Crack Me if You Can!
Computer security was thrust into the spotlight a few years ago, when North Korea crippled Sony Pictures Entertainment following the release of “The Interview,” a controversial action-comedy movie about an assassination attempt on North Korean dictator Kim Jong-un, and threatened retaliation against any theater that showed it.
The biggest cyber attack in history prompted Sony to cancel the New York City premiere and movie theater chains delayed or canceled screenings. While fans wondered how to prevent future assaults, David Brumley, an associate professor of electrical and computer engineering at Carnegie Mellon, came up with an answer: train students to be “white hat” hackers — ethical hackers trained to spot vulnerabilities in systems.
“My research team’s goal is to check software for exploitable bugs,” Brumley, director of the CyLab, explained in a blog post. “We want computers to find bugs that attackers may use first, so that those bugs get fixed.” His team is working on tools and techniques that mimic what a cracker can do, so security problems can be detected before the bad guys find them.
Students are part of protecting network systems. “We’re teaching students how to identify vulnerabilities and how to show that they are really exploitable,” Brumley said in an interview on ABC’s Nightline. “We need to teach students to identify vulnerabilities before the bad guys.”
While there are many courses in this growing field of computer security at the university level, the same is not true for high school students.
“Most guidance counselors don’t even know it’s a field,” says Brumley, who was motivated to create a computer security game, along with Peter Chapman and Jonathan Burket, targeted at middle and high school students called picoCTF. The game consists of a series of challenges in which participants must reverse engineer, break, hack and/or decrypt code to solve challenges.
Many computer-savvy students also participate in hack-a-thons to test their knowledge in real-life hacking situations. Carnegie Mellon students, for example, bested universities and even defense contractors to win the 2017 “DefCon Capture the Flag” contest for three of the past four years.
That victory in the “World Series of Hacking” came on the heels of a Carnegie Mellon start-up, ForAllSquare, winning $2 million from the Defense Advanced Research Projects Agency’s (DARPA) Grand Cyber Challenge. The team’s autonomous system, dubbed “MAYHEM,” scans software for bugs and fixes vulnerabilities. ForAllSecure was co-founded in 2012 by Brumley and two graduate students, Thanassis Avgerinos and Alex Rebert. The Pittsburgh-based start-up currently has eight employees.
Filed under: Special Features
Tags: Carnegie Mellon University, Computer Engineering, computer security, Cybersecurity, DARPA, David Brumley, electrical engineerng, hack, white hat hackers