About c-Watch Training

About c-Watch Training

During the summers of 2016 through 2022 the Cyber Resilience Institute ran  Internship programs for graduate and undergraduate students in computer science, information technology, law, and international affairs. In 2020 we expanded to a mixed cohort of mid-career professionals and college students. Our ongoing operations aim to support skills upgrades in cyber threat intelligence.

The Internship is comprised of an intensive training program followed by a live-fire pop-up Security Operations Center (SOC) experience. Training is delivered on a virtual platform and students get hands-on practice with cyber threat hunting best practices on a threat intelligence platform. The pop-up SOC is scheduled around a global sports event like the Olympics or the FIFA World Cup.

Program Features in Summary

The c-Watch Training:

  • Has been organized by the Sports-ISAO program since 2016, and is administered by Cyber Resilience Institute, a 501(c)(3) not-for-profit entity.
  • Is comprised of accomplished undergraduate and graduate students and mid-career selected from leading universities and mid-career professionals to participate in this intensive three-week program. 
  • Provides real world, real time, interdisciplinary cyber threat training across the domains of cyber intelligence, social media, and international cyberspace conflict using a wide spectrum of tools and techniques.
  • Enables students to develop cross-disciplinary knowledge and important critical thinking skills vital to threat hunting, cyber security and information sharing professionals.

Graduates of the c-Watch program are eligible to enter CrowdWatch, a national network of cyber c-Watch interns, whom we make available for a wide range of project work including staff augmentation and outsourced analytics. CrowdWatch provides participants compensation opportunities while they gain valuable real world-work experience. Our ultimate goal is to place CrowdWatch participants into full time paid internships and jobs.

During each of our previous programs a wide range of speakers from many global corporations participated in the lecture series.  This included representatives from Reprivata, Facebook, Target, Chevron, Symantec, TruSTAR, Dunami, InfoCyte and the Cyber Threat Intelligence Network, among others.  Students were trained on the methods and models of cyber threat hunting with the intent of establishing a crowd-sourced cadre of cyber threat hunters skilled in understanding the trade craft and nomenclature.


2016 Summer Olympics 

  • Monitored and reported Anonymous and Fancy Bear attacks
  • A Pop-up SOC hosted at a Colorado National Guard facility
  • Demonstration of public/private partnership operations and coordination with the FBI Field Office
  • Analysis and visualization of Mirai data sets

2017 IAAF World Championships

  • Over 20 Corporate Sponsors
  • College students from over 30 Universities
  • Collaboration via reporting to DHS
  • Fusion of Social Media and cyber attack data
  • Analysis of Grizzly Steppe data

2018 Winter Olympics

  • Discovery and tracking of the Olympic Destroyer Malware
  • Tracking of multiple influence operations
  • Identification of disinformation campaigns

2018 FIFA Men’s World Cup

  • Discovery of significant St. Petersburg-based Internet Research Agency (IRA) activity that has now been made public through indictments of Russian citizens and the recent reports to the US Senate Select Committee on Intelligence on social media influence operations by 28 countries and the IRA’s extensive and well-funded operation.

2019 FIFA Women’s World Cup

  • Ongoing monitoring of APT activities throughout the games; topics that generated attack traffic included gender pay inequality and LGBT rights. 
  • During this operation it became much more clear to us how criminal gangs were using “free” video-streaming sites to lure victims to sites infected with malware.  Once at the infected sites users were subjected to various ad click fraud schemes, botnet recruitment and other maliciousness. 
  • Ad fraud is a multi-billion dollar criminal enterprise; our threat hunting documented the mechanics of several of the criminal gangs involved in this activity.

2020 COVID-19 Hack & Hype

  • The global novel coronavirus pandemic has caused public health and economic upheaval all around the world. Our Summer 2020 cohort focused on the hack and hype from threat actors and fraudsters.
  • Our findings were shared with the Global Health Crisis Coordination Center and other stakeholders.

2021 Tokyo Summer Olympics

  • Observed large-scale botnets deploying various types of malicious traffic targeting fans and spectators of the Olympics
  • Lures are aimed at people that want to watch “free” video streaming of the games
  • Windows and Android OSs targeted

2022 Beijing Winter Olympics

The hallmark of the Beijing Winter Olympics was the tight control of the athletes and participants due to the strict COVID-19 controls of the Chinese government. Mandatory testing, strict controls on physical movement and other measures made this a set of games like no other. Nonetheless, the athletes from around the world participated, as did the CrowdWatch defenders. Threat hunters identified multiple wide-scale fraudulent live streaming schemes with multiple access brokers recruiting vulnerable fans and online viewers directing them to infected websites. Crowdwatch defenders again reported on these observations to the various stakeholders of the Olympics and sports.

Leave a Reply

Your email address will not be published.