Hello! My name is Josh Miller, and along with being the web editor for this website, I also am the president of the Mad Hatters cybersecurity club here at South Puget Sound Community College.
Our club is split into two groups: the competition team, and the general club as a whole. The general club meets once every other Friday at 3:00 in room 222 in building 34. Anyone can join this, and no experience in the field is required! We get guest speakers to talk to the club, have club members present projects, and have more experienced members and officers present on topics relating to cybersecurity. For example, one week I showed how to crack wifi passwords to get access to a wireless network, and importantly, how to protect your own network from such attacks.
The second group, the competition team, is a bit more advanced. Once again, anyone is free to join, but we are learning on the fly as we work on projects and prepare for competitions. As the name implies, the competition team focuses on honing skills relevant to participating in cybersecurity competitions, both in person and online. We set up, and are in the process of redesigning as of this writing, our own internal network for experimenting and practicing on. But what are competitions really like, and how do they work?
The main competition we work towards is the Pacific Rim Collegiate Cyber Defense Competition, or the PRCCDC. For this competition, we meet with many other colleges and universities in Pasco, at the Columbia Basin College. This year, we competed with colleges such as Saint Martin’s, Oregon State, Columbia Basin, Evergreen, and BYU Idaho.
To begin, let’s break down the structure of the competition. Each college has a team of around 10 people, forming what is called the “blue team.” We are given a mock corporate network to manage, secure, and optimize during our time in the competition, which is roughly 8 hours a day, for two days. However, we are not alone. Each blue team is assigned a few professional hackers, called the “red team,” to attempt to gain access to our network and deface, dismantle, and eventually destroy, assets in our network. This could include adding users with administrative access that they control, messing with the website that we had hosted, or slowing down the network with unnecessary traffic. There is also the “white team” which is our representatives for communication with the “black team,” which are the administrators over the whole competition and would help us with technical issues on their end, the “gold team” which leads the whole event, and the “orange team” which are our mock company employees.
The orange team played a major part, in that our fake supervisor and CEO of the “company” we did IT, help desk, and security for, would be the people we reported to. The orange team also consisted of general users that would request help from us. The “users” could contact us regarding hardware issues, software issues, or help with functionality, just like an actual help desk. This part of the competition made up about 45% of our points.
The next 45% of the points came from defending our network from the red team. We had quite a bit of a head start, so we had several hours before the red team was unleashed. In order to protect our network, we had to set up firewalls (which are protective devices and software used to filter out malicious or unwanted traffic), change weak passwords, and update old software with known vulnerabilities. However, while we would be multitasking, the red team would be solely focused on trying to breach our defenses. How did that turn out for us? Well, due to a miscommunication, we actually did not know that some of the passwords we were supposed to change, and were under the impression that we could not do so. As the security community calls it, we were “pwned” (pronounced like “owned”)in, as the red team told us later, roughly 30 seconds. In fact, they found the website that we were hosting, fixed the issues it had, and then defaced it, before we even knew it existed!
You may be wondering, where does the last 10% of the points come into play? This was a miscellaneous category, however a good amount of those points came from presenting to the “board of directors” about various topics. These obviously did not make up a lot of the point distribution, so we did not put a ton of effort into this.
How did we do? Well, unfortunately we did not do great. Not only was this our first year competing, we also were mostly 1st year students competing against schools with 4 year students, with many years of experience and practice. However, we knew that we would not have a stellar performance coming into the competition, and that this would be a learning year. We learned a ton about what to do, what not to do, and how to prepare for next year, so even if we didn’t win, we still gained a massive amount of experience and knowledge going into next year!
The whole trip was a blast, and we had a ton of fun out in Pasco for those 4 days. We made connections with other schools, learned a lot, visited cool places, ate great food, and played a ton of Uno! If you’re interested in Cybersecurity, hacking, computers, or anything of the sort, the Mad Hatters cybersecurity club meets every other Friday (May 26th is the next meeting) at 3:00 pm in room 222 in building 34. Feel free to pop in, say hi, and see what we have to offer!