Select Page

Cybersecurity team rocks conference with surprise hacking competition

ASU computer science faculty hosted virtual capture-the-flag contest in Honolulu

by | Dec 31, 2024 | Features, Students

An illustration of the Hawaiian Islands commissioned by Adam Doupé and a team of researchers from the Center for Cybersecurity and Trusted Foundations, or CTF. Doupé serves as director of CTF and is an associate professor of computer science and engineering in the School of Computing and Augmented Intelligence, part of the Ira A. Fulton Schools of Engineering at Arizona State University. He and his team organized a hacking competition at an industry conference in Honolulu. To begin the competition, participants clicked on various parts of the map above. Illustration courtesy of CTF

In 1985, E.T. phoned home, Michael Jordan was named Rookie of the Year and Cherry Coke hit store shelves. That same year, top computer security professionals convened in McLean, Virginia, for what would become the first Annual Computer Security Applications Conference, or ACSAC.

The group of experts discussed and debated newly released reports on an emerging area of concern: computer crime.

This year, ACSAC celebrated its 40th installment. It is now one of the world’s oldest computer security conferences. At a five-day event in December at the Alohilani Resort in Honolulu, Hawaii, leading researchers from academia, industry and government continued their efforts to address pressing cybersecurity concerns.

ACSAC conference organizers figured the pros could use a bit of friendly competition.

At the conference, researchers from the Center for Cybersecurity and Trusted Foundations, or CTF, announced a surprise hacking competition for conference attendees. CTF is a research laboratory jointly positioned in the School of Computing and Augmented Intelligence, part of the Ira A. Fulton Schools of Engineering and in the Global Security Initiative at Arizona State University.

The competition design efforts were led by Adam Doupé, an associate professor of computer science and engineering in the Fulton Schools and director of CTF.

“We were hoping to spice up the conference with a competition that ran concurrent with other activities,” he says. “Ideally, the activities exposed attendees to new ideas and concepts in a way that was engaging and fun.”

Working with ACSAC organizers, Doupé and his CTF team developed cybersecurity challenges. Conference attendees competed in a series of capture the flag exercises, playing for Amazon gift cards.

While the hackathon provided some of the world’s best cybersecurity researchers opportunities to showcase their skills, perhaps the biggest prize of all was the bragging rights.

Capture the flag” is an outdoor game in which two teams compete to be the first to retrieve a flag, or marker, from the opposing team’s territory or designated base.

A similar competition can be played in a computing environment. Cybersecurity experts, like Doupé, hide cryptographic tokens, typically short lines of code, in parts of a system that are supposed to be secure. To win the game, competitors must identify security vulnerabilities, bypass them and find the hidden line of code.

Doupé says that the competition developers worked hard to create challenges that were inspired by the ACSAC’s anniversary celebration and to honor the organization’s long and lasting roots in the cybersecurity community. Several of the activities involved leading-edge technology, exploring the use of artificial intelligence, or AI.

Others gave a nod to old threats, like the Morris worm, an infamous 1988 exploit that effectively shut down the early internet and resulted in the first U.S. felony conviction for a cybercrime.

“Exploits like the Morris worm were a big wake-up call to the community at the time,” Doupé says. “People in the technology sector had built these systems that allowed computers to start talking to each other. But, in the beginning, nobody thought about the potential security problems.”

Doupé explains that much of the sense of community that developed through organizations such as the ACSAC resulted from experts coming together to tackle emerging threats. He believes it was nostalgic fun for researchers to revisit similar problems and for early-career cybersecurity professionals to see legacy systems in action.

One especially novel aspect of the new hacking competition was that it took place on the pwn.college platform. Developed by Doupé and Yan Shoshitaishvili, a Fulton Schools associate professor of computer science and engineering and associate director of CTF, pwn.college is a globally recognized online destination that combines a cybersecurity educational curriculum, a competitive practice environment and a set of communication tools to help users learn collaboratively.

For the ACSAC event, pwn.college provided all the tools competitors essential to participate, emulating old operating systems and providing a dynamic scoring system. Conference attendees needed nothing more than their own laptops and an internet connection to get to work.

The efforts of the ACSAC attendees are more important than ever. In 1985, cybersecurity was a relatively new area of concern. But in 2023, the FBI estimated that American citizens suffered a staggering $12.5 billion in financial losses due to cybercrime. The Cybersecurity and Infrastructure Security Agency continues to warn that water facilities, energy plants and the health care sector are vulnerable to cyberattacks.

The conference hosted planned talks by leading experts on topics such as the use of AI to build better cybersecurity systems, how to enhance blockchain security and how to train for cybersecurity emergencies. The CTF hacking competition operated as the other events unfolded.

Winners of the hacking competition were announced at the conference’s closing ceremony but all are now welcome to give the exercises a try. The capture-the-flag challenges can be accessed via the pwn.college site.

Congrats to the ACSAC winners!

  • First place: Ting Yu Fang, National Taiwan University.
  • Second place: Zhaofeng Li, University of Utah.
  • Third place: Marcell Szakaly, University of Oxford.

About The Author

Kelly deVos

Kelly deVos is the communications specialist for the School of Computing and Augmented Intelligence. She holds a B.A. in Creative Writing from Arizona State University. Her work has been featured in the New York Times as well as on Vulture, Salon and Bustle. She is a past nominee for the Georgia Peach, Gateway and TASHYA book awards.

ASU Engineering on Facebook