For a collegiate competition, a team of Cal State Fullerton computer science students hacked a fictitious company’s computer infrastructure to expose potential vulnerabilities.
The students who posed as “ethical hackers” — security professionals that identify a company’s potential cybersecurity threats — learned how to simulate a real-world, industry-level project to protect a company from cyberattacks, said undergraduate and team captain Brian Wang.
At the recent Technical Security Competition at Cal Poly Pomona, the students had to perform a security analysis, find flaws, write a professional report explaining their work and present their findings to a panel of industry judges — and their efforts earned the team a second-place win.
In addition to Wang, the other team members are undergraduates Jeffrey Guerra, Nikita Gupta and Allison Villapando and graduate student Farid Aalam. The students also are members of the Offensive Security Society, a student organization in the College of Engineering and Computer Science. Mikhail Gofman, associate professor of computer science and director of CSUF’s Center for Cybersecurity, is the organization’s adviser.
Wang explains the importance of participating in such competitions and learning these workforce-ready skills.
What was the team’s mission?
Our goal was to exploit weaknesses in Titan Smelting and Steelworks in Pittsburgh, Pennsylvania, which sells their products via the company’s e-commerce site. The company also has a contract with the Department of Defense to manufacture munitions. The company hired our team to provide an in-depth penetration test — a simulated cyberattack to evaluate the system — to ensure that its system is secure from hackers and to verify the company is in compliance with federal regulation standards to enter into defense contracts.
What did the team hack?
The team hacked the company’s internal network, which included several systems, such as the e-commerce shopping website, an online ventilation control website and a router that connected the company’s system to the internet. Our team was able to hack the ventilation website and the actual router itself. Hacking the router was the biggest deal because we had the potential to exploit every existing system within the company. The team also was able to literally shut down the server causing the entire network to crash, as well as find information on customers that have accounts on the shopping website.
Why are these skills important for students to learn?
A skill such as penetration testing is important because it teaches us not only how to keep a computer or network system secure, but also all the possible vulnerabilities that a malicious hacker would find. We also learn other skills required of cybersecurity professionals, such as how to document and explain to company executives the weaknesses and threats to their system.