Newspaper article The Christian Science Monitor

In Cybersecurity Contest, Hackers Target Critical Infrastructure

Newspaper article The Christian Science Monitor

In Cybersecurity Contest, Hackers Target Critical Infrastructure

Article excerpt

Joe Needleman was asking for trouble.

Last week, inside an airy Washington office space, the junior at California State Polytechnic University, Pomona, linked together three clear plastic storage containers and filled each with water, mimicking a water treatment facility. Once he wired the containers to a computer network, Mr. Needleman invited a room full of hackers to attack them.

If they're successful, "it starts jumping like crazy," Needleman said of his contraption, pointing to a circuit box that controls the water levels.

Needleman's mock water facility was one of the prime targets during Passcode's inaugural capture the flag contest in Washington that drew more than 50 participants in a digital skills challenge loosely based on the schoolyard pastime. In this version, however, teams earned points by solving puzzles, answering trivia questions, and attempting to seek out vulnerabilities in software.

Capture the flag contests have become commonplace inside tech companies, at cybersecurity conferences, and in engineering schools as cybersecurity training tools. Cal Poly Pomona and Alex Levinson, a senior security engineer at Uber, helped build and facilitate the Passcode capture the flag contest, which was based on a capture the flag that Facebook developed and made available through the open source software repository GitHub.

As the Passcode contest revved up last Friday, techno music pulsating through the Washington coworking space and 13 teams, many of them college students, clicked through at a slew of hacking challenges.

The team "Hoya Haxa" from Georgetown University (their name was a play on the school's "Hoya Saxa" cheer heard at basketball games) immediately realized they were at a disadvantage. They brought Windows laptops to a contest largely designed for Mac operating systems. At their crowded table, covered in crinkled candy wrappers and chip bags, they fired files back and forth with Justice Suh, the only team member that brought a Mac.

And if the contest is any indication of what securing the internet looks like, it requires a lot of Googling. Hoya Haxa's search bars were filled with hacking queries that covered encryption, password security, and reverse engineering.

How to upload a shell to a web server and get root, James Pavur types, referencing a small bit of software code that hackers use to exploit computer vulnerabilities and gain administrative access.

How to crack passwords using hashtag, Mr. Suh writes, looking for a free password-cracking software that identifies hashes to assist in his effort.

"We're going down a rabbit hole," Mr. Pavur said as he tried to crack a particularly complex password.

"Somebody's pretty grumpy," team member Casey Knerr quipped.

But they also kept an eye on the scoreboard, and team member Pavur was more than a little frustrated when Tenable Network Security, the professional team in the game, climbed into the lead. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.