Carnegie Mellon University
March 31, 2017

CyLab Challenges Young Students To Give Hacking a Try

By Daniel Tkacik

Carnegie Mellon University's CyLab is teaching middle- and high-school students the basics of hacking.

CyLab, CMU's Security and Privacy Institute, is hosting its third annual picoCTF competition, a nationwide online computer security contest, March 31-April 14.

Image of students in a classroomThe virtual game of capture the flag (CTF) previously has drawn nearly 30,000 people.

"Right now, we're facing a tremendous shortfall in computer security experts," said David Brumley, project lead for picoCTF, the director of CyLab and a professor of electrical and computer engineering. "The root of the problem is that most people don't even know that computer security is a field they can go into. Building awareness is a major goal of picoCTF."

Players will be competing for over $30,000 in prizes, thanks to this year's corporate sponsors. Anyone may register to play in the free online competition, but only U.S. students in grades 6-12 are eligible for prizes. Registration will remain open until the end of the competition.

Participants will learn to reverse engineer, break, hack, decrypt or do anything necessary to solve a series of challenges centered around a storyline. Challenges start out easy and become increasingly difficult.

"To get started, you just need critical thinking skills," Brumley said. "We lead you throughout the game to develop more and more sophisticated notions of computer security so that by the end, you're solving real crypto problems and performing at a high level."

Tim Becker, an undergraduate student studying computer security at Carnegie Mellon, played picoCTF in 2013 as a high school student and uncovered his hidden talent.

"I competed with some friends for fun, but none of us expected to do that well," Becker said. "But we ended up finishing in third place, and that's how I ended up getting into this field."

Today, Becker is a captain on Carnegie Mellon's student hacking team, the Plaid Parliament of Pwning (PPP). The team has won DefCon's Capture the Flag competition — informally known as the "Super Bowl of Hacking" — three times in the past four years.

The Carnegie Mellon team has open-sourced picoCTF, enabling teachers to run their own versions of the competition. Because of this, several high schools have made their own version of picoCTF and have introduced thousands more K-12 students to computer security, such as Phillips Academy CTF, High School CTF and Thomas Jefferson CTF.

Carnegie Mellon CyLab is a university-wide initiative working to develop new technologies for measurable, secure, available, trustworthy, and sustainable computing and communications systems.