Berkeley's first cybersecurity competition team battles it out for second place in first competition
Last semester, student employees from Student Affairs IT, in coordination with other students from the Student Technology Council, formed UC Berkeley's first cybersecurity competition team. The team, named BERKE1337 (a portmanteau of "Berkeley" and "1337", a common online spelling of the word "elite"), aims to educate Cal students about information security and win digital glory in the process. The team started by focusing on the Western Regional Collegiate Cyber Defense Competition (WRCCDC), an event pitting 14 collegiate teams from California, Arizona, and Nevada against each other over a 24-hour period.
During the competition, teams were given an extremely hostile network of around 12 workstations and servers. Each of these machines was pre-infected with malware, misconfigured horribly, and in general built to be as insecure as possible. Throughout the competition, a professional Red Team attempted to hack in to the machines run by each collegiate team. Teams were given points for how well they defended against cyberattacks, how long the services they hosted were active, and how many challenges they completed (challenges generally involved writing reports, giving presentations, or setting up new services).
By the end of the competition, BERKE1337 ended up in 2nd, even though it was just our first year competing. In terms of points, we came in 2% behind the first place team, and 40% ahead of 3rd. This performance encouraged us to expand and make the team a Berkeley institution for years to come. This semester, we have recruited heavily, attracting many new members who are eager to learn about how to both defend and attack networks. We've expanded in to offensive security competitions as well--the team has competed in 4 "capture-the-flag" competitions since summer. These competitions involve a wide variety of challenges that must be completed in order to score points. Some might require you to break in to a web server, others involve reverse-engineering strange binary formats, and still others involve internet-wide treasure hunts. This variety allows the team to involve a lot of people at all skill levels, and make the student body more security-aware as a whole.
BERKE1337 plans to continue its track record at WRCCDC and expand to still more security competitions year round. Additionally, many skills learned in the course of these events end up being used to help keep SA-IT's networks safe, due to the close overlap between the BERKE1337 competition team and the SA-IT InfoSec team. There are a lot of security challenges in our networks today, and BERKE1337 is excited to take them on!