UF repeats success at world's most prestigious hacking competition

August 13, 2007

GAINESVILLE, Fla. — Two professionals from the University of Florida Information Technology Security Team have won a computer hacking competition for the second consecutive year.

John Sawyer and Jordan Wiens, both senior security engineers, won the electronic Capture the Flag competition at the DefCon 15 conference Aug. 3-5 in Las Vegas. DefCon is the world’s largest annual computer hacker conference with more than 7,000 attendees this year. Sawyer and Wiens were part of the nine-member team “1@stplace” composed of security experts and enthusiasts from all over the U.S.

“Our entire team is extremely dedicated but focused on the goals of being challenged and having a good time as opposed to winning,” Sawyer said. “However, thanks to great leadership from ‘Atlas’ — the team founder and captain — along with good teamwork and communication, we managed to repeat our win.”

The Capture the Flag event, called WarGamez, has been organized for the last three years by Kenshoto, an elite hacker group. In June, more than 150 teams participated in the on-line qualification round, with the top seven teams advancing to the finals to compete against 1@stplace as the previous year’s winning team. During the finals, each team was given access to a virtual server running FreeBSD 6.2, a UNIX-like operating system, and about 20 custom programs developed by Kenshoto specifically for the competition.

To win, teams had to discover vulnerabilities in the services and exploit those vulnerabilities on other servers, all while patching and defending their own server. Successful attacks of other teams’ services were scored by stealing and overwriting “flags” consisting of 32 letters and numbers, hidden throughout files on each team’s server. The first two teams to exploit a particular service were awarded bonus “breakthrough” points. Additionally, scores were determined by whether a team was able to keep all its services running.