex, Lackland AFB, Texas --  The 33d Network Warfare Squadron hosted the 67th Network Warfare Wing's inaugural network warfare Turkey Shoot. Multiple teams competed for an intense eight hours each on simulated networks on July 23, 2007. The "Turkey Shoot" concept was borrowed from the fighter pilot community as a competition between different squadrons to determine which team or squadron is the best of the best across various mission areas. In comparison, the network warfare Turkey Shoot will determine which team can best reconnoiter, ingress, execute, and egress targeted networks. The mission is never complete without a solid debrief, so each team will communicate their methods in terms of tactics, techniques, and procedures (TTP) used.

The inaugural Turkey Shoot tested teams against a simulated virtual victim network created by the squadron's forensic lab technicians. Each team "attacked" an identical version of the victim network using an approved toolbox of commercially available network testing tools. Teams were comprised of personnel across the Wing including the 315th Network Warfare Squadron located at Ft Meade, Md.

The objective of the teams were to first map out the network, identify its weak points, attack those weak points in order to extract data, or "flags", which then gave the teams further knowledge of the victim network. The final victory flag was a computer-generated congratulatory audio message from the Forensic Analysis Team.

"This is how computer hackers today attack computer networks, including those belonging to the Air Force," said Michael Swanson, the Forensic Analysis Team lead. Every 7 to 10 seconds a suspicious connection from a hacker is monitored by 33d first responder network operators. The vast majority of those connections are scans by hackers looking for backdoors into Air Force networks. In 2006, only 1 in every 531 million events against Air Force networks was successful.

To ensure teams didn't get lucky during their attacks, the teams were required to submit a classified-level report to the 33d explaining their TTPs. These will be eventually included in the AF TTP Manual 3-1 Volume 36 authored by the 23rd Information Operations Squadron, who also contributed their expertise to the success of the event. During the Turkey Shoot, the teams were judged and awarded points for both their hacking efforts and for the reports they submitted upon completion of the competition.
"The 33d is hoping to gain knowledge of how hackers can use easily attainable tools to find and exploit weaknesses in our network defenses," said Major Brian Bakshas, the Director of Operations for the 33 NWS. "We can use the knowledge we glean from the Turkey Shoot to improve our TTPs and better defend our networks."

Lt Col Michael Harasimowicz, Commander, said "This was a fantastic opportunity to challenge and hone network warfare skills." He added "The Air Force is currently working on courseware for undergraduate network warfare training and a Weapons School instructor curriculum. Our Turkey Shoot will probably grow to be a capstone event for these and other multiple cyber-related projects to recruit, recognize, and retain the best of the best." 

Final results for this inaugural event required hours of analysis and will be announced in the coming week.