MAGIC recently held its sixth Capture the Flag competition. Capture the Flag is an “ethical hacking” competition that teaches students about cybersecurity in an engaging and interesting way. Instead of studying the often confusing and abstract ins and outs of computer science, the event acts as a way to get students interested and excited about cybersecurity. Teams of two to four students solved a variety of puzzles related to cryptography, steganography, algorithms, encryption, and programming. After solving each puzzle, a string of text called a “flag” could be found – something like flag{interesting_flag}. By entering the flag text into a digital scoreboard, competitors could claim the points for that puzzle; the team with the most points at the end of the competition won.
Capture the Flag isn’t just a single event; eleven locations participated in CTF 006, with the main competition being held at the Community Media Center in Westminster, Maryland. Many of these events were located throughout the United States, but students from Järvamaa, Estonia and Quito, Ecuador also participated. The event was also live streamed on YouTube, with views from different participating locations. Snacks and pizza were provided for participants throughout the event, and we were also given a MAGIC sticker and laptop camera cover.
Before the competition began, Carroll County Sheriff Jim DeWees spoke to the competitors about the importance of using computer expertise for good, instead of to hurt people – as well as the numerous new opportunities for young people with skills in cybersecurity and computer science. This is especially important as a new generation of skilled hackers emerge and are looking for guidance on the best way to utilize their abilities. Capture the Flag showed another, more benevolent, side to hacking: protecting people’s data and money from malicious hackers and criminals.
Many of the puzzles were similar to those that have been featured at previous Capture the Flag events, but there were plenty of new challenges to solve. The puzzles were varied and represent a range of different cybersecurity-related skills. For example, some required the teams to repair corrupted image files, which involved researching the correct file headers and manually fixing the file data. Others provided messages encoded with a cipher or converted to binary or hexadecimal – students needed to figure out how the flag was hidden and then determine how to decode it to win points. Sometimes this was a one-step process, but other challenges took multiple steps to solve. A wide range of skills were needed to efficiently complete the challenges; while some involved searching through social media for information, others required knowledge of Python and hashing algorithms.
Aside from teaching technical skills, Capture the Flag helped students learn to work with a team to complete complex tasks; a skill that is crucial in any modern workplace. Many other skills were also highlighted during the event: working efficiently under pressure and quickly organizing and completing tasks that they might not be entirely familiar with (Google proved to be an invaluable resource). To be successful, students had to work together and combine different people’s knowledge to achieve a goal. CTF also allowed participants to network and build connections with local experts in a range of computer-related fields, including cybersecurity, helping to broaden their opportunities and discover new interests related to technology. In fact, many different elements of the event helped students to discover the things that they are passionate about – and helped to fulfill MAGIC’s mission of making our community “a hub of tech innovation and entrepreneurship.” Cybersecurity is one of the fastest-growing fields, and the need for trained experts is increasing rapidly. Capture the Flag was a way for students to discover a passion for cybersecurity or a related field.
All the challenges fell into three levels: 1, 2, and 3. Level 1 puzzles were the easiest, while Level 3 were the hardest; however, these also provided the most points. The easiest challenges could be solved in under a minute by some teams, while more difficult ones took up to an hour to complete. Hints were available for each puzzle, but some points would be taken away for every hint used. This proved to be crucial during the final moments of the competition: some teams solved every puzzle and received the maximum amount of points, but those that had used hints ended up with fewer points at the end.
Members of teams from previous years who successfully solved all of the puzzles returned as volunteers or coaches, helping teams this year and working on designing new puzzles. Coaches gave teams hints to help them solve problems they were struggling with (these hints did not result in any points being removed). The entire competition took three hours, and the remaining time was displayed on the scoreboard throughout the event, alongside the number of points each team currently had. A technical glitch about thirty minutes in led to some problems with the scoreboard, but the competition was able to continue without any major issues.
After time was up, prizes were awarded to the three teams with the highest number of points. Carroll Dream Team came in first, followed by FCCCyber and then UMUC, which took third place. Congratulations to all the winning teams!
As with all MAGIC’s events, Capture the Flag was very well organized and an amazing experience. Thanks to MAGIC and all the organizers, volunteers, and coaches who contributed to the event. I’m looking forward to the upcoming Capture the Flag 007!
