University challenge: Hackers compete for top prize
April 29, 2016
Shah Sheikh (1294 articles)

University challenge: Hackers compete for top prize

Computer hackers are constantly exploiting security flaws and accessing private information. For the participants at a new annual competition, though, it’s not a crime – it’s a sport.

Blood-curdling cries were punctuated by the sound of bamboo swords thwacking against armour, as the University of Cambridge’s Kendo team practiced for their annual match against arch rivals Oxford.

The samurai-inspired martial art requires skill in both attack and defence, and according to the team instructor Dr Frank Stajano, cyber-security is no different.

“You cannot pretend that you will only be able to do the defence side because if you are not skilled at the attack you will not be able to defend.”

Dr Stajano, who is reader in security and privacy at the Cambridge Computer Laboratory, is also the organiser of the Inter-ACE Cyberchallenge. It’s a tournament of hacking fought this year between 10 of the UK’s 13 Academic Centres of Excellence in Cyber Security Research.

Capture the flag

“It’s a ‘sportified’ version of a hacking competition” he told BBC Radio 4’s PM programme, “where the challengers have to perform the same type of attacks that the bad guys do on enterprise computers.”

To win, teams had to complete tasks that required them to hone the skills hackers might use to attack systems.

The so-called “capture the flag” challenges, which were designed by engineers from Facebook, required students to uncover secret lines of code or “flags”, using their hacking skills.

A computer screen showing a global map of systems used in the challenge.

In a more combative challenge, teams fought to take control of a server, with other teams battling to kick them out.

The day began with pizza and pop, not yet banned artificial stimulants, and a warning to competitors not to launch denial of service attacks against computer lab systems.

As the teams of four students began hacking the noise level fell, concentration levels rose, and streams of computer code started marching up laptop screens.

Secret code

As a spectator sport hacking presents serious challenges for commentators,

“I’m doing some reverse engineering things,” one competitor from the University of Southampton hesitantly explained – perhaps aware that a journalist whose computing career peaked in a failed effort to write machine code on a ZX81 might struggle to grasp the finer points of contemporary hacking.

“We’re just trying to break into different web applications, and different systems,” a member of Queens University Belfast told me, as though that was all rather routine.

The competition scoreboard, showing

“The real interesting parts have been steganography,” another student from the University of Kent team observed, referencing the technique of hiding data in sound and images.

“If it was a sport it would be a participant sport,” he argued, but as preparation for dealing with life outside the ivory tower it was first rate. “Being able to deal with security vulnerabilities will hold us in good stead,” he said.

The battle here was fought purely for honour, but in the real world the stakes are much higher. It’s a game even nation states play. Birmingham’s captain researches car vehicle security – “and the stakes are human lives,” she said.

Black and white

But the students weren’t the only ones gaining knowledge. Spectating was Sergeant Phil Cobley of the local Cyber Crime Unit. Rather than advising competitors to “mind how you go”, Sergeant Cobley was treating it as learning experience. His work is with Cyber Prevent, the police programme that tries to steer young people away from cyber-crime.

The Prevent programme has been criticised for urging parents to look out for behaviours and interests that, critics say, could be perfectly innocent – and resemble those of budding web entrepreneurs and white-hat hackers. “I think the important thing is around educational awareness,” he said, making it clear that there were benefits to “community, society and themselves” if young people develop computer skills and use them in the right way.

Dr Frank Stajano pictured with the prize cup
Image captionIf you don’t teach the skills of cyber hacking, “the only ones who will be skilled in them will be the ones who are already bent on evil.”

Dr Stajano hopes that by practising the skills criminal black-hat hackers use, the students will become effective cyber-defenders. If you don’t teach these techniques, he said, “the only ones who will be skilled in them will be the ones who are already bent on evil”.

A sporting chance

University sport has long been an opportunity to forge relationships later in life, and that was also in Dr Stajano’s mind when he started the contest.

“In 10 or 20 years time when each of them is the head of security for a company or head of homeland security for their country then they will remember when they were little they were here one day in Cambridge in 2016 and they have pals over there they can exchange notes with and fight against the bad guys.”

Winning team members Stella Lau, Will Shackleton, Cheng Sun, and Gábor Szarka.
Image captionGold in the team event went to the Cambridge team of Stella Lau, Gabor Szarka, Cheng Sun and Will Shackleton

The competition will be run annually, but in this first clash the laurels, or rather a large shiny cup, went to home team Cambridge, with Imperial and Southampton taking silver and bronze respectively.

Clutching the trophy, a member of the Cambridge team seemed relieved. “The other Universities like Southampton and Imperial were on our tails throughout the entire competition,” he said.

Source | BBC