Thousands of students from hundreds of universities have approximately 103 days, 10 hours, and 27 minutes to help the National Security Agency (NSA) disarm a remote-controlled improvised explosive device (IED) for this year’s Codebreaker Challenge.
The annual Codebreaker Challenge tasks students with exercising their hacking talent in response to a fictitious situation. This year’s challenge presents the fictional scenario of disarming a terrorist’s bomb. In order to disable the explosive device, participants must complete six tasks, which get progressively harder. The 2015 challenge featured four tasks. Last year, 2,217 students representing 329 universities took part in the Codebreaker Challenge. Participants enter on a rolling basis, so the NSA will know for sure how many people took the 2016 challenge in 104 days.
“The challenge is intended to inspire students in the fields of study that the agency needs and to show them the types of problems NSA faces daily,” said Clarese Wilson, public affairs officer at NSA. “It is a difficult technical problem that we hope students will have fun solving and is one we believe will stimulate interest in this area.”
Purdue University was one of the 329 universities represented in last year’s challenge. Mathias Payer, assistant professor of computer science at Purdue, teaches a software security class and a system security seminar. He also founded the Purdue b01lers Capture the Flag (CTF) club in 2014. Through the CTF club, students interested in coding engage in reverse engineering and cryptography competitions with other schools. Last year, two Purdue students were among the 54 that made it to Task 4 in the NSA challenge. This year, Payer said he anticipates at least 20-30 members of the b01lers CTF club will participate in addition to other students from the computer science and electrical and computer engineering departments.
“The CTF club fosters an open community where students can learn and train at their own pace,” Payer said. “In addition, the forensics club teaches interested students how to handle forensic tools.”
Kyle Cook, a computer science graduate student and research assistant at the University of Tulsa’s Tandy School of Computer Science, participated in the challenge last year and made it through the second of the four tasks. He said he was a beginner the first time around; the first task took him a couple of hours. Cook said he recently went back and looked at the task from the 2015 challenge and solved it in 10 minutes. He also said he was looking forward to participating in the 2016 challenge. He has already progressed through three of the six tasks.
“The challenges are simple enough so that people who may not know a lot about it can at least dabble. It’s always encouraging to see those challenges and tasks that may make it easier for newbies,” Cook said. “Last year, I learned a lot in the process and I really do want to stretch my own skills.”
Although thousands more still have the opportunity to enter the challenge before it closes in December, Robert Xiao, a Ph.D. student in Carnegie Mellon University’s Human-Computer Interaction Institute, is the current first-place winner for the 2016 challenge. The challenge opened at 9 p.m. on Sept. 9; Xiao had completed it by 3 p.m. on Sept. 10, working between his commitments as a graduate student. He said that the varying levels of difficulty between the tasks allow students of many experience backgrounds to engage in the activity.
“The sixth challenge had given me a lot of difficulty,” Xiao said. “This challenge is intended to be something that a professor can assign as coursework. It would actually make a great assignment. It’s a valuable exercise, teaching people what they need to know about cybersecurity.”