ABOUT COSMIC LOG

Quantum fluctuations in space, science, exploration and other cosmic fields... served up regularly by MSNBC.com science editor Alan Boyle since 2002.

Alan Boyle covers the physical sciences, anthropology, technological innovation and space science and exploration for MSNBC.com. He is a winner of the AAAS Science Journalism Award, the NASW Science-in-Society Award and other honors; a contributor to "A Field Guide for Science Writers"; and a member of the board of the Council for the Advancement of Science Writing.

Check out Boyle's biography or send a message to Cosmic Log via cosmiclog@msnbc.com.



Teens fight off hackers

Posted: Monday, May 21, 2007 6:24 PM by Alan Boyle

They weathered the worst that hackers could throw at them, and still kept their computer network running strong. Fueled by pizzas and pop, 19 teams of high-school students pulled an all-nighter over the weekend, during a computer security competition aimed at rewarding kids for being the good guys rather than the bad guys.

"The kids had a blast," said Doug Jacobson, director of the Iowa State University's Information Assurance Center and one of the organizers of the weekend's High School Cyber Defense Competition at the Ames campus.

The idea behind Iowa State's high-school contest - as well as its big brother, the National Collegiate Cyber Defense Competition - is to turn students into system administrators for their own computer networks. On the big night, the student "Blue Teams" are pitted against a "Red Team" of upper-class and professional security experts who try to hack those systems.

"It's like the real world," said Jessica Archer, project manager for the collegiate program.

The competitions run overnight, lasting 15 hours for the high schools and 24 hours for the colleges. During that time frame, the students are asked to change passwords, reconfigure Web sites, deal with sometimes-clueless network users and cope with anomalies ranging from hardware failures to mock fire drills. All the time, the Red Team members are trying to hack their way into the networks - and often succeeding.

"One of the things they love to do is put pictures of themselves on the kids' Web sites," Jacobson said.

During last weekend's competition, judges doled out demerits for system downtime, exploited network vulnerabilities and anomalies that aren't dealt with. The teams could have some demerits taken away by fixing the problems and explaining how they did it. At the end of the competition, the team with the fewest demerits won.

For the second year in a row, West Des Moines Valley High School took the weekend's top honors. Team adviser Dave Cochran credited the win to a high degree of preparation, with support from professional mentors at a local computer security firm. But team member Michael Flagg, a 17-year-old junior, said plain old vigilance played a role as well.

"How we won is that we watched our network activity like a hawk," he told me. "The purpose of my machine was for people to write code. The second they'd write, I would open that [code] up, and if I identified it as a threat, I would just delete it right beneath them, even before they could run it. We got a few points for that."

This might sound a lot like work and not much like play - but once the cat-and-mouse competition gets going, it's as gripping as a video game.

"Typically what we see is that none of the teams will take breaks," Archer told me. "They're so focused and so into it that they just sit in the room the whole time, working."

Archer was talking about college students, but the high schoolers clearly felt the same way. "I'm going to do this again next year," Flagg said. Here's what the other members of Valley High's team said:

  • Ryan Tew, an 18-year-old senior and budding computer scientist, was the school's only returning Blue Team member. "This time, it was pretty much the same. There was a lot more activity throughout the night. ... The thing I learned the most about was how to use Active Directory to limit different users' activity on the computers."
  • Jordan Shkolnick, a 17-year-old senior, was the team's only woman. She admitted that she sometimes found herself doing "girlie" jobs but for the most part was treated as one of the guys. And being a female computer whiz isn't all bad: "Basically, it gives you an advantage, because they don't think you know anything or can do anything - so you can take them by surprise."
  • Joel Miller, a 16-year-old junior, said this weekend's contest was a huge learning experience: "Everything was a surprise. We just didn't know what was going to happen when we went into this, because they try to keep us on our toes. ... When you're working with other people, it makes it a lot more fun."
  • Trevor Nelson, an 18-year-old senior, said his classmates thought it was "pretty cool" that he was on the Cyber Security team. "Some of them wish they knew about it before, because they wanted to join," he said.
  • Joel Miller, a 16-year-old junior, said this weekend's contest was a huge learning experience: "Everything was a surprise. We just didn't know what was going to happen when we went into this, because they try to keep us on our toes. ... When you're working with other people, it makes it a lot more fun."
  • David Turner, a 17-year-old junior, said that he had no experience with computer security issues before joining the team - and that his involvement has given him a new perspective on computer hacking. "I hadn't heard about the bright side of hacking," he said. "I never realized that this kind of stuff could be put to a good use."

Jacobson said that's a big take-home lesson for kids who run counter to the stereotype of a teenage hacker.

"It's not really complicated to get the hacking tools and go attack something," the professor told me. "What they realize is how challenging it is to defend. ... You have to win every confrontation, and the attacker has to win only one."

Of course, the Red Team gets to have their fun as well. "They look forward to the high school competition because they get to play on the other side," Jacobson said. "They get to be the bad people."

For high schoolers as well as college students, Cyber Defense marathons are much more than one night of geek glory: On the collegiate level, Texas A&M University won last month's nationwide competition and will be invited to the Department of Homeland Security's Cyber Storm II security exercise next year. I have a feeling those kids won't have to worry too much about finding jobs when they graduate.

On the high school level, the schools that participated in the Iowa contest get to keep the computer equipment they were given during the buildup to this weekend's event - thanks to the project's sponsors. And Jacobson is already laying plans for a bigger, better "IT-Olympics" at Des Moines' Hilton Coliseum next April.

"We hope to have about 1,000 kids next year," Jacobson said.

MAIN PAGE

Email this EMAIL THIS

Comments

This is so cool! I'm really glad that the high schoolers are able to do this sort of thing and learn from it as well. Today's kids are so much more computer savvy than people my age and I'm more savvy than my parents. I learned about computers on TRS80s way back in the mid-80s so that's ancient to these youngsters. However, I do remember a friend (computer science grad) hacking our college's database so that we could play our online text games in the early 90s. The internet sure has come a long way. I hope these young people continue stopping hackers on the internet and in other aspects of their lives. Keep up the good work.

LL, Mattoon, IL (Sent Monday, May 21, 2007 8:30 PM)

I completly agree, the only downfall of this is that they are exposing them to new ideas.  The Thing about today is, we don't tend to do as much evil until we have come to understand it in some fashion.  (i.e if a kid watches a robbery on t.v he/she looks at all the things that were done wrong, then in his/her mind try to alter what could have happened).  Now granted they're not guaranteed to pursue this, still inhabits the fact that we are all faced with the choice to do good/evil.  The only thing we can do to control this is to control the knowledge of evil.  (completely an opinion)

 I have learnt through all my computer expereinces that when i am exposed and stop someones little Hack/crack i see how i could have bettered what they did.  I still think its a good idea to reward kids for doing the right thing.  This imbeds in their mind that great things do come out of doing good.  

Lay, T Pope AFB, NC (Sent Monday, May 21, 2007 10:18 PM)

This is an excellent exercise to teach our youth computer security and the how being on the good side is rewarding also.

To Lay, T Pope AFB, NC: Ignorance is what breeds evil. Do a search for "War is Peace; Freedom is Slavery; Ignorance is Strength." and see what happens when people try to control knowledge and get to decide what is evil or not.

tEA-TiME (Sent Tuesday, May 22, 2007 12:37 AM)

I think people do evil things whether or not they know about it. I would rather them learn in this type of setting and have group pressure to do the right thing rather than them learn from an outside source and start doing things on their own. Which I think would lead them down a path which would be a greater disservice to this world.

Matt, Omaha, NE (Sent Tuesday, May 22, 2007 1:47 AM)

I hope these kids look into amateur radio after all we were the the first wireless mode. we are on the internet and computers are other wireless modes that we use!!! 73's to you nerds n8ppr

dennis emerine (Sent Tuesday, May 22, 2007 2:29 AM)

WOW! What an excellent idea. Being more than fairly computer saavy (geek) and a former computer science major I find this type of competition completely fascinating. Most of the time (at least when I was in highschool in the late 90's) computer competitions consisted strictly of programming contests. Which basically boils down to the overall efficiency of the language being used and the depth of knowledge of the programmer(s) to utilize that language to its most efficient potential to quickly write a program to performa all assigned tasks. These competitions pit groups of human minds against eachother. Combine that with the fact that most of these kids are more than likely adept computer science students and i would like to see what new advances in security software and hardware these competitions will yield in the future. As for the right and wrong aspects of it. Well everyone makes their own choices, but keep this in mind: If you do not study the tools of your enemy its only a matter of time before he gets ahead. This is information warfare at its best. Bravo!

N. Rosato - Groton, CT (Sent Tuesday, May 22, 2007 8:39 AM)

The great part about this too is the re-understanding that the term "hacker" originated as a positive word, defining persons like myself that enjoy the art and spend hour upon hour in amazement about all that can be done with a computer.  It was the term "cracker" that was originated with negative meaning (coined in the mid-80s by hackers who wanted to differentiate themselves from individuals whose sole purpose is to sneak through security systems), and then followed by the general person's ignorance about the terminology and difference therein (coupled with media's misinterpretation that made the distinction all but go away).

Congratulations to another great year in healthy competition and many successes that follow those that enjoyed the event.

Shawn Thompson
www.pchacker.com
pchacker@hotmail.com

shawn thompson (Sent Tuesday, May 22, 2007 9:41 AM)

Why couldn't my school have something this cool? I would have loved to be in a group like this, but coming from a small town in Southeast Texas didn't give us much of a technological lead on things like this.

James, Bridge City, TX (Sent Tuesday, May 22, 2007 11:10 AM)

perhaps High School Cyber Defense Competition and National Collegiate Cyber Defense Competition need to get in touch with National Institute for Women in Trades, Technology & Science (National IWITTS) to see if they can do a little better with the gender representation. If males and females do think differently, all IT teams need representation of both for the most varied solution matrix.

b.o.o.h.o.o. (Sent Tuesday, May 22, 2007 11:10 AM)

I'm going to take this idea back to the college where I teach technology part time. I'd love to see my students get involved in something like this on a collegiate level.

Andrew James Riemer, Winsted, MN (Sent Tuesday, May 22, 2007 11:25 AM)

Jordan "found herself doing girlie jobs?" Just say no next time!

b.o.o.h.o.o, Athens, GA (Sent Tuesday, May 22, 2007 11:37 AM)

Good story

david, Phoenix az (Sent Tuesday, May 22, 2007 11:50 AM)

This is all good. I just wish the systems came along when I was in High School. pong.

John Lennon, Greenville, NC (Sent Tuesday, May 22, 2007 11:56 AM)

My son took part in the competition in Texas last month, he is going into network security and this was a good example for him to see how the real world could be. He was with the Univsity of Louisville team that came in 3rd place and they were excited to get third it was a long weekend but they enjoyed the challange.

Bennie Brooks, Bardstown, Ky (Sent Tuesday, May 22, 2007 1:01 PM)

Love the whole concept. As the only female (I refused then and now to use the term 'girl')in my high school who was a true geek...eons ago, when a slide rule was the ultimate geek toy...I'd have adored the chance to compete against others in such a fashion. And yes, I'm still a geek but took it in a different direction. Keep up the great, mind-expanding work. PS- went on to major in physics and chemistry, among several other degrees.

Molly, St. Matthews, KY (Sent Tuesday, May 22, 2007 6:38 PM)

Wow, I always wondered if such events happened around the glode. I am wonderig if such things happen here in Canada. Just wish it was so for when I was younger. It woudl have peeked my interest even more. As I was a computer class geek back in the 80's. (Yes I am dating myself here. I am now 40. LOL) I am hoping that schools and such in other parts will take this as a good example of how to help better the kids. And that the kids in turn, realize that there is a lot that they can do that is good. And also to help them better themselves as they get older. And realize that when they are called upon, they can use these talents to thwart what ever cyber threat comes around. I commend what is being done.

Gizmo, Winnipeg, Manitoba, Canada (Sent Tuesday, May 22, 2007 7:20 PM)

This is a wonderful event they have going on. I wish when I was in high school that they had events like this to keep us a more involved. It would be a great idea to integrate this event with school across the country. I wish you guys the best of lucky and hope to see more articles regarding this topic.

Daniel,Irvine, CA (Sent Tuesday, May 22, 2007 7:54 PM)

I am the Public Relations Chair for the Information Assurance Student Group Association (the organization that hosts this event).

In response to the ethical concerns of getting high school students involved in such an event, you should know that along with training on security issues we also discuss ethics.  The students are trained on how to secure, not necessarily how to attack, and they are well informed of this fact.  The other side is that they get to meet the people who research how to track down unethical hackers.  They also get to see the career options for Security Analysts.

I also wanted to mention that we are developing IASGA as a national organization.  We hold several Cyber Defense Competitions (CDC) throughout the year, including our national collegiate CDC.  These competitions are open to any team of students that are willing to travel to Ames, Iowa for the night of the competition.  We will also be looking for other schools (both High Schools and Colleges) to join IASGA with their own chapters.  If you wish that your school could do this, you can.  You can check out our website at www.iasga.org.   If want more information feel free to email me.

Ed Svaleson
IASGA Public Relations Chair
svaleson@iastate.edu

Ed Svaleson, Ames, Iowa (Sent Tuesday, May 22, 2007 8:27 PM)

Also, as the director of next year's Iowa State Cyber Defense Competitions, I wanted to drop a note that if you have a collegiate team that would like to participate in our national competition next Spring (Feb 2008) in Ames, please send me an email and we'll try to get it coordinated!

Ben Blakely
IASG President
CDC Director
bab@iastate.edu

Ben Blakey, Ames, Iowa (Sent Wednesday, May 23, 2007 10:02 AM)

That's really something I would've loved to do in high school. As a college student, it wouldn't be a bad idea either. Too bad I'm not an ISU student or an Iowa resident. Thank god they're starting to show people that you can defend yourself against "cracker" threats.

Asona, MO (Sent Thursday, May 24, 2007 2:02 AM)



SEND A COMMENT

PLEASE READ: All comments must be approved before appearing in the thread; time and space constraints prevent all comments from appearing. We will only approve comments that are directly related to the blog, use appropriate language and are not attacking the comments of others.

Message (please, no HTML tags. Web addresses will be hyperlinked):

Your name, city and state (John Doe, Seattle, Wash.): 

 Your e-mail address (jdoe@msnbc.com):

Your website (it's okay if you don't have one):

Remember me? (We'll keep it private)

TRACKBACKS

Trackbacks are links to weblogs that reference this post. Like comments, trackbacks do not appear until approved by us. The trackback URL for this post is: http://cosmiclog.msnbc.msn.com/trackback.aspx?PostID=199009

More Cosmic Log

Recent Posts:

Archives:

Categories:

Latest Tech & Science News

Syndicate This Site

Add Cosmic Log to your news reader:
live.com xml
myyahoo msn
bloglines newsgator
google

Links

MSNBC Weblogs