UF security professionals win world’s largest "hacking" competition

August 9, 2006

GAINESVILLE, Fla. — Who better to help defend the University of Florida’s information resources from hackers than award-winning security professionals?

Two members of the UF IT Security Team won the prestigious electronic Capture the Flag competition Aug. 4-6 at DEFCON 2006, the world’s largest annual hacker conference. DEFCON, commonly known as a hackers only conference, is also attended by geeks, security professionals, law enforcement and groupies.

UF Security Engineers Jordan Wiens and John Sawyer were part of the elite, eight-member team that won the DEFCON competition. The team, named 1@stPlace, which can be read as both first- and last-place in “geek speak,” was made up of various programmers and security experts from the United States who all shared a common passion for IT security.

“It was a lot of fun working with a great group of guys most of whom I’d never met before, but really coming together to act as a team,” said Wiens. “That was really the key to winning the competition — working together efficiently to take care of the many tasks that had to be done.”

In June, hundreds of teams attempted to qualify for this competition, but only eight succeeded. In a pre-announcement, Kenshoto, the group which hosts the CTF competition, said, “This year’s CTF will be a knock-down-drag-out-cyberninja war, the likes of which the world has never seen (except maybe last year).”

To win, groups had to detect vulnerabilities in software, defend a server, and exploit all vulnerabilities they found. Wiens explained that there’s really no one single flag in the CTF competition, but rather, thousands and thousands. Stealing and overwriting flags, or secret keys consisting of 32 digits hidden throughout files on a server, earned points to win the competition.

Taking advantage of skills he gained while working with the UF IT Security Team, Wiens was in charge of defense of the server by securing services through patching the vulnerabilities or protecting them in other ways.

Sawyer said participating in CTF was almost like performing on stage. “We were located in a large room with music and videos being projected on the walls while DEFCON attendees walked by and pointed at what we were doing,” said Sawyer.

Other than being recognized with the highest honor, winners of the team received a black badge that will get them into all future DEFCONs and a leather jacket which sports the event’s logo.

Wiens said Kenshoto is truly amazing. “It feels good to have won, but it’s also humbling to see the level of skill of the guys who run the competition,” he said.

This is the 14th DEFCON since the first in June 1993, and though the hotel location has changed, it has always been hosted in Las Vegas. Some of the more serious speaking topics this year included: Hardware Hacking, Fighting Organized Cyber Crime, Hacking Malware: Offense is the new Defense, and Rebuilding HARD DRIVES for Data Recovery: Anatomy of a Hard Drive. Livelier topic names included: Googling: I’m Feeling (un)Lucky and A Hacker’s Guide to RFID Spoofing and Jamming.

1@stPlace plans to return next year to defend its title.