When I was in high school, “hacking” mostly meant wardialing the local phone numbers looking for BBSes, and occasionally downloading “warez” from the “elite” boards. I have a funny story about the time our own John Biggs wrote a trojan disguised as a blue box program. Mostly, we were killing time and not really doing any of the exploration and investigation commonly associated with the non-pejorative use of the word “hacking”. But things have changed a lot since then, what with the explosion of the consumer Internet, the commoditization of hardware, and the proliferation of open source software giving kids all manner of opportunities to learn the nitty-gritty of computers before they ever have their first kiss. In an effort to nurture kids toward the path of the white hat, NYU-Poly is hosting a suite of cyber-security games as part of their cyber-security awareness week. High school students “from the continental United States are eligible to win cash prizes, scholarships to NYU-Poly and travel grants to attend the final rounds at NYU-Poly’s Brooklyn campus on Oct. 28 and 29, 2010.”
The games look pretty comprehensive, and cover everything from rootkit analysis to compromising embedded systems. Research papers and educational videos are being rewarded, so there’s opportunity for students to win in a number of media even if hands-on hacking isn’t their thing.
The cyber-forensics challenge looks particularly interesting. It’s watered down from what might happen in a real-world forensic investigation, but for high school students it should be a pretty comprehensive experience, including analyzing packet captures, investigating captured system images, and even following clues through a Twitter account. There certainly wasn’t anything like this for me when I was in high school!
NYU-Poly’s Cyber-Security Students Challenge their Peers in America’s Most Comprehensive Digital Contests for Scholarships, Cash and Travel to the New York Finals
With demand for highly trained cyber security experts exceeding supply by 20 or 30 to one in America, game-like challenges that uncover and encourage the best cyber-security sleuths have become all the rage. It may come as no surprise that this year’s most comprehensive cyber security challenge was honed and expanded over seven annual iterations. The designers are, however, quite surprising: undergraduate and graduate students, all studying cyber security at Polytechnic Institute of New York University (NYU-Poly).
The NYU-Poly students created challenges for high school students as well as for their undergraduate and graduate-level peers. They called upon some of the best-known names in New York’s cyber security world to develop elements difficult enough to entice professionals to play in the initial round of their most popular contest, the Capture the Flag Application Security Challenge. Although professionals can earn bragging rights by participating, only students from the continental United States are eligible to win cash prizes, scholarships to NYU-Poly and travel grants to attend the final rounds at NYU-Poly’s Brooklyn campus on Oct. 28 and 29, 2010.
“When we first conceived of the CSAW games, we knew we had to build public awareness about cyber security issues, but we also knew how important it would be for cyber security students to build a strong network among their peers and security professionals so that they could remain in the forefront of this fast-paced field,” said Professor Nasir Memon, who heads NYU-Poly’s cyber security program. “The benefits of their smart networking are evident in this year’s CSAW Challenges. Our students enlisted these noted professionals to bring the best thinking to the CSAW challenges, plus the finalists will learn from them these professionals in person because they will serve as judges.”
When the contest began in 2004, it was called CSAW (pronounced see-saw), for Cyber Security Awareness Week. Although the acronym remains, this year’s preliminaries and final rounds will span more than a month and include six different challenges. Last year, more than 500 students from across the globe participated, including more than 100 from elite technical high schools. This year, with professionals welcomed into the early rounds, the number is expected to surpass last year’s record.
Registration is open for most of the cyber security challenges at ttp://www.poly.edu/csaw/register; the first to close will be Embedded Systems, on Sept. 10.
NYU-Poly was one of the earliest schools to introduce a cyber security program, receiving National Security Agency (NSA) approval nearly a decade ago. Designated as both a Center of Academic Excellence in Information Assurance Education and a Center of Academic Excellence in Research by the NSA, the school houses a National Science Foundation-funded Information Systems and Internet Security (ISIS) Laboratory, the nerve center of cyber security research. Under Memon, ISIS students create and run the annual CSAW games.
This year’s CSAW challenges comprise:
AT&T Award for Best Applied Security Research Paper – This prestigious event judges student research papers submitted to professional conferences and journals. Last year’s winners came from NYU-Poly, University of Illinois at Chicago, Georgia Institute of Technology, Carnegie Mellon University and University of California Davis.
Security Awareness Video Contest – This new challenge awards cash prizes for the best public service video or animated spot that raises awareness of everyday cyber security threats. Emmy-nominated and award-winning television news correspondent and host Daniel Sieberg will be among the judges. He currently anchors at the online network ABC News NOW, and is the host of the new technology-based show Tech This Out! on ABCNews.com.
Capture the Flag Application Security Challenge – The Capture the Flag (CTF) Challenge attracts hundreds of cyber gamers from across the world for the first round, which will be held during the last two weeks of September. Only undergraduate students in the continental United States advance to the finals. Challenges aimed at all skill levels include web bugs, cryptology and trivia. Two other security areas will feature exploits designed by noted security professionals: Consultant, researcher and author Dino Dai Zovi created a challenge that includes browser exploitation and memory corruption protection. Alex Sotirov, a noted researcher, industry speaker and a founder of the Pwnie Awards, designed a reverse engineering challenge.
Cyber Forensics Challenge – Elite high school teams compete against the clock to solve a murder mystery using their skills in log and file analysis, rootkit detection and analysis, botnet detection and analysis, live system forensics, steganography and file carving.
Embedded Systems Challenge – The Embedded Systems Challenge reflects one of the most difficult real-world cyber security challenges: Protecting chips during manufacturing. Last year, winning teams represented NYU-Poly, Vanderbilt and Yale. This year, finalists will attack a Xilinx FPGA development board, inserting undetectable logic that circumvents the designer’s hardening techniques.
Quiz Tournament – Picture a fast-paced game show in which everyone is definitely smarter than a fifth grader. Cyber security topics include network security, cryptography, malware, application and web security, protocols, the history of digital security, digital forensics, policy, risk management and standards.
Other noted cyber security professionals judging this year’s contests include Erik Cabetas, former DEF CON judge and director of information security at a New York City e-commerce startup; Dean De Beer, principal of zero(day)solutions; Ben Epstein, co-founder of Septet Systems, chief strategy officer of Aqsacom Inc./Aqsacom SAS and vice president-special projects of OpCoast; James L. Howard, director and chief engineer-information assurance, L3 Communications; Keith O’Brien, distinguished systems engineer, Cisco Systems; Youngok Pino, U.S. Air Force Research Laboratory – Rome, N.Y.; Stephen Ridley, senior researcher, Matasano Security; and Lok Yan, U.S. Air Force Research Laboratory – Rome, N.Y.