The Badge Archive

Fulfills Step 2 of GSUSA Ambassador Cybersecurity Investigator badge requirements.

Info Needed for the badge requirements: Hackers often work in secret, looking for ways to break into computer systems or trick people into giving them valuable information. Sometimes they work together to plan attacks, using codes or methods like steganography to communicate. Steganography involves hiding secret messages in everyday content, such as emojis or images, making it difficult to detect. Only those who know where to look can uncover these hidden messages. Cybersecurity professionals investigate these digital clues to identify suspects and understand how attacks happen, helping protect against future crimes.

Items Needed

• Briefing Card #2 from VTK Briefing Cards 1-5 by GSUSA (print and cut out ahead of time)
• VTK Message Board Handout by GSUSA for each group of 3-4 scouts

Instructions

1. Law enforcement has identified a hacker group called HaShTaG as the likely culprit behind the attack. This group communicates using steganography, hiding messages in plain sight. Increased chatter on message boards about ransomware attacks was observed before the incident, and a specific thread believed to involve HaShTaG has been flagged for investigation. All efforts should now focus on analyzing this thread to identify potential suspects affiliated with the group
2. One scout reads the scenario from Briefing Card #2 to the troop.
3. Split scouts into groups of 3-4. Give each team a copy of the Message Board.
4. Teams spend 5-10 minutes analyzing the Message Board to identify usernames that they believe are linked to the hacker group. Teams quietly present their answers to you. If they’re incorrect, they continue investigating until they find the correct solution.
5. If scouts struggle, provide hints at intervals:
   • After 3 minutes: Members of the hacker group tend to embed a “signature” in their messages that signals group affiliation.
   • After 6 minutes: Narrow down the list to the four most suspicious usernames.
   • After 9 minutes: Investigate the use of emojis, which may reveal something unusual.

Leader Answer Key: The four suspicious users can be identified by their use of emojis. Each user included a sequence of four emojis whose first letters spell “HaShTaG” (e.g., HAt, SHoe, TAco, Goat):

• RottenJGL
• Nta_gr8daisy
• cookiemonstr
• ineedbitcoin