The UCSB International Capture The Flag (also known as the iCTF) is a distributed, wide-area security exercise, whose goal is to test the security skills of the participants. The iCTF contest is organized by Prof. Giovanni Vigna of the Department of Computer Science at UCSB, and is held once a year (usually at the beginning of December).

The latest iCTF was held on December 4th, 2009, from 8am to 5pm, PST. It was won by the CInsect team, from the University of Hamburg, Germany.

There were 56 teams participating and more than 800 students playing. This was the largest security competition ever performed.

The theme this year was: “Know your enemy!”. The goal of the game was to compromise the browsers of a large set of simulated users, steal their money, and make them part of a botnet. In order to compromise the simulated users the participants had to analyze the code of a number of browsers, and find vulnerabilities that could be exploited by executing a drive-by-download attack. In order to perform the attack, each team had to lure the simulated users to a web site under their control by publishing blog entries and using search-engine optimization techniques. This procedure followed the scheme used by actual Internet criminals. The goals of the exercise was to test the participants security skills and also educate them about the nefarious criminal activities carried out on the network today, so that they could participate in the design of a more secure Internet.

We’ve participated in iCTF2009 and placed 4th (internationally) and 1st (in the US). This year’s iCTF had a really unique and interesting structure! You can download the presentation which describes the competition.