An Amrita team of students recently participated in Hacking at Random 2009 — Capture the Flag Contest (HARCTF). Administered by Trier University, Germany this year, this is a well-known worldwide contest open to undergraduate and graduate students. The Amrita team comprising of B Tech students was the only team from Asia to participate, and was one of the few teams of undergraduate students that competed with teams of mostly graduate students. The team placed 14th among all 39 contestant teams from around the world.
 
“I am proud of our team,” stated Vipin Pavitran, who mentored the students. “Hrishikesh Murali and his teammates Zubin Mithra, Varrun Ramani, Avinash Joshi, Radesh, and Arvind have also participated in prior contests run by the University of Siegen in Germany and by the University of California, Santa Barbara, USA. “Overall we are very good in defense mechanisms,” added Sajan Kumar, faculty at Ettimadai, who has also trained students for these contests. “Now we can possibly train students on attacking strategies also.”
 
With the proliferation of sensitive data residing on computers and being transmitted over the internet, hackers have discovered that cyber crime is a profitable venture. Examples of cyber crime may range from pranks such as defacing a website, to stealing credit card numbers and using them to purchase goods and services, or even attacking a country’s defense system or utility grid. Part of the motivation for cyber criminals is the high they get from outwitting clever security schemes. It is important therefore to educate computer professionals on the use and programming of computers in a secure manner. What better way than to have games that simulate cyber crime? Robbers and Police online!
 
In HARCTF, the image of an operating system with added services was distributed to each team. The services had deliberately-introduced vulnerabilities. Each team had three ways to gain points — they could patch a vulnerability to get defense points, they could use the vulnerability to attack another team’s computer and bring it down for attack points, and finally they could gain advisory points by providing useful tips to other teams.
 
For example, a pretend service offered by the virtual buggy computer was to get a car’s make and model number based on the user-submitted VIN (Vehicle Identification Number). There was a deliberately introduced bug, wherein if a user input 0 as the VIN, the buffer would overflow on the server, causing it to crash. The contestants were expected to read the source code of the service that was provided with the image, locate bugs and use those to get points.
 
“The contest was a great experience,” later shared the students. “Students at international universities practice every week for these contests. We also plan to train more and involve junior students also, so that Amrita participation in these contests grows. We want that the flag of competition and excellence in Cyber Security at Amrita is ever flying high.”

August 28, 2009
Amrita School of Engineering