ORONO, Maine — Computer giant Apple Inc. was attacked by hackers who infected employees’ computers, the Twitter account of Burger King was hit with online graffiti and a “MiniDuke” virus infiltrated government and agency systems worldwide — and that was just the last month.
“Cybersecurity is one of those topics people hear about a lot but no one knows a lot about,” Matthiew Morin, a junior at Champlain College in Burlington, Vt., said at the end of the 2013 Northeast Collegiate Cyber Defense Competition, held at the University of Maine. “They hear, ‘Oh, this big corporation was hacked’ [and] everybody needs to reset their passwords. There is a lot of stuff that goes on behind the scene.”
Morin, a junior computer networking and information services student, was Champlain’s team captain in the competition that pit one university against another in a cyberattack showdown.
“There are lots of this that happens that doesn’t make the press,” George Markowsky, organizer of the event and associate director of the UMaine School of Computing and Information Science, said Sunday of computer hacking. “We’re training the next generation of cyberprofessionals.”
Ten teams from all over the northeast fought off a team of expert hackers brought in from around the nation for the annual three-day intensive competition.
Rochester Institute of Technology in Rochester, N.Y., took the top honors, with SUNY Institute of Technology in Rome, N.Y., and Massachusetts-based Worcester Polytechnic Institute ranking second and third.
Rochester also earned the right to participate in the 2013 National Collegiate Cyber Defense Competition in San Antonio, Texas, April 19-21.
The University of Maine team, which was missing two of its eight members, ranked sixth, after coming in third last year and second in 2010.
In the competition, a fake online sales company was created for each school, and then the Red Team, a team of 13 individuals skilled in cyberattack and computer hacking, attacked them, trying to access their data.
“We sold chemicals for some green energy company and everything was sold online,” UMaine senior Joe Aiken said. “If the system was down we couldn’t make sales and went out of business.”
The team took control of the company’s “vulnerable network and then tried to defend from hacking,” he said.
It’s the quiet hacker who gets in and gets out without anybody noticing that is the most troublesome, the UMaine computer science major said.
“It’s subtle,” Aiken said. “You don’t realize they’re there. That is what makes it really challenging.”
“We’re hard on you guys and that’s on purpose,” Red Team leader Daryl Johnson, a professor at Rochester Institute of Technology, which spearheaded the first competition in 2008, said to the group of 80 or so students. “These are all things that happen in the real world.”
In the six years since the competition began, there have been “enormous” changes in how information is shared on the Internet, Johnson said. And the list of those hacked includes federal agencies, congressional offices, financial institutes, universities and many others, he said.
Breaking into a system was once a bragging right for hackers, but things have changed and “all they are now interested in is money,” Johnson said.
As business and industries move to electronic means to move information and money, there is an increased need for trained people to protect the data, Markowsky said, and the competition is a great way to give students firsthand cybersecurity experience.
“There is a limit to what you can do in the classroom,” he said.
The competition began Friday and gave students hours upon hours of direct competition, as the Red Team did all it could to thwart their online systems.
“It [the competition] gives you a firsthand look at what is going on in the industry,” Morin said.
Keynote speaker Raphael Mudge, a Washington, D.C.-based security engineer, founder of Strategic Cyber LLC and cybersecurity author, said it’s not always hackers that take down systems. He told the students a story about an IT person at a U.S. Air Force base, which he did not name, who made a small mistake in 2005 that shut down the entire base.
“This does happen in real life,” he said.
“People will click things” and sometimes that leads to problems when they inadvertently give hackers easy access to their systems, Mudge said.
Determining when “someone clicks something bad — that’s your job,” Mudge told the students.
Writers from the Washington Post and Reuters contributed to this story.