The Badge Archive

Fulfills Step 4 of GSUSA Cadette Cybersecurity Basics badge requirements.

Info Needed for badge requirements: A computer network is a group of devices, like computers or phones, that are connected to share information. When you send a message, it’s broken into smaller parts called packets that travel through the network to reach the person you’re sending it to. Sometimes, attackers can spy on these packets or even change them—this is called a “Man-in-the-Middle” attack. Using secure networks helps keep your messages safe from attackers.

Items Needed

• Pre-cut VTK Man in the Middle Cards from GSUSA
• Blank sheet of paper
• Pencil

Instructions

1. Assign roles:
   • Message Sender: Sends the message cards.
   • Message Recipient: Reassembles the message using the numbered cards.
   • Malicious Attacker: Tries to intercept or alter the message.
   • Other Nodes: Pass along message cards as part of the network.
2. Give all 8 cards (excluding #9) to the Message Sender. Keep the #9 card hidden for Round 2.
3. Give the Malicious Attacker a pencil and paper to note intercepted cards.
4. Round 1:
   • The Message Sender starts by delivering the message cards to different nodes. Nodes pass the cards to others until they reach the Message Recipient.
   • The Malicious Attacker tries to intercept cards by tagging scouts. If tagged, the node must show the card to the attacker before passing it.
   • Once the Message Recipient has all 8 cards, they reassemble the message in order (1-8) and read it aloud: “MEET ME AT MIDNIGHT AT THE PARK.”
   • Ask the Malicious Attacker to guess the message based on intercepted cards.
5. Debrief Round 1:
   • Discuss vulnerabilities in how messages travel through networks and what attackers might want to collect (e.g., passwords, emails).
6. Round 2:
   • Use the same roles as Round 1.
   • Secretly give the #9 card to the Malicious Attacker. Instruct them to swap it with the original #8 card if intercepted.
   • Play the round. The Message Recipient reassembles the message based on the cards they received.
   • Discuss whether the message changed (e.g., “MEET ME AT MIDNIGHT AT THE PIER.”) and why attackers might alter data (e.g., redirect money or cause confusion).