Five students in the University of Maryland’s cybersecurity club won a national competition for solving challenges related to computer security.
The group was one of more than 500 teams to enter the virtual capture-the-flag competition, or CTF. A variety of CTFs challenge participants to solve computer security problems and to capture and defend computer systems. Each team for this competition was given challenges of different difficulties in different categories, similar to Jeopardy!.
“I didn’t really expect to win and am just kind of surprised at the effort our team put out to solve so many challenges,” said junior computer engineering major Josh Fleming, who was part of the winning team and is the secretary for the cybersecurity club. “On the first day we were competing we hit a lot of dead ends, but in the end we were able to pull ahead, so I’m pretty happy.”
Junior computer science majors Michael Bailey, Michael Reininger, Omer Yampel and Pete Heppenstall also participated in the event.
This competition, which has been held for six years, is sponsored by MITRE, a company that operates federally funded research and development centers.
There is a high school division, a collegiate division and a professional division, all with the same set of challenges. About 190 teams were part of the collegiate group, Fleming said. The cybersecurity club’s team not only won in the collegiate level by 50 points, but also beat every other high school and professional team.
“I am very proud of the students on the winning team, and think this speaks volumes to their abilities,” said Jonathan Katz, the Maryland Cybersecurity Center director and the club’s advisor.
The team members have 24 hours to download the challenge files and try to solve each one separately, Fleming said. In the beginning, only the easiest files for each category are open for download, he said. Once a team solves a beginner challenge and gains access to a more difficult file, every other team also has access to it, Fleming said.
The categories ranged from cryptography, which involves encrypting a file, to forensics, which could include trying to get information off of a computer, Fleming said. Of the 25 available challenges, the five students completed 16 of them.
Heppenstall, team leader for the competition and vice president of the cybersecurity club, pulled an all-nighter and ended up solving eight of the 16 completed challenges by himself, he said.
“One of my favorite challenges dealt with power analysis, where there was a piece of hardware with a cryptographic algorithm,” said Heppenstall, an individually world-ranked member for a different but ongoing CTF online competition. “We had to analyze the power usage on the hardware to extract the cryptographic key, which was super cool.”
The club has participated in about 10 capture-the-flag contests within the past two semesters, said Heppenstall, who has completed more than 50 of these competitions. The club has also started to host its own competition called UMDCTF. The first in-person challenge happened last April.
Students in the club created all of the challenges, Heppenstall said, and there are plans to host a second competition in 2018.
“Exposure to different components of computer security is one of the cooler things about this competition, since undergraduate courses here won’t teach you this stuff until you reach 400 level classes,” Fleming said. “For anyone who is interested in entering into a cybersecurity career, CTFs are a great way to get experience early on and I highly recommend it.”