Last weekend featured more wireless networks than I’ve ever seen, a flying drone, Python, a lot of Raspberry PIs and a whole load of talented young people.
On Saturday, the top 25 contestants from a series of national online competitions came together for a wireless themed hackathon at Sophos HQ in the UK as part of the Cyber Security Challenge – an initiative focused on finding those with the aptitude and skills to help us all solve the next generation of infosec challenges.
The amateur cyber defenders were competing for a place at the Cyber Security Challenge Masterclass 2014 which awards winners with career-enabling prizes to help accelerate their path to industry.
In this challenge, competitors had to demonstrate their knowledge of wireless technologies from a penetration testing, forensic and auditing perspective. Competitors were put into teams and given kit to test the various target networks that had been set up.
The wireless networks exhibited exactly the kind of security flaws that are commonplace in consumer and business networks. The contestants had to find outdated networks like WEP, avoid an attacker’s wireless subterfuge with fake network broadcasts, find hidden networks, crack passwords, as well as demonstrate basic Linux and programming skills.
After taking over and carrying out forensics on the wireless networks, contestants were to boot up and configure a Raspberry PI in a race to remotely access and control a drone in the center of the room.
In addition to demonstrating wireless security skills, our challengers also had to show the link between the digital and physical, and how an attack can have kinetic real world impact.
Oh and rumour has it, it was a great deal of fun too!
From a personal perspective this event was an absolute joy to watch. The teamwork, skills and sheer creativity that was demonstrated by the challengers was a joy to watch and it was great to meet everyone who attended.
Every team did an amazing job and the event was extremely close, with a number of teams battling down to the second for control of the drone at the end of the game.
I had a great deal of fun putting together this competition, but we know it can be improved significantly with all your brilliant brains. We want to see who can come up with the best ideas for a future Raspberry PI-powered security challenge.
And if you think you have what it takes to actually participate in a future Cyber Security Challenge competition you can find more details at the Cyber Security Challenge site.
Sadly both competitions are only available to those in the UK but there are many other competitions like this worldwide.
As an industry, I believe we should all be doing what we can to encourage the next generation of talent, and to show the world how interesting working in IT security is.
If you thought hacking to a wireless network to take control of a Drone required significant expertise and resource, read on…
Various groups of amateur cyber security contestants showed how easily it can be done with a Raspberry PI.
OK, the system will have been set up in such a way that there were holes to be exploited left open, BUT sadly research seems to suggest this is the case for a large number of control systems connected to the Internet too. Protecting these real systems is not a job for amateurs.
Naturally Colin, but when presented with the challenge of recruiting cyber security professionals, many companies complain of a distinct lack of selection. I believe the significant number of sponsors of Cyber Security Challenge UK to be evident of this. Challenges such as these are designed to be the first step in the direction of identifying those with potential and assisting them towards a professional career. We all have to start somewhere!
Readers in Australia may want to keep an eye out for the Australian Cyber Security Challenge http://www.cyberchallenge.com.au/, which is in its second year.
Winners of the 2013 Australian Cyber Challenge
University of New South Wales (UNSW1) – 94 Points
University of New South Wales (UNSW2) – 68 Points
University of New South Wales (UNSW3) – 66 Points
University of Sydney (US3) – 64 Points
The Australian National University (ANU2) – 44 Points
Flinders (FL1) – 43 Points
The Australian National University (ANU1) – 42 Points
Swinburne University of Technology (SUT2) – 34 Points
Edith Cowan University (ECU3) – 34 Points
University of Adelaide (UOA1) – 34 Points
Right now its only open to undergraduates, but it is worth joining in if you are at Uni. The winners (UNSW1) got flown to Blackhat.