The UCSB International Capture The Flag (also known as the iCTF) is a distributed, wide-area security exercise, whose goal is to test the security skills of the participants. The iCTF contest is organized by Prof. Giovanni Vigna of the Department of Computer Science at UCSB, and is held once a year (usually at the beginning of December).

The latest iCTF was held on December 4th, 2009, from 8am to 5pm, PST. It was won by the CInsect team, from the University of Hamburg, Germany.

There were 56 teams participating and more than 800 students playing. This was the largest security competition ever performed.

The theme this year was: "Know your enemy!". The goal of the game was to compromise the browsers of a large set of simulated users, steal their money, and make them part of a botnet. In order to compromise the simulated users the participants had to analyze the code of a number of browsers, and find vulnerabilities that could be exploited by executing a drive-by-download attack. In order to perform the attack, each team had to lure the simulated users to a web site under their control by publishing blog entries and using search-engine optimization techniques. This procedure followed the scheme used by actual Internet criminals. The goals of the exercise was to test the participants security skills and also educate them about the nefarious criminal activities carried out on the network today, so that they could participate in the design of a more secure Internet.

Below there are some more details about the competition:

Overview

The Capture The Flag contest is multi-site, multi-team hacking contest in which a number of teams compete independently against each other.

The goal of each team is to maintain a set of services such that they remain available and uncompromised throughout the contest phase. Each team also has to attempt to compromise other teams' services. Since all the teams received an identical copy of the virtual host, each team has to find vulnerabilities in their copy of the hosts and possibly fix the vulnerabilities without disrupting the services. At the same time, the teams have to leverage their knowledge about the vulnerabilities they found to compromise the servers run by other teams. Compromising a service allows a team to bypass the service's security mechanisms and to "capture the flag" associated with the service.

History and Background

The UCSB CTF evolved from a number of previous security "live exercises" that were carried out locally at UCSB. The first wide-area edition of the UCSB CTF was carried out in December 2003. In that CTF, fourteen teams from around the United States competed in a contest to compromise other teams' network services while trying to protect their own services from attacks. The contest included teams from UCSB, North Carolina State University, the Naval Postgraduate School in Monterey, the West Point Academy, Georgia Tech, University of Texas at Austin, and University of Illinois, Urbana-Champaign.

In 2004, the UCSB CTF evolved into an international exercise (hence, the name "iCTF"), which included teams from the United States and Austria, Germany, Italy, and Norway.

In 2005, the UCSB iCTF evolved into an intercontinental exercise, which included 22 teams from North America, South America, Europe and Australia. This was never be attempted before on such a large scale.

In the following years the size of the iCTF kept increasing. In 2008, the UCSB iCTF involved 40 teams and several hundred students, making it the largest live security exercise ever performed on the Internet.

The exercises up to 2007 were loosely based on the DEFCON Capture the Flag contest. Acknowledgments go to the Ghetto Hackers that did such a wonderful (and inspiring) job in organizing the CTF contest at DEFCON and to Kenshoto, who picked up the task of running the CTF and found ways to improve it. Many of the ideas of our iCTF are derived from the DEFCON CTF and the lessons learned by participating to the DEFCON contest.

Those exercises were different from the DEFCON contest because it involves several educational institutions spread across the different continents. The DEFCON contest includes locally connected teams only.

In addition, the DEFCON contest has always involved a limited number of teams. We developed a new network solution that allows a large number of teams to participate. The UCSB CTF is the largest existing live security exercise.

Finally, we used a novel technique, called "blending", to route traffic among the teams that allows for a more realistic experience.

Point of contact

The Capture The Flag (CTF) is organized by Giovanni Vigna, at UCSB.

This is the contact information: