Security | News

Carnegie Mellon Team Grabs the Most Flags in DEF CON Competition

There are hackers, and then there are victors. Carnegie Mellon University's computer hacking team, the Plaid Parliament of Pwning (PPP), has for the second year running taken first place in a Capture the Flag competition at the DEF CON hacker convention.

In this type of contest participants have servers that they need to keep running and that every other team is trying to break into. Teams use whatever resources they have — Web hacking, patching, forensics, programming, binary reverse engineering, cryptography — to ward off attackers, wreak havoc on competitors, and steal away points. Or as organizer Legitimate Business Syndicate put it, "Fortune looks kindly upon boldness and skill. Failing those, she also seems pretty okay with treachery and subversion."

"Our team competed against universities and also against large defense contractors. This win is a huge accomplishment," said David Brumley, an associate professor of electrical and computer engineering and technical director of Carnegie Mellon CyLab. PPP grew out of an undergraduate computer security research group and currently has 35 students from the College of Engineering and the School of Computer Science. For the latest DEF CON, the team was limited to eight people.

"Our first day was a bit rough, but once we got in the swing of things we were able to take the lead pretty quickly," said team member Tyler Nighswander. "I think teamwork is really what gave us an edge and let us work so efficiently together."

cmu, a second CyLab team, won the Street Division category in "Crack Me If You Can," a 48-hour contest sponsored by security services firm KoreLogic Security. That activity required teams to expose or "crack" encrypted passwords; the goal: "to help push the envelope of password cracking techniques." The Carnegie Mellon team for that included one high schooler, Jonathan Bees, who interned in CyLab's Usable Privacy & Security (CUPS) Lab.

About the Author

Dian Schaffhauser is a writer who covers technology and business for a number of publications. Contact her at dian@dischaffhauser.com.

comments powered by Disqus