By Johanne Adam
Student teams faced off in a competition where they had to simulate hacking into a computer network. They attacked the vulnerable network and disarmed its cyber defences, to take control. At the end, they told the fictitious company about the flaws that they discovered.
The attack took place during Cyber Security Challenge Ottawa (CySCOTT) on November 19, 2016. Students were also competing for the Ottawa Mayor’s Cyber Challenge Cup. Five of them will also be offered paid internships with employers like CGI, Bell Canada, Phirelight Security Solutions, the Bank of Canada and the Communications Security Establishment, all sponsors of this municipal and regional cybersecurity competition.
Why are these large organizations interested in this type of competition? It’s simple. They’re looking to recruit young hackers to help them defend against real attacks on their networks.
Indeed, despite the use of sophisticated protection measures and procedures, most organizations’ networks and websites are constantly under attack.
“A long time ago, hackers were just kids having fun and showing off to their friends. These days, we see more organized crime involved in such activities. Their objective might be to take competitors out of business. We also see a lot of politically motivated hacking, people trying to make candidates look bad through website defacement.”
― Professor Carlisle Adams, acting director, uOttawa’s School of Electrical Engineering and Information Technology.
The forces of good vs. the forces of evil
Not all hackers are cut from the same cloth. White-hat hackers don’t have the same ethics as the black-hat variety.
White hats infiltrate networks to detect flaws, and then quickly inform the organization in question so that it can correct the problem. In contrast, black hats are only looking to harm organizations, often for their own benefit.
“No one hears about white hat hacking. We help prevent cyberattacks. I’m a hacker, but I use my skills in a good way.”
— Joseph Roque, fourth year computer science student. Roque was among the participants at CySCOTT representing uOttawa.
“I had known since high school that I would study computer science, but since I’ve been at the University of Ottawa I’ve become interested in the security side. Right in first year, just by accident, I detected a flaw in the University network and I immediately reported it so it could be corrected.”
— Matthew Langlois, third year student in computer science, Faculty of Engineering. Langlois and his team represented the University of Ottawa at CySCOTT. They won second place.
“There is a good market for people with computer security expertise. They are hired in IT departments and also to build software with security in mind. It’s a good market for consultants also.”
― Professor Carlisle Adams
“I participate in hacking competitions for the challenge and also for the learning opportunity. These events place you in real world scenarios, with problems that companies have encountered in the past. You learn from your peers and experts in the field.”
— Joseph Roque
“For smaller companies that can’t afford this type of expertise, there is solid, useful information out there for free. Some websites offer security guidelines with lists of things to do and they typically offer very good advice.”
― Professor Carlisle Adams