Many have heard of cyber security but little do we know that the notion of computer security dates back to 1883 when August Kerckhoffs laid the foundations for modern cryptography. This was to make him universally recognized as the father of all computer security. Kerckhoffs’ principle, which was initially applied to telegraphs, declared the significance of the key in the creation of algorithms. In simpler terms, it is thanks to this man that we use passwords and pin codes today!
With the growing numbers of people online and due to the Covid-19 pandemic resulting in more employees working from home, this concept has increased in importance and entities have shown an interest to invest more in cyber security, resulting in high demand and low supply of workforce worldwide. To this effect, our efforts are geared towards encouraging interest in this area with the hope that emerging talents are developed.
Therefore Cyber Security Malta, the national cyber security awareness and education campaign, has launched a 24 hr online National Hacking Marathon to engage interest in cyber security amongst youngsters from 16-25 years old.
To ensure a good preparation for this Challenge, those who registered were invited for an online session, organised by the Information Security and Governance Department within MITA, covering various domains. These varied from vulnerability assessments and tools, reverse engineering, forensics and web application exploitation to national legislation on hacking.
This was complemented by another session to explain the Capture the Flag (CTF) platform that was to be used during the Challenge. The session was delivered by Root-Me experts who provided this platform.
This Challenge took place between the 31st July and 1st August 2021 and 40 participants registered for the event, 3 of which were female, an encouraging number (but still space for more) for women in cyber. There was a mix of participants ranging from security analysts to those working in networking and even researchers and mathematicians. There were also students studying for their Bachelor’s, Master’s and PhDs degrees.
This challenge included 28 jeopardy-style challenges to be solved in the fields of web application security, network security, cryptography, exploitation, reverse engineering, forensics and other domains, all of which were explained in the online session provided to registrants prior the Challenge.
The participants had a tough 24-hour Challenge, with some of them getting minimal sleep, others ‘fearing’ sleeping because that was time lost from completing the challenges, whilst consuming food and sugary drinks to keep awake and active. Some were posting solutions as soon as they solve the challenges, whilst others were leaving the solutions and posting them all at the end to surprise the others.
On 1st August afternoon, participating teams had to prepare an online presentation. The judges allocated marks both to the technical knowledge and to the presentation skills. All participating teams were given the opportunity to hear each other presentations, thus ensuring that teams could learn from each other. The winning team, Blink, was announced on the 2nd August and it was awarded €1000 prize voucher. What followed then was a shortlisting of 16 participants who were invited for a physical interview to assess both their knowledge in the various domains and their commitment to the events that were to follow. Following these interviews, they were further shortlisted to 12 participants.
These were then invited for a Team Building event on the 11th August at MITA Offices at Smart City where they were encouraged to solve problems individually and also as a team. These activities were designed to help the shortlisted 12, who at that point were strangers to each other, get together and break the ice. A session on Presentation Skills also followed and the participants were given tips on how to deliver a good presentation.
An intensive Boot Camp training followed between the 16th and 20th August where training was delivered by a CQURE expert, Dr Mike Jankowski-Lorek. This training was tailor-made according to the needs of the participants to ensure maximum benefit to all. The various domains were exploited, and participants had the opportunity to strengthen their strengths and work on their weaknesses.
All this preparation will lead to the selection of the final 10 participants that will make up the National Team to represent Malta in the European Cyber Security Challenge (https://ecsc.eu/) in Prague, Czech Republic between the 28th September and 1st October 2021, an annual event organised by the European Union Agency for Cybersecurity (ENISA). During this event teams representing the different Members States compete in jeopardy challenges, aiming to have fun, learn and ultimately, win.
Whilst we wish the final 12 participants good luck, we look forward to establishing the team that will go and represent Malta in Prague.
GOOD LUCK MALTA! GO AND CAPTURE THE FLAG!