The world’s biggest student hacking contest hits 16 years in Brooklyn

November 15, 2019 Mary Frost
High school students competing in the Cyber Security Awareness Week (CSAW) games at NYU Tandon in Downtown Brooklyn. Eagle photo by Mary Frost
Share this:

The winners of the world’s biggest student hacking contest received cash prizes, scholarships and cyber cred, as the results were announced on Tuesday.

The event brought hundreds of students to Downtown Brooklyn’s NYU Tandon School of Engineering last week, where crowds packed the gymnasium for the annual Cyber Security Awareness Week games.

The collegiate competition was won by Perfect Blue, a team comprised of students from four universities. Montgomery Blair High School of Silver Spring, Maryland came in first in the high school category.

The challenges, designed to reflect escalating cyber security threats, included whimsically named games like Capture the Flag, PWNY Racing, Embedded Security Challenge, Hack ML and Hack 3D.

News for those who live, work and play in Brooklyn and beyond

The real life cyberattacks the games are modeled on are not at all whimsical, however. Nonstop attacks on financial institutions, retail businesses and other institutions have led to increased pressure to develop a supply of cybersecurity experts, and quickly.

Some of last week’s CSAW challenges were inspired by recent ransomware attacks on businesses and “malicious” breaches at Customs and Border Patrol.

Students at the high school level competed in the Red Team Competition, and top finalists received scholarships to NYU Tandon worth tens of thousands of dollars.

High school cyber hackers competed for cash and scholarships. Eagle photo by Mary Frost
High school cyber hackers competed for cash and scholarships. Photo: Mary Frost/Brooklyn Eagle

“Red teaming is the adversarial part of a cybersecurity organization company,” Marcus Barbu, a senior engineering student at NYU Tandon, told the Brooklyn Eagle. “So you have your blue team, which tries to protect your things — and the red team is who you call to test your defenses. This is a very common practice in companies.”

The red team gets “a fake statement of work for a city,” Barbu explained. “They’re testing all of it services and its websites for vulnerabilities, and along the way any additional conspiracies or mysteries that they uncover. They go down the rabbit hole,” he said. “There’s a lot to find.”

“Some of these kids are 13, 14 years old. If you can develop this talent when they are young, they get very, very good, and you end up raising the skill cap for an entire generation,” Barbu said.

In the real world, “The most common vulnerabilities aren’t even technical,” he added. “They come from password reuse, phishing, clicking on links in emails, things like that … It’s the mundane things that people really screw up on, and that causes most of the problems.”

The event was not all about hacking computers and networks. Student Xinyun Zhao gave demonstrations on how to pick a combination lock, a skill that appealed to many of the tech crowd.

“Lock picking is a class at NYU Tandon for extra credit,” she said. “We provide the locks and have volunteers teach people how to break the lock.”

Xinyun Zhao teaches fellow students how to pick a combination lock. Eagle photo by Mary Frost
Xinyun Zhao teaches fellow students how to pick a combination lock. Photo: Mary Frost/Brooklyn Eagle

The CSAW competition was started in 2003 by the students of Professor Nasir Memon, founder of NYU Tandon’s cybersecurity program.

“The biggest threat by far is the lack of trained talent,” Memon told the Eagle in March during a large-scale computer network attack drill called Cyber STRIKE. The U.S. will need “from one to two million cybersecurity professionals in the next five to 10 years.”

CSAW organizers are part of NYU Tandon’s student-led Offensive Security, Incident Response and Internet Security laboratory (OSIRIS).

Leave a Comment

Leave a Comment