Laboratory team scores big at international hacking event

They call themselves Lab RATs, in a nod to remote access trojans, which are malware that attempt to hijack a computer’s operations. Battling teams from around the world, a team of staff members from MIT Lincoln Laboratory’s Cyber Security and Information Sciences Division and Information Services Department made it all the way to the finals of this year’s DEF CON Capture the Flag (CTF) hacking competition.

The laboratory’s cyber researchers and analysts, joined by students from Rensselaer Polytechnic Institute and MIT, were pitted against other elite teams trying to breach each other’s computers and capture “flags” — which are actually code strings — embedded within the programming. Because DEF CON CTF is an attack-and-defend tournament, competitors not only had to infiltrate opponents’ systems to steal flags and earn points, they also accrued points by keeping their own services up and running against the onslaught of 14 other teams who came to DEF CON from Germany, Israel, Russia, China, Korea, and Hungary, as well as elsewhere in the U.S.

After the 52-hour contest was over, the Lab RATs had earned 10th place among the 15 teams that had qualified for the finals of DEF CON CTF, the world’s premier hacking competition. Teams chosen for the coveted finals slots emerged from more than 4,000 entrants who competed in qualifying events.

This year’s CTF was held in Las Vegas, and was part of the annual DEF CON hackers’ convention, which attracts not only amateur codebreakers but also cybersecurity professionals from academia, governments, and businesses worldwide.

This was the first year Lab RATS qualified for the finals of the competition, which they have entered for the past three years. The team meets and practices during non-work hours at the Beaver Works facility in Cambridge, Massachusetts, and membership fluctuates between 20-30 laboratory employees and six to eight MIT students.

“Participation in DEF CON CTF is realistic cybersecurity training,” says Lab RATs captain Andrew Fasano of the laboratory’s Cyber System Assessments Group. “You have to develop the tools and mindset to attack and defend computer systems in a high-pressure environment.”

This year’s DEF CON CTF competition was a humdinger, Fasano says. The Legitimate Business Syndicate, organizer of the 2017 CTF and a previous competitor at DEF CON CTF finals, was on its last year of a multiyear contract to devise the game and was determined to make their swan song an extreme challenge.