Following the academic tradition of participating in the National Security Agency’s Codebreaker Challenge, Slug Security is proud to announce that we have won 3rd place in the 2022 Codebreaker Challenge. This is the third year in a row that UC Santa Cruz has placed in the top 10. We are very proud of our team’s accomplishments, and we look forward to participating in the 2023 Codebreaker Challenge!
About the Challenge
The Codebreaker Challenge (CBC) is a competition organized by the National Security Agency (NSA) to promote cybersecurity awareness and motivate students to consider careers in this field. The competition comprises various challenges that simulate realistic cybersecurity vulnerabilities and attacks. These challenges are intended to be manageable for students with varying levels of expertise, and the competition is open to all students in the US.
This year, the competition drew over 4,800 participants from 450 schools and ran from August 8th to December 9th.
About UCSC’s Team
This year, UCSC was represented by a total of 94 participants, including 86 students, 7 alumni, and Alvaro A. Cardenas, the club’s faculty advisor and an associate professor of computer science and engineering at UCSC. Among all the teams that took part this year, UCSC stood in second position in terms of solvers.
Those who successfully completed all challenges received a medallion and a signed letter from Paul M. Nakasone, director of the National Security Agency and chief of the Central Security Service. Those solvers representing UCSC are Jeffrey Zhang, Brian Mak, Steven Mak, Nancy Lau, Iakov Taranenko, Jackson Kohls, Maxwell Kunes, and Victor Ho.
This Year’s Challenge
This year’s challenge involved a hypothetical ransomware attack on a fictional company. Participants, who played the role of NSA analysts, teamed up with the FBI to investigate the attack through nine different challenges of different levels of difficulty. The investigation began by examining VPN logs to identify the compromised account and progressed to analyzing the ransomware software used in the attack. The next step was to locate a hackers’ forum that functioned as a market and platform for ransomware.
In order to continue the investigation, participants were required to use SQL injection vulnerabilities on the forum’s website to gain access to the administrator’s account and the attackers’ database. Ultimately, participants were able to reverse-engineer the ransomware software and uncover the encryption key, allowing them to recover the victim’s data.