Shellphish, a group of UCSB hackers, won $750,000 last week as one of seven teams to qualify for the final round of a national cybersecurity competition commissioned by the Defense Advanced Research Projects Agency.
The contest, known as the DARPA Cyber Grand Challenge, tasks each team with creating an automated security system best able to repair software weaknesses and protect against cyberattacks. The seven teams chosen from 28 semifinalists will go on to compete next summer for almost $4 million in prizes.
Finalists were chosen based on a hacker’s version of “capture the flag,” a game that challenges participants to find and repair hidden weaknesses in engineer software designed by contest organizers. In addition to a shot at more cash, the teams have a broader opportunity to revolutionize cybersecurity, which is the ultimate goal of the annual competition.
According to DARPA program manager Mike Walker, “With no clear best approach going in, we can explore multiple approaches and improve the chances of producing groundbreaking improvements in cybersecurity technology.”
Shellphish is part of the Computer Security Group at UCSB, which has earned considerable recognition for its hacking achievements in recent years. In 2010, the group famously harnessed control of a network used by more maliciously minded hackers to carry out mass identity fraud. Over 10 days, they observed criminal activity on the network, collecting stolen data from around 900 credit cards and 400 bank accounts to be turned over to the Federal Bureau of Investigation.
The group is no stranger to competition, either. In fact, CSG codirector Giovanni Vigna also organizes the world’s largest and longest-running hacking competition, known as UCSB International Capture the Flag. The first contest, in 2001, attracted just 14 teams from across the nation, but by 2004, that number had expanded to include numerous teams from across the globe.