Cadets, students 'CANVAS' networks in hacking challenge

by Ann Patton
U.S. Air Force Academy Public Affairs

4/9/2010 - U.S. AIR FORCE ACADEMY, Colo. (AFNS) -- Seventy college and high school students hunted down design and implementation weaknesses for a fictional social networking site during the 2010 Computer and Network Vulnerability Assessment Scenario April 2, here.

College students from Colorado State University, the University of Colorado at Colorado Springs, Fort Hays State University, Arapahoe Community College and the Community College of Aurora participated in CANVAS as well as high school students from the local area.

"One cool thing is we have all levels of skills, from grad students to high schools," said Dr. Steve Fulton, a U.S. Air Force Academy computer science instructor. "It brings a very positive spin on this.

"It's an opportunity to use what they've learned in class," he said of the event's overall purpose.

Not only were competitors charged with identifying vulnerabilities and documenting them, but also were responsible for reporting the weaknesses and suggesting fixes.

"People do this every day and in the real world," said Cadet 2nd Class Derek Kvedar, Cadet Squadron 26. "Knowing how it is done is to know how to defend against it."

Competitors used desktop machines holding the "BackTrack 4" set of tools to sniff out vulnerabilities. Among the program's functions are information gathering, network mapping, web application analysis, privilege escalation and digital forensics.

Basic hacker methodology begins at the bottom of the trail with information gathering, then moves on to scanning and probing networks, gaining access, elevating their privileges within the network, and finally installing backdoors and removing traces of the intrusion.

Competitors received hints in handouts along the way, such as database applications' vulnerability to a hacking method that attempts to execute code on the computer hosting the database.

But hints were also built into the social networking sites themselves as well, like the name of a pet that computer users may commonly designate as a password. Substituting a special character into the password name would make users' accounts less vulnerable, but part of it is just getting lucky, Cadet Kvedar said.

The event gave students the chance to network with fellow computer enthusiasts.

"It was pretty fun," said Daniel Pearson, a media studies major and Fort Hays senior . "I gained some new experiences, and it was good to be exposed to something new."

Cadet 1st Class Jase Garcia, a computer science major with Cadet Squadron 02, said he also enjoyed the event's opportunities.

"I learned a lot and gained some valuable practical knowledge," he said.