Not only did four computer science students walk away with the top prize from their first computer hacking competition, but they also were awarded for outsmarting the judges.
Undergraduate students Austin Whipple and Tobias Kin Hou Lei and graduate students Kimball Germane and Scott Ruoti teamed up to test their hacking skills and showcase their powers for good, not evil.
“It feels like magic,” said Kin Hou Lei. “I had never done that before, but you just feel happy when you solve some of the challenges.”
CTF, or “capture the flag,” competitions are hosted voluntarily throughout the year by schools, companies or other large groups. This competition was hosted by organizations interested in promoting STEM (science, technology, engineering and math) and all high school to graduate level students were eligible.
“All of us thought it was really exhilarating, because we had this legal outlet to do things we’ve never done,” Whipple said.
At the early hour of 6 am, the team began to divide and conquer puzzle-solving questions and exploitation challenges. Whipple had the task of finding a vulnerability in the event’s computer system. Because he had done his homework, he remembered that this was an older operating system. He jumped online, downloaded his weapon and compromised the system successfully – he found two keys instead of one.
“A good hacker is willing to disregard what people say when they say that things can’t be done,” Whipple said. “Since it was a hacking competition and I was thinking outside the box, the judges rewarded me.”
The students agreed that they didn’t expect a top seat in the competition, but in hindsight they realize the secret to their success was a dynamic team.
“We brought all our skills to the table,” Whipple said. “I have a background in information technology, Tobias has more of a web background and Scott and Kimball are experienced in cryptography.”
Considering how hard it is to legally practice hacking skills, the team prepared as members of Dr. Seamons’ Internet Security Research Lab and the newly created penetration testing group. Using “toy servers” set up for specific attacks, the students learn how to penetrate and ultimately heighten security.
“Computer systems are being compromised constantly,” Seamons said. “There aren’t enough trained professionals to stay ahead of their attacks. The best way to learn how to defend a system is to understand the attackers.”
With a blue ribbon to BYU’s name, the students were awarded paid entries to the DEF CON competition in Las Vegas, and a trip to Orlando to be recognized at The Security Congress (IC2) conference. IC2 is a worldwide information security group that certifies information security professionals.
The teammates continue to enroll in competitions and prepare for careers in security, web developing, machine learning and industrial research.
Writer: Staley Carter White