Cyber Day HackFest educates on susceptibility to cyber attacks

Neil Wilcoxson discusses strategies with his team "Team Efail" at the Hackfest competition on Tuesday evening. Liesje Powers | Multimedia Editor

By McKenna Middleton | Opinion Editor

To recognize National Cybersecurity Awareness Month, Baylor’s second annual Cyber Day kicked off at 6 p.m. Tuesday in Cashion Academic Center. Cyber Day, sponsored by Baylor Information Technology Services, the Baylor School of Engineering and Computer Science and the Office of Corporate and Foundation Relations, aims to help the Baylor community become BearAware.

Cyber Day is a two part event featuring Tuesday’s HackFest as well as a panel discussion on protecting health data held at 2 p.m. Wednesday in Paul L. Foster Campus for Business and Innovation.

At HackFest, the first floor of Cashion Academic Center housed a cyber security exhibition geared toward a general audience, especially those with little to no knowledge of cybersecurity. Members of the School of Engineering and Computer Science led demonstrations to show the ways everyday devices can be susceptible to attacks.

McKinney senior Denton Wood, a computer science major, helped lead a demonstration on how bluetooth can make your device an easy target for hackers. Other interactive exhibitions included — which reveals whether an email address has been compromised –, examples of phishing emails and a spoofed wifi access point to demonstrate the potential danger of public wifi.

Dr. Jeff Donahoo, professor of computer science and event organizer, said a security breach on one database like Yahoo or Myspace can often affect a user’s other accounts like Uber if they use the same or similar passwords across platforms. Donahoo recommended using a password manager like LastPass which generates random passwords for each website you use.

“We don’t just want to tell you about the bad part, we want to say what are you going to do about this?” Donahoo said. “Well, the main thing you want to do about this is not use the same password for different websites. Plus, you want to use very complicated, long passwords at all websites.”

Wood said most cyber attacks are not targeting a particular individual. Often, average, everyday internet and device users are targeted in wide range attacks that go out to large groups of people, like phishing emails. Practicing cyberhealth can include changing passwords frequently or using a password manager, turning off bluetooth when not in use, keeping devices updated and being alert for phishing emails.

“There are little things like that that you can do that kind of put yourself above the curve and make you much less likely to get hacked than the average population. And oftentimes that’s enough to prevent the large majority of hacks on yourself,” Wood said. “So events like this just kind of promote little ways to be aware of the things that are going on to help people overcome those situations and help people prevent themselves from being hacked, and I think cyber literacy is really important, which is why I like events like this.”

The main event of HackFest, an eight-team cyber competition, pitted students against one another in a “king of the mountain” game. Teams worked for about 2 and a half hours to hack servers with vulnerabilities like bugs or misconfigurations and maintain control over the course of the competition. Baylor’s nationally ranked Collegiate Cyber Defense Team also participated in the event.

“Each of the teams has a computer, and this computer is really designed for basically trying to figure out what server is running in there, what are the servers and hopefully figure out what the flaw in the server is and then leverage those flaws to break in,” Donahoo said.

The game had another strategy element as contestants not only had to break in to servers, but also decide if they wanted to then gain points by finding and infiltrating other servers or by opting instead to increase security on their server to maintain control against other teams. Teams received points for hacking machines and for each minute they protected their control over each server.

“So I have to decide how I’m going to invest resources, which is what a normal cybersecurity person has to do because perfect security is impossible and getting close to perfection takes time,” Donahoo said.

Patrick Hynan, director of technology and facilities for the School of Engineering and Computer Science, said the HackFest competition is set up so teams of every level could make some points by putting their hacking skills to the test since the event was open to all students.

“The idea is that we want everybody here to be able to make some progress and be able to gain some points,” Hynan said. “So the idea is always to have a problem that’s solvable by one team — by the lowest common denominator — but have some problems that are not solvable by the highest common denominator.”

Cyber Day continues with a panel on cybersecurity of health data at 2 p.m. Wednesday in Paul L. Foster Campus for Business and Innovation room 240.