It was 1 p.m. on a Saturday in March when University of Colorado senior Skylar Sokol realized someone was hacking into maestrogames.com and bogging down the server.
Sokol and his team, which included seven other CU students, scrambled to put up defenses against the hackers and block the faux website visitors from crashing the site.
“We had the website we had to maintain and then they started connecting to it with many computers and slowing down the server and trying to crash the system,” Sokol said. “We were fighting against them as they were attacking us.”
Sokol was leading CU’s team in the Rocky Mountain Regionals Collegiate Cyber Defense Competition — a two-day challenge designed to test students’ ability to defend a site against hackers. Protecting their fake company, Maestro Games, from crashing was the main goal. Despite the competitors’ doubts, the team took second place, just behind the Air Force Academy.
“Our strategy was to have fun, but we were expecting to get destroyed,” said Brian Carlsen, CU senior and competitor. “At the end of the first day they told us we were in first and we told them they must have had the list upside down.”
Carlsen said he has competed in solo competitions before, but the this was the first time a group of computer science students from CU had entered together.
Besides the challenges of working in a team setting for the first time, Carlsen said the unique nature of the competition added additional obstacles that made this particular test fun and interesting for the group.
“A lot of hacking competitions are offensive, so you’re trying to break in and steal information,” Carlsen said. “This one was defensive so when the hackers tried to break in we had to defend against them.”
The defensive nature of the challenge fit the CU team well since the eight competitors are all part of campus group Ethical Hacking, which focuses on hacking as a defensive strategy to protect websites and information.
The student group was formed in the fall following an ethical hacking class that was offered in the spring of 2011.
The first, and so far only, iteration of the class was a hit, students said, giving the computer science students a challenge that forced them to think outside of the box.
Computer Science professor John Black, who taught the class last spring, will offer the class again this fall through the College of Engineering online in the fall semester, according to the department’s website.
“It’s a really interesting way of problem solving that we don’t usually get in our computer science classes,” Sokol said. “Hacking is not addressed in classes very often, but this was fun — like a game — and I think that’s why so many students enjoyed the class and wanted to keep that atmosphere going when it was over.”
Every other Thursday night, a group of about 20 students meet in the Computer Science Education Laboratory in the College of Engineering and Applied Sciences to practice their defensive skills.
“We hack so that we can learn the inner workings of what’s going on behind the scenes,” Sokol said. “Then once we can see that, we can know how to protect against it.”
The group uses open sites online that are made for the purpose of allowing a site to be hacked without breaking any laws, Sokol said. Occasionally, the students will also build their own systems to hack.
“We don’t want to do anything illegal, even if it is with good intentions,” Sokol said. “This way we can still learn how to hack and spot holes in the systems without breaking any laws.”
Carlsen said the growing student group and their recent success in the regional competition has motivated the students to look for more tournaments and begin preparing for next year’s challenge.
“Now that we know we can do it, we will be better prepared for next year and maybe even win,” Carlsen said. “That would get us to the national competition and then we could really see what we’re capable of.”