Hofstra students participated in a cyberwar competition last semester which was hosted by the Department of Computer Science in partnership with the Fred DeMatteis School of Engineering and Applied Science. Both graduate and undergraduate students competed in a virtual game of capture of the flag which was an educational program that was designed to simulate world cybersecurity issues.
“The contest framework inherits from a real-world international capture the flag contest. It reflects the common vulnerabilities of modern operating systems and security threats that large organizations are facing every day,” Associate Professor of Computer Science Xiang Fu said.
Held in the Big Data Lab, the event challenged students to improve their skills in preparation for professional careers in the cybersecurity field.
“By encouraging our students to think in both ways – as an ethical hacker and as a system administrator, the contest exposes them to the real world challenge and assesses the learning outcomes of our academic programs,” Fu said. “We plan to make this contest annual, and in the future, we will invite computer science and engineering students from other universities in the region.”
A total of 24 students participated in the event where they were assigned separate servers and competed against opposing teams. The goal of the game is to develop and defend your server while trying to exploit the opposing server. This is done by maximizing your points while simultaneously minimizing your opponents’, and there are a variety of ways in which players can do so. Winners included undergraduate Mazharul Onim, as well as graduates Michael Cheng and Nicholas Kumia.
“The capture the flag competition is a competition where you own a server and are tasked with defending your own server, while attacking the servers of other competitors. In order to defend your server, you must patch security flaws and data leaks that exist in the server’s applications. Similarly, to attack the other servers, you must exploit the vulnerabilities that exist on their servers,” Kumia said. “It should be noted that everyone starts off with the same exact configuration with all of the same vulnerabilities. So as you find and fix problems with your server, you also find and create methods to exploit vulnerabilities on other servers.”
Kumia explained that a grading server keeps track of each team’s combined attack and defense score. Defense points are earned by defending your teams’ applications by maintaining that they are up and running in full working condition. Attack points are earned by submitting “flags” obtained from enemy servers to a grading server.
“The flags change every 10 seconds or so. As a result, you obtain one defense point every 10 seconds if the grading server detects your system is working correctly and one attack point for each enemy server flag that you submit (once every 10 seconds, duplicate flags do not count),” Kumia said. “Being able to think about solutions to these problems while actively applying the right ones at the right time is key. In actuality, this is no different from what you have to do in the real-world.”
Zachary Vampola, a senior computer science major who won the Creative Hacker Award at the competition, said, “I kind of pushed the rules as far as I could and by doing so I reinvented the challenge compared to previous years. It was a fun learning experience that actually taught me some stuff to use in my career.”
Plans for a 2017 Cyberwar competition are still underway.