Modern field guide to security and privacy

Meet the winners of the Passcode Cup

After a four-hour hacking competition organized by Passcode on Friday, October 21, the team from the University of Virginia emerged as the winners.

Passcode, the cybersecurity project of the Christian Science Monitor, is pleased to announce the team CNSUVA as the winners of the first ever Passcode Cup, a digital capture the flag (CTF) challenge co-hosted by Passcode and Cal Poly Pomona.

Cyrus Malekpour, Collin Berman, Ellis Tsung, and Reid Bixler from the University of Virginia won the 4-hour hacking challenge — narrowly beating teams from Carnegie-Mellon and Tenable, a cybersecurity company based in Columbia, Md.

Dr. Dan Manson of Cal Poly Pomona (far left) and the Monitor’s David Grant (far right) present NCSUVA with their prizes at the Passcode Cup on October 21, 2016.
Michael Bonfigli | Caption

Hacking competitions like the Passcode Cup help train the next generation of cyberdefenders, developing both teamwork and technical skills. They also serve as networking opportunities and recruiting grounds for companies looking for new talent.

At this event, about a half-dozen information security professionals volunteered their afternoon to help students go through the challenges.

"I think the great thing about competitions like this, is that it really helps to get that next generation of talent in [the pipeline]," said Dan Waddell, managing director, North America for (ISC)², one of the event's sponsors. Waddell cited an (ISC)² study that projected a shortage of 1.5 million cybersecurity professionals by the year 2020.

This competition included a unique feature: a physical challenge present in the room that the competitors could manipulate. In this case, students from Cal Poly Pomona developed a mock water treatment facility that competitors could manipulate by breaking into the sensors controlling its pumps.

The idea behind the competition? Clever attackers will make savvy defenders.

“People don’t just attack straight on, they move laterally, they move in all directions,” said Susan Wilson, head of cyber solutions at Northrop Grumman, another one of the event’s sponsors. “The better skills you have in hacking and being able to get into that mode, the easier it is to think like an attacker and defend against it.”

Uber’s Alex Levinson explains the rules of the Passcode Cup capture the flag competition to a group of participants on October 21, 2016.
Michael Bonfigli | Caption

Capture the flag competitions are played on closed networks, allowing competitors to hack them without damaging the larger Internet.

Passcode used Facebook’s open-source CTF platform, which visualizes player’s movements on a map of the world and allows teams to keep track of their points and progress.