Student group hacks away for computer security

Just sitting in on a few of their meetings can give a technically savvy student enough ammunition to cause significant destruction on a computer network. But that’s not the objective of the Whitehatters Computer Security Club, and unless a student’s intentions are pure, access will be denied.

With the acquisition of knowledge as their main incentive – and the signing of an ethics statement mandated before joining – the Whitehatters partake in a variety of interests and activities. Although an outsider may mistake them for a bunch of computer hackers, the group has participated and excelled in numerous computer science competitions, all driven by the need for a more secure cyberspace.

Faculty sponsor and adjunct professor Jeremy Rasmussen founded the club two years ago with the ambition of participating in Capture the Flag (CTF) events.

“At our first meeting we had about 60 people show up,” Rasmussen said. “And it kind of dwindled from there; once we got into the hardcore computer science stuff, people can’t hang. I don’t know what they think hacking is.”

Capture the Flag is a multi-team hacking contest in which a number of teams compete independently against one another.

Whitehatters president Chris Lewis, a junior majoring in management and information systems, explained the basic premise behind his club’s activities.

“It’s not like we are hacking into CNN’s Web site,” Lewis said. “It’s a controlled

environment. There is an exploit in the program and you are reversing it to see what that exploit is. You don’t get anything once you’ve landed the exploit, just a congratulations, so it’s for learning.”

More specifically, the Whitehatters are learning how to stop malicious hackers from damaging computer systems.

“What is the problem in an application that’s allowing somebody to take the application and do what they want?” Lewis said. “All the competitions we are in focus around that context.”

The main competition that drives the Whitehatters’ meetings and discussions is the DefCon CTF held in Las Vegas. DefCon is the largest open computer security hacking game in the world, with more than 6,000 attendees at this year’s competition. During the event, teams battle against each other, protecting their machines and attacking their competitors.

As self-described computer geeks, the competitive drive behind their club is just like that of any sport.

“Some people are more natural at it and catch on a lot faster,” Lewis said. “But just like anything else, you have to work at it. At the end you can say, ‘I went out and did that.'”

A few of their notable accomplishments include placing fifth out of 150 teams in the 2007 Kenshoto DefCon CTF Qualifier under the name “0x28 Thieves” and third out of 25 teams at the 2006 UCSB International Capture the Flag.

“For the general public it probably doesn’t mean much,” Lewis said.

However, their skill is highly desired by government agencies where security is a big issue. Once out of college, there is a direct benefit for the members, he said.

“A lot of agencies have a strong interest in people with skills like this,” Lewis said. “At DefCon there are FBI agents scouting for potential employees.”

In today’s ever-advancing world of computer science, and the growing reliance society places on computer technology, the draw for malicious hackers seeking money and power is extremely high. Hackers can use an exploit to gain financial information as leverage against a company, or to get the company to do something, Lewis said.

“On the defensive end of the spectrum, you are going to be reversing to find problems in operating systems and programs and report those back so people know of them,” he said.

While a majority of their members are involved with academic computing, computer science and engineering, the Whitehatters are always looking for interested students to add to the mix.

“We will take anyone who is interested and ethical,” said Dustin Fraze, the Whitehatters vice president. “That’s a big thing for us. Some of the stuff we cover in presentations can be very dangerous if it’s used in the wrong way. We never explicitly say ‘this is how you break into this and (here are) ways cover your tracks,’ but if used in the wrong light, stuff we do can be used to do very malicious and destructive things, so we place high value in ethical people.”

Fraze, who is a junior majoring in computer science, explained that there has been at least one person they asked not to come back to the group due to questionable ethics.

USF’s computer security organization is joined by only two other Florida universities and according to Rasmussen, there is much to gain from their activities.

“This is a huge, growing, scary field,” Rasmussen said. “Every single day you hear about more vulnerabilities coming out, and you have to stay on the cutting edge.”

Natalie Gagliordi can be reached at (813) 974-6299 or oraclegagliordi@gmail.com.