exp ath.how.do.hackers.gain.access.richard.marshall_00020517.jpg
London recruiting cyber warriors
02:27 - Source: CNN

Story highlights

19,000 "ethical hackers" register to compete in Cyber Security Challenge UK

3,000 of them will be selected to compete in simulated cyberattacks

Only 42 of them will win and be chosen for a master class

London CNN  — 

A fake cyberattack was staged against a landmark telecommunications building, but it was no mere academic exercise for self-taught “ethical hackers” fighting cyberterrorism.

The do-good hackers were indeed engaged in a serious race against the clock to solve the simulated hack, but the real prize was a chance to be identified as as undiscovered genius and potential hero some day in defending queen and country against a future, real cyberattack.

There were also potential job offers on the line.

That was the goal of Cyber Security Challenge UK on Saturday, one of a series of inspirational competitions designed to find the next digital genius to defend Britain against devastating cyberattacks whose crimes cost the global economy an estimated $400 billion annually, according to a recent report.

On Wednesday, the UK government also warned that a third of the country’s small- and medium-sized companies are vulnerable to losing valuable data and customers to hacking. Those firms mistakenly believe in cybersecurity “myths” that hacking isn’t likely to happen to them, the government’s Cyber Streetwise campaign said.

In all, 24 contestants who were largely self-taught hackers raced against a clock in an exercise to restore power to London’s BT Tower, which had been shut down and taken over by cyberterrorists. Last weekend’s simulated attack was sponsored by the National Crime Agency, defense contractor Raytheon and UK telecommunications giant BT.

The drill offered a theatrical edge to the “ethical hackers,” whose job is to hack a network to evaluate security rather than do criminal damage. The simulation featured a video message from the bad guys, who called themselves “Flag Day Associates,” also posted on YouTube.

The competitors, ages 20 to 50, attempted to restore power to the BT Tower, a communications hub whose Cold War architecture has been described as “alienating” and “foreboding,” according to the tour guide website Londonist. The tower, however, offers spectacular views of London, especially from an upper floor suite that rotates at the top, where the contest was held. The skyscraper was designed to withstand a nuclear blast with a war room in the basement.

BT (British Telecom) Tower looms over two runners in Primrose Hill in London.

The participants worked in teams of four and sought to win the challenge so that they could advance to a master class, to take place in March and include a total of 42 winners from other competitions.

The good-guy hackers had to decide which programs and techniques to use to discover a new password and trace the cyberterrorists’ path, so that the code breakers could reverse the attack.

During the competition, participants worked feverishly, and hamburgers remained half-eaten as fingertips tapped away at keyboards.

The contestants worked without break for an hour.

The teams were identified by colors, and in the end, it was Team Orange that won the challenge, earning its place in the master class final in London on March 12, joining other nationwide winners from prior rounds of similar contests.

To illustrate that electricity was restored and the challenge over, the tower dramatically rotated 360 degrees, a rare spin for the crown of the building.

Paul Crichard, Raytheon cybersecurity manager, said his research team has found recruits from what seem may the most unlikely walks of life: One was a ballroom dancer teacher and another was a welder. He hoped to find more hidden talent from the contest.

“Well this shows how good they are, and it means it is easy for us to come and say actually this person is really talented. They just need a helping hand to get into cybersecurity,” he added.

“These are some of the best talents we have that aren’t in the cybersecurity business today. These are ones who are really spending their own time to be skilled, to understand what is going on in the IT world and where the risks are, and those are the people we can’t find through normal recruitment because perhaps they don’t think they are good enough,” Crichard said.

Experts from National Crime Agency, BT, Raytheon and Airbus Group evaluated the performance of the code breakers.

“We give people the skills to be able to remain on the right side of the law,” said Robert Partridge, head of BT Security Academy. “Of course, it is always down to the individual what path they take, but we will give them the utmost encouragement to choose the right side of the law.”

The challenge began in 2010 as a government initiative to tackle the growing level of cybercrime in the United Kingdom.

The issue has become urgent because UK schools had overlooked computer science. As growing cyberthreats worry government and business, a huge skill shortage has emerged.

Though computer science is now making a comeback to UK classrooms, there remains a generational gap, organizers said. Cybercrime stands as one of the UK’s biggest threats, and the competition is a crucial initiative in finding raw talent for the UK government and the country’s corporations.

Many contestants are so raw that they never took formal training, said Stephanie Daman, CEO of UK Cyber Security Challenge.

“Some of them are at university, but you’ll find an awful lot of these people have learned these skills by going to Google and taught themselves,” Daman said. “We hope to persuade them to formalize those skills and move into jobs.”

About 19,000 people in the UK registered to participate in the challenge. But only 3,000 of them are selected for the annual event, and from that pool, about 100 are selected to take part in one of four cyberattack simulations, such as the mock attack on the BT Tower on Saturday.

Even if a contestant doesn’t win or make it to the final round, 80 to 100 code breakers are hired every year by companies that use the competition as a recruiting ground, organizers said.

For their efforts and as a possible item on their resumes, every contestant receives a certificate of having participated in the “face-to-face” competition against the fictional cyberterrorists.

CNN’s Kellie Morgan contributed from London. Michael Martinez wrote from Los Angeles.