So you missed Hackday2020?

By Theo Lindsey

Lucky for you, I was there. In fact, I hacked Project Reclass.

How it all started

I wanted one thing, and one thing only: find a way to bring down Project Reclass. Force them to rebuild everything they spent all of Summer 2020 working towards. But first, I had to get inside the organization. I was fortunate enough to join Project Reclass in July 2020. Since then I’ve gone from cloud engineer to infrastructure team lead. And while I accidentally broke a few things along the way, the actual Hackday was a well orchestrated masterpiece.

Our hack occurred Saturday, October 3rd, 2020. This was our debut into the world. We outlined our goals, mission, and inspiration. We provided insight into the future not just for Reclass, but for those we hope to educate as well. Furthermore, we showed off our drive and technical prowess by debuting ToyNet, our new website, and flooding our infrastructure and redeploying more than 60 infrastructure items in less than three minutes. Lastly, and certainly not least, we hosted a panel of industry professionals from all over the criminal justice field. Their expertise provided the context for our mission and goals at Project Reclass. In short, if you missed this Hackday, I wouldn’t want you to make that mistake next year.

The Reclass Vision

To understand how the hack occurred, it is essential to first note how Project Reclass came to be. Takako “Tay” Nishimura and Kunal Jha founded Project Reclass in February 2019, leveraging their experience in criminal justice and technology. This intersection of industries, combined with their observations and experiences dealing with veterans and prison systems, inspired them to create a product that could provide a second chance for those looking to better themselves.

Project Reclass is a Nonprofit Vocational Program teaching technical skills to incarcerated veterans.

Initially, Tay and Kunal taught prisoners computer networking in person, one at a time, as the prison allowed. However, like many things, COVID-19 forced Project Reclass to shift its approach.

Today, Project Reclass is building ToyNet, a learning platform that can simulate computer networks without access to the internet, as is the case in prison education environments. The platform and included curriculum is designed to prepare students to take and pass the Comptia Network+ certification exam. In the future, Project Reclass hopes to expand the curriculum to include security and troubleshooting skills in both hardware and software.

The Technology

The technology track gave attendees a comprehensive look at how we conceptualized and developed ToyNet’s hands-on learning In order to hack an organization, one must thoroughly understand the technology on which the company is built. Project Reclass hosts the majority of its platforms on Amazon Web Services (AWS). AWS is an incredible service that affords us the flexibility to do everything from host a WordPress site to host the ToyNet components in Docker containers. We are an open source organization, so anyone can and is welcome to contribute to the product. You can find us on Github, to fork and suggest changes, or you can donate. For our infrastructure we use one of my favorite tools from Hashicorp, Terraform. With Terraform we can dynamically provision and configure infrastructure! We’ve even been able to use Amazon Simple Storage Service (S3) to backup application files and Terraform state files. 

Now that I’ve had my hand in creating the technology for Hackday I could take my opportunity to execute the hack I had spent all summer planning. During Hackday, the technology track highlighted all of the amazing things we built over the summer as well as the interesting technologies we have employed. On the infrastructure side, we took advantage of infrastructure as code, Elastic Container Service (ECS), Elastic Container Registry, and task definitions hosted on Elastic Compute Cloud instances. And on the software side, we utilized TypeScript, Node.js, and Django to build ToyNet. Furthermore, we began to explain the benefits of Hashicorp’s tools, namely Terraform and Vault. That is, until my hack succeeded and our flagship product, ToyNet, went down!

Hacking Reclass

Our headlining panelists, Brianne Caplan, Brandon Archuleta, Maria Thornton, and Aaron Forringer, detailed their careers and Truthfully, everything was fine until the sprinklers attacked. Hopefully, from the image attached you have deduced that our “hack” was staged, and more of an outage than a compromise. I must confess that it was not the result of an insider threat; how could I ever, maliciously, bring down such an inspiring non-profit?

So the hack was fake, but how did we come up with incarcerated veterans.

It all began with an idea: how can we get more people excited about what we are doing, while showing off what we already did? Well, a simple demonstration could have sufficed, but that is not all too exciting. A few meetings later and ideas of hacks were swarming throughout Project Reclass. Ultimately, we decided to “flood” our availability zone, a real-world example that happened to my organization; you can read more about that in a future article. Now naturally, as the infrastructure team lead, I wanted to ensure we were secure even though we were pretending we were not. This required separating our “hacked” infrastructure from our production infrastructure. Terraform made mirroring and compromising a straightforward task! Furthermore, we could destroy and rebuild our infrastructure in only a matter of minutes. Over 63 items, including VPCs, public and private subnets, and multiple Dockerized ECS services hosted on EC2 instances . Terraform also created security groups, NATs, and gateways, across multiple availability zones. We put Terraform to the test, and it deployed all of our infrastructure in less than 3 minutes. Terraform allows us to quickly configure infrastructure, centralizing the configuration of infrastructure through Terraform minimizes human error by enabling users to validate, format and test their code utilizing their builtin tools. Terraform’s tools include validation, format, and testing with terraform validate, terraform fmt and terraform plan commands. All of which, reduce mistakes and errors when run before terraform apply.

Panelists

I’m sure by now, you are blown away by everything Project Reclass has done. And, honestly, you should be. Again, if you missed this event, that’s truly a shame, but we filmed and uploaded everything, so it will exist forever. However, while I love to talk about technology and how great I am for making so much of the infrastructure for Project Reclass, in my opinion, nothing holds a candle to our Hackday panelists. You may believe I’m only trying to flatter our guests, but honestly it was the most enjoyable part of the day for me. If you only watch a portion of our Hackday recordings, I recommend the panel above all else.

I’m sure by now, you are blown away by everything Project Reclass has done. And, honestly, you should be. Again, if you missed this event, that’s truly a shame, but we filmed and uploaded everything, so it will exist forever. However, while I love to talk about technology and how great I am for making so much of the infrastructure for Project Reclass, in my opinion, nothing holds a candle to our Hackday panelists. You may believe I’m only trying to flatter our guests, but honestly it was the most enjoyable part of the day for me. If you only watch a portion of our Hackday recordings, I recommend the panel above all else.

The panelists expertly conveyed the meaning and impact behind everything we do at Project Reclass, their input was invaluable.

I’m sure by now, you are blown away by everything Project Reclass has done. And, honestly, you should be. Again, if you missed this event, that’s truly a shame, but we filmed and uploaded everything, so it will exist forever. However, while I love to talk about technology and how great I am for making so much of the infrastructure for Project Reclass, in my opinion, nothing holds a candle to our Hackday panelists. You may believe I’m only trying to flatter our guests, but honestly it was the most enjoyable part of the day for me. If you only watch a portion of our Hackday recordings, I recommend the panel above all else.

We aim to use our expertise, ToyNet, and technology to be a part of the change in the justice system.

Thank you

I’m sure by now, you are blown away by everything Project Reclass has done. And, honestly, you should be. Again, if you missed this If you read this far, thank you! I hope you enjoyed my summary of Project Reclass’ Hackday2020 and are inspired to attend next year. If you are truly moved, then you can apply to join us!

I especially want to thank everyone at Project Reclass that helped make Hackday possible, as well as all of our attendees. And most importantly, I want to thank our panelists who took their time to provide their expertise in their various fields to both remind and inspire us to continue pushing for change.

Theo is an experienced Linux System Administrator dedicated to automation with a demonstrated history of working in the Defense & Space industry. Skilled in Bash, LAMP/LEMP, STIG, RedHat Enterprise Linux and Ansible. He is a strong information technology professional pursuing a Bachelor of Science – focused in Cloud Computing from Western Governors University. 

About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

%d bloggers like this: