News

CyLab's picoCTF competition promotes awareness of computer security

For the third time, students all over the nation have the chance to participate in and compete for prizes at the annual picoCTF competition hosted by Cylab, the security and privacy institute at Carnegie Mellon. The online competition is open to people everywhere, but only middle and high school students in the U.S. are eligible for cash prizes, which totaled over $30,000 this year thanks to corporate sponsors of the event.

CTF stands for capture the flag, and this virtual game has previously drawn almost 30,000 participants. The major theme of picoCTF is computer security. Participants must solve a series of challenges surrounding a story line over a period of two weeks as the challenges get harder the further one goes in the competition. In essence, the competition, according to a university press release, teaches students “the basics of hacking.”

The challenges involve various computer-security related skills, such as reverse-engineering, hacking, or decrypting.

Even though the competition has already started, it is not too late to register, as registration is open until the end of the event on April 14.

The goal of the competition is not only to have fun, but also to promote awareness of computer security as a potential career field. Currently, there is a shortage of computer security experts, and one of picoCTF’s main goals is to make up for this shortfall, according to David Brumley, the electrical and computer engineering professor who also serves as the project leader of picoCTF and the director of Cylab. “The root of the problem is that most people don’t even know that computer security is a field they can go into. Building awareness is a major goal of picoCTF,” says Brumley in the press release. According to Brumley, the competition helps build the critical thinking skills necessary for thinking and performing at a high level in challenges relating to computer security.

Carnegie Mellon has open-sourced the competition’s code so that other schools can create their own CTF competitions which can introduce more students to the field of computer security. Many high schools have already done so, creating Phillips Academy CTF and Thomas Jefferson CTF, among other examples.

There have already been examples of successes in terms of getting students interested in the field of computer security. One of these success stories is Tim Becker, an undergraduate studying computer security at Carnegie Mellon and captain of the school’s student hacking team, the Plaid Parliament of Pwning (PPP). PPP has won DefCon’s CTF competition — often known as “the Super Bowl of hacking” — three times in the past four years. Becker got into this field because he competed in picoCTF in 2013 as a high school student and unexpectedly finished in third place, better than anyone on his team would have thought possible. “That’s how I ended up getting into this field,” says Becker in the press release.