The world’s largest computer hacking competition ever went down at UCSB on Friday, December 7, with 35 teams from nine countries logging in from their home bases and trying to take down each other’s mock websites. Hosted by UCSB’s Department of Computer Science – where the event’s founder and coordinator Giovanni Vigna runs one of the more respected computer security programs in the world – it was the sixth time the International Capture the Flag (iCTF) battle had been waged in five years.
“This is the biggest hacking competition ever,” said Vigna. “You can bet on that.”
By the time the dust settled on the all-day event, a team from Milan, Italy called the Chocolate Makers emerged victorious, but only after facing tough competition from Russians, Germans, Americans, Argentines, Austrians, Australians, Indians, and the French. (See the winner announcement here and final scores here.)
The online war works as follows: Vigna and his upper level graduate students create a mock website with a half dozen section pages. In the morning, every team is given the same website, and must begin analyzing the structure immediately. Within minutes, they are blocking the websites security holes while other team members – typically teams have around 20 students on them – begin attacking the other websites’ section pages. The scoring system, which is technically a secret for fear of being hacked, allocates points for both successful attacks (where a flag is captured) and defenses.
This year, it also gave points for answering questions about computer security, which ranged from programming techniques to humorous trivia. That trivia system was actually hacked this year, apparently accidentally, by the team WCSC from the University of South Florida in Tampa, scoring them 35,000 points in one swoop. That gave them a huge bump in the battle’s last hour, putting them briefly in first place. But they ended up finishing fifth overall.
The two UCSB teams in the competition – The Hexadecimators and the Army of Darkness, comprised of students in Vigna’s popular computer security class – did not fare as well as they’d hoped. The Army of Darkness finished 26th and the Hexadecimators were third from last (though the last place team Graham Crackers from Penn State failed to score any points and appeared to not have entered due to technical difficulties). The Hexadecimators complained about a downed network in the morning and throughout the day, but did manage to snag some flags toward the end of the competition after watching how other teams attacked them, including one crowd pleaser against the winning Chocolate Makers. As for the Army of Darkness, they utilized scripted programs to exponentially grow their attacks, and had a shoot-out with the Fog Dogs from the Naval Postgraduate School in Monterey at the end of the meet. Although they thought they beat them in the last seconds of the competition, when the final scores were tallied, the Fog Dogs were a couple places ahead.
Regardless of final scores, the event served as the students’ final exam for the quarter, which, as Vigna explained, is a lot more fun than taking a math test. There was plenty of excitement in the computer science lab where the two UCSB teams waged their international wars, as the steady sound of keystrokes and low hum of consulting chatter was occasionally interrupted by shouts of success and flurries of hacker humor. In the lobby of Frank Hall, over the smell of cooling pizza and fizzed out soda and in front of Vigna’s assistants who built and managed the competition, a world map was projected on one wall, marking the various attacks lobbed by teams from all over. On another wall was the scoreboard, but the projections would also shift to the hackers’ chat room, to the trivia layout, and to the mock website itself, which was called The MAFIA, featured a picture of Marlon Brando as The Godfather, and was a hacker joke on the rampant piracy of digital music and films. When a flag was successfully found by any given team, it appeared as a cartoon dialogue bubble coming from the mouth of Robert De Niro.
At the end of the event, the hackers’ chat forum was filled with words of praise and thanks for UCSB’s hard work in setting up the war. There was also plenty of bragging, which is the only prize that the winners of this competition receive. But as Vigna explained, proudly watching his students hone their skills against some of the best hackers and computer security specialists in the world, “Bragging rights mean a lot in the hackers’ world.”