Hack, yeah! Exeter students' cybersecurity event a smash

Khine Win’s what-I-did-on-my-summer-vacation essay will read something like this: spent downtime with the family; took a trip to the South of France; helped launch a free cybersecurity competition for over a thousand middle and high school students from around the planet who are intent on hacking, decrypting and reverse engineering puzzles for prizes.

The rising senior realized this week a goal she set as a prep with the kickoff of peaCTF, the first “Capture the Flag” competition conceived and created by Academy students. Cyber-enthusiasts from 67 countries have registered for the event, with the first round continuing through July 28 and a final round for the top teams planned for August.

Initially devised more than two decades ago as a way for cybersecurity professionals to sharpen skills against hackers, Capture the Flag competitions now are common ways for budding computer programmers and website developers to learn cyber ins and outs. As described by one competition site, a “game consists of a series of challenges centered around a storyline where participants must reverse engineer, break, hack, decrypt, or do whatever it takes to solve the challenge. The challenges are all set up with the intent of being hacked, making it an excellent, legal way to get hands-on experience.”

The Academy’s competition is the handiwork of a handful of students who comprise a grassroots cybersecurity club. Win started the club during her prep year, and since then, club members have competed in CTFs hosted by other organizations and schools — including Andover.

“I always believed that Exeter could host our own CTF. I knew it was something that I wanted to achieve before graduating,” Win said.

Orion Bloomfield ’20 and Steven Gao ’21 joined the club during the recently completed school year, helping to jump-start that goal. The three — along with Lucy Cai ‘21, Andrew Woo ‘21, Thomas Guo ‘21, Zander Chearavanont ‘22 and Neil Chowdhury ’22 — gathered each Sunday in the library to plan the details of the competition, according to Win, including “how to get sponsors, how many rounds to have, any themes — and how to secure information to not get hacked ourselves.”

“We knew due to our workload at school that it would be difficult to run the competition in the school year," Win said. "A summer competition would also yield more competitors, since many middle school and high school students are also on break.”

The finishing touches were completed remotely during summer break — the team members’ hometowns stretch from suburban Boston to coastal Thailand — though the club is still scrounging for sponsors to allow for prizes. Gao, the competition platform designer, smoothed some wrinkles at launch, and the response to peaCTF has been startling to club members.

“We underestimated how strong our competitors’ backgrounds in cybersecurity are,” Win said. “Some of them have completed all our problems already. We are working to write more difficult and complex problems for our next round, which means, in addition to our competitors, we also are learning more cybersecurity tools!”

Added Gao: "We are so excited that we can provide this platform for students just like us to pursue their passion in computer science and cybersecurity. We've been preparing for more than six months and we're so glad that our work paid off.”