College Hackers Compete to Shine Spotlight on Cybersecurity
Students from MIT and Britain's University of Cambridge will spend the weekend hacking one another's computers, with the blessing of their national leaders.
The two schools are competing in a hacking contest that U.S. President Barack Obama and British Prime Minister David Cameron announced last year among other joint cybersecurity projects between the two nations. The White House billed it as a showdown between the two prestigious schools, both known as heavyweights in the world of computer science.
But the colleges opted to make it a friendlier match. Instead of facing off against each other, the schools assigned their top hackers to six teams made up of students from both institutions. Teams will gather at MIT on Friday and then, for a frenzied 24 hours, try to hack into their opponents' computers and steal a trove of files.
"This isn't us versus them," said Howard Shrobe, a principal researcher at MIT's Computer Science and Artificial Intelligence Laboratory, which is hosting the event. "It's the best of both schools working together."
Along with bragging rights, winners will receive cash prizes of more than $20,000. It's intended to be the first in a series of global cybersecurity competitions.
After a summit in Washington last year, Obama and Cameron jointly called for wider collaboration on cybersecurity. It was only weeks after the U.S. government accused North Korea of hacking computers at Sony Pictures Entertainment Inc. The leaders also agreed to form a joint "cyber cell" among their national security agencies, among other measures.
Major breaches like the Sony hack have underscored what experts say is a shortage of cybersecurity professionals. An industry group reported last year that 86 percent of its members believe there is a shortage of skilled workers. The contest at MIT aims to spark interest in the field and to promote cooperation among academics.
"It is essential for us to work together and compare notes," said Frank Stajano, leader of the Academic Centre of Excellence in Cyber Security Research at the University of Cambridge, which is sending 10 students to the competition. "If you're not at least as good as the bad guys, then you have no chance against them."
Hacking competitions have been gaining popularity in recent years, both as sport and to train students for jobs in cybersecurity. By carrying out attacks, students learn to uncover weak spots in security systems and, in turn, build better defenses. On Friday, students will use computers that have hidden vulnerabilities already built-in.
"You have to identify them and patch them before other competitors notice them," said Rahul Sridhar, a sophomore competitor from MIT.
The event is styled after other so-called "capture the flag" hacking competitions, including an annual contest at the Def Con hacking conference that draws top professionals.
For the competition Friday, teams are encouraged to use any means necessary to retrieve the files they're hunting for. They can stick to hacking or try to trick opponents into divulging key information. It's meant to replicate a real cyberattack, with students thrown into the middle. Side events will let students tackle other challenges, including a lock-picking contest.
"Part of cybersecurity is physical security, too," Shrobe said. "Plus it's fun to learn how to pick a lock."
Both schools provided training to their students in recent weeks to sharpen their hacking skills. At the University of Cambridge, Stajano is already planning to add that training to the broader curriculum.
Meanwhile, organizers are already talking about arranging a sequel next year, perhaps with other institutions from around the world.
"The bad guys are organized," Stajano said, "so the good guys have to be organized as well."