http://cosmiclog.msnbc.msn.com/archive/2007/05/21/199009.aspx By Alan Boyle May 21, 2007 They weathered the worst that hackers could throw at them, and still kept their computer network running strong. Fueled by pizzas and pop, 19 teams of high-school students pulled an all-nighter over the weekend, during a computer security competition aimed at rewarding kids for being the good guys rather than the bad guys. "The kids had a blast," said Doug Jacobson, director of the Iowa State University's Information Assurance Center and one of the organizers of the weekend's High School Cyber Defense Competition at the Ames campus. The idea behind Iowa State's high-school contest - as well as its big brother, the National Collegiate Cyber Defense Competition - is to turn students into system administrators for their own computer networks. On the big night, the student "Blue Teams" are pitted against a "Red Team" of upper-class and professional security experts who try to hack those systems. "It's like the real world," said Jessica Archer, project manager for the collegiate program. The competitions run overnight, lasting 15 hours for the high schools and 24 hours for the colleges. During that time frame, the students are asked to change passwords, reconfigure Web sites, deal with sometimes-clueless network users and cope with anomalies ranging from hardware failures to mock fire drills. All the time, the Red Team members are trying to hack their way into the networks - and often succeeding. "One of the things they love to do is put pictures of themselves on the kids' Web sites," Jacobson said. During last weekend's competition, judges doled out demerits for system downtime, exploited network vulnerabilities and anomalies that aren't dealt with. The teams could have some demerits taken away by fixing the problems and explaining how they did it. At the end of the competition, the team with the fewest demerits won. For the second year in a row, West Des Moines Valley High School took the weekend's top honors. Team adviser Dave Cochran credited the win to a high degree of preparation, with support from professional mentors at a local computer security firm. But team member Michael Flagg, a 17-year-old junior, said plain old vigilance played a role as well. "How we won is that we watched our network activity like a hawk," he told me. "The purpose of my machine was for people to write code. The second they'd write, I would open that [code] up, and if I identified it as a threat, I would just delete it right beneath them, even before they could run it. We got a few points for that." This might sound a lot like work and not much like play - but once the cat-and-mouse competition gets going, it's as gripping as a video game. "Typically what we see is that none of the teams will take breaks," Archer told me. "They're so focused and so into it that they just sit in the room the whole time, working." Archer was talking about college students, but the high schoolers clearly felt the same way. "I'm going to do this again next year," Flagg said. Here's what the other members of Valley High's team said: * Ryan Tew, an 18-year-old senior and budding computer scientist, was the school's only returning Blue Team member. "This time, it was pretty much the same. There was a lot more activity throughout the night. ... The thing I learned the most about was how to use Active Directory to limit different users' activity on the computers." * Jordan Shkolnick, a 17-year-old senior, was the team's only woman. She admitted that she sometimes found herself doing "girlie" jobs but for the most part was treated as one of the guys. And being a female computer whiz isn't all bad: "Basically, it gives you an advantage, because they don't think you know anything or can do anything - so you can take them by surprise." * Joel Miller, a 16-year-old junior, said this weekend's contest was a huge learning experience: "Everything was a surprise. We just didn't know what was going to happen when we went into this, because they try to keep us on our toes. ... When you're working with other people, it makes it a lot more fun." * Trevor Nelson, an 18-year-old senior, said his classmates thought it was "pretty cool" that he was on the Cyber Security team. "Some of them wish they knew about it before, because they wanted to join," he said. * Joel Miller, a 16-year-old junior, said this weekend's contest was a huge learning experience: "Everything was a surprise. We just didn't know what was going to happen when we went into this, because they try to keep us on our toes. ... When you're working with other people, it makes it a lot more fun." * David Turner, a 17-year-old junior, said that he had no experience with computer security issues before joining the team - and that his involvement has given him a new perspective on computer hacking. "I hadn't heard about the bright side of hacking," he said. "I never realized that this kind of stuff could be put to a good use." Jacobson said that's a big take-home lesson for kids who run counter to the stereotype of a teenage hacker. "It's not really complicated to get the hacking tools and go attack something," the professor told me. "What they realize is how challenging it is to defend. ... You have to win every confrontation, and the attacker has to win only one." Of course, the Red Team gets to have their fun as well. "They look forward to the high school competition because they get to play on the other side," Jacobson said. "They get to be the bad people." For high schoolers as well as college students, Cyber Defense marathons are much more than one night of geek glory: On the collegiate level, Texas A&M University won last month's nationwide competition and will be invited to the Department of Homeland Security's Cyber Storm II security exercise next year. I have a feeling those kids won't have to worry too much about finding jobs when they graduate. On the high school level, the schools that participated in the Iowa contest get to keep the computer equipment they were given during the buildup to this weekend's event - thanks to the project's sponsors. And Jacobson is already laying plans for a bigger, better "IT-Olympics" at Des Moines' Hilton Coliseum next April. "We hope to have about 1,000 kids next year," Jacobson said. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon May 21 2007 - 22:55:05 PDT