HackFu, an annual cybersecurity challenge hosted by MWR InfoSecurity, came to a dramatic conclusion on Saturday 11th June. This year taking place within Newhaven Fort, on the South Coast of England, the event saw over 100 security experts working together, both remotely and on-site, to decrypt messages, complete challenges and many other activities to foil a fictional nuclear bomb plot. Thankfully they were successful in their mission, diffusing the final device with seconds to spare!
The theme of this year’s HackFu was a spoofed military academy, known as the ‘Cyber Corps’ – a training school where the best and brightest in security were recruited to fight crime using their unique skills. Attendees were told upon arrival that five nuclear bombs had been hidden around the site, with just 48 hours before they would detonate. The recruits needed to draw on their collective expertise to complete a number of hacking challenges and solve logic puzzles that ultimately led them to blueprints that would allow them to solve the final challenge – to diffuse the five explosive devices.
“With HackFu we try to create an immersive environment, which captures the imagination of our attendees, as it helps everyone enjoy the experience. It’s what keeps some people coming back year after year. However, there is a serious element to the event. The cyber challenge the industry faces is increasingly complex and the threat is ominous. Each game, puzzle and challenge has a degree of realism at its core so that the attendees can gain hands on experience deciphering code, breaking into systems and just getting into the mindset of a hacker, this year with the added pressure of having to save the world – but in a safe environment” explains Martyn Ruks, Technical Director of MWR and Co-Founder of HackFu. “This year we added the additional twist that, while there were five teams competing against each other for the majority of the tasks, for the final challenge they needed to come together, working as a single unit to successfully diffuse all five devices. This mirrors what is happening back in ‘the real world’ as the industry increasingly needs to pool intelligence and work together if we’re to protect our networks and keep intruders out.”
MWR hopes HackFu will inspire other organisations to run similar events, as a means to build the skills base and respect for the industry to remedy the chronic shortage of skilled cybersecurity professionals in the UK and beyond. The company has published a guide for those who’d like to run their own HackFu, which is available via its dedicated site: https://hackfu.mwrinfosecurity.com/
Speaking about his experience at this year’s event, an attendee confided, “I was impressed how the more technically able people on my team were always including myself and others on challenges where we did not have the same level of expertise. I never felt isolated and it was great to get involved. Although I did not have anywhere near as much experience, there was still plenty for me to do and learn.”
Another attendee (who also wishes to remain anonymous) added, “Most people were able to do the challenges that they were interested in, regardless of prior experience. Senior team members went out of their way to get people to learn, and attempt, new things - even if it meant that we didn't have the best person tackling a challenge.”
Martyn concludes, “We’re eager to use this event as a chance to show some of the innovative skills and teaching methods that will help build our industry in the future. Practicing in this safe environment and mapping these skills into a real-world context really helps people excel in their work, allowing them to recognise the tell-tale marks of an attack when back at their desks. We’d love to share our experience with others, working with them to introduce their own events, or even extend HackFu further by running versions of the event publicly and allowing companies, who want to develop their own cyber security teams or even as a team building exercise, to reserve spaces.”
MWR plans to continue the HackFu momentum by issuing new challenges over the coming months and in the lead up to next year’s event. To stay up to date be sure to follow MWR InfoSecurity on twitter and visit its website. You can also register interest in attending next year’s HackFu on the dedicated website: https://hackfu.mwrinfosecurity.com/