hacking – Seidenberg School News

Recapping MLH Local Hack Day: the 12 hour hackathon

By Kaitlyn Houlihan

On December 2, 2017, over 275 communities from every continent (except Antarctica) simultaneously hosted 12-hour-long hackathons in the 4th annual MLH Local Hack Day, the LARGEST Local Hack Day in the world. Pace University’s Pleasantville campus was just one of those communities, hosting its first ever hackathon in the Stephen J. Friedman Multipurpose Room in Willcox Hall from 9:00am-9:00pm.

Photo via Maxim Vuolle, Pace Photography Club

The idea to participate in Local Hack Day was presented by Seidenberg’s own seasoned hackers Drew Ku (BS Information Systems ’20) and Angel Rodriguez (BS Computer Science ’20), and facilitated by the fantastic Assistant Dean for Academic Innovation Andreea Cotoranu. After a great deal of thought, this terrific trio decided upon setting the theme of the hackathon to social innovation. According to the Canadian Centre for Social Innovation, “social innovation refers to the creation, development, adoption, and integration of new concepts and practices that put people and the planet first. Social innovations resolve existing social, cultural, economic, and environmental challenges.” That being said, it is almost impossible to imagine a more perfect theme for a hackathon! Because of the topic’s broad nature, participants were easily able to find brilliant solutions that better the planet, daily life, communities, and efficiency of everyday tasks.

On the day of the event, a total of 11 teams and 41 high school, undergraduate, and graduate students came out as early as 8:30am for this hacking extravaganza. A wide range of skill levels was present, and although beginner-level coder Justin from Mamaroneck High School found the process of developing his own program difficult at first, he felt better with guidance from faculty and student experts. In addition to faculty and student mentors providing assistance throughout the day, workshops were held to accommodate all skill levels. These workshops were led by Ben Longobardi (MEAN Stack), Drew Ku (Python and APIs), Pace alumnus and adjunct professor Dhruv Gandhi (product development and design thinking), and Angel Rodriguez (HTML/CSS).

Photo by Maxim Vuolle, Pace Photography Club

As computer science professor and faculty mentor Dr. Rick Kline noted, “everyone is eating and hacking, which is what we hoped for,” and it couldn’t have been better stated! Hackers and volunteers had plenty of food and coffee to fuel them through the day, from bagels to pizza from Sal’s to spinach and artichoke dip from Applebee’s (a Seidenberg favorite). However, the most important products of the day were most definitely the 11 incredible ideas that were developed by participants and tackled social issues from mitigating climate change to increasing socialization within communities, among others. Drew felt that “the event [best showcased] student independence because of the broadness of the theme of Social Innovation.”

Photo by Timothy Martinez, Pace Photography Club

At 7:00pm, all hackers submitted their projects via DevPost and began pitching and demoing their ideas to an esteemed panel of judges comprised of Chief Executive Nerd of Kool Nerd Club Orane Barrett, Founder and Lead Developer of Swapity Brian Brunos, as well as Seidenberg’s own Andreea Cotoranu and students Blake Hofland, Ben Longobardi, Drew Ku and Angel Rodriguez. Participants had three minutes to pitch and demo their projects. It was so amazing to witness the variety of ingenious solutions that were presented!

Choosing the winners wasn’t an easy task for the judges, especially after seeing all the effort everyone put into ideating and executing their projects throughout the day. However as all competitions go, it had to be done. Awards were given based on various categories, and the winners are as follows:

Best web application – Team F (Mamaroneck High School)
Best mobile hack – fORAGER (Pace University)
Best impact hack – lendme (Pace University)
Best designed hack – TutorFinder (Pace University)
Best documented hack – Vivlio (Pace University)
Hackiest hacker – Spotlite (Pace University)
Seidenberg Spirit Award – Pierre-Julien Morange (Team F, Mamaroneck High School)
Kool Nerd Award (sponsored by Kool Nerd Club) – Charles (TrunkPool, Pace University)

And, of course, a TON of awesome prizes were given out! Among these prizes were some Amazon Echo Dots, Raspberry Pi computers, board games, two of the coveted Seidenberg sweatshirts, and a Kool Nerd Club hoodie.

Photo by Abby Bonds, Pace Photography Club

Being Pace University’s first ever hackathon on social innovation, this event was undoubtedly a roaring success. Not only was it a blast for everyone who attended (participants, mentors, and staff alike), but it was a tremendous learning experience for all! All day long, participants ideated, collaborated, created, and demoed projects that resulted in marvelous solutions to problems we all face. In doing this, students were able to think outside the box and combine their immense knowledge of technology with their awareness of the world around them and, ultimately, grow intellectually and as global citizens. Which, when you think about it, is exactly the purpose of resolving social issues!

This would not have been possible without the student participants, staff, and volunteers who made this day so memorable. The entire Seidenberg community would like to extend a special thank you to our sponsors: Virginia LeTourneau ‘85, the Seidenberg School of CSIS, Kool Nerd Club, and Swapity. Also, thanks to our student mentors, workshop leaders, judges, and especially to the Pace Photography Club for capturing the event.

DEF CON 25: Seidenberg edition

by Kait Bestenheider

On Wednesday, July 26, eight Seidenberg students from both NYC and Pleasantville campuses traveled across the country to attend one of the world’s largest hacking conventions, DEF CON, in Las Vegas. The conference offered talks, workshops, and industry connections, the quality of which cannot be matched elsewhere.

The group pictured below consisted of Adriana Aluia (BS Information Technology), Kaitlyn Bestenheider (MS Information Systems), Brandon DeLuca (BS Computer Science), Siobhan Kiernan (MS Computer Science), Andrew Ku (BS Information Systems), Benjamin Longobardi (BS Computer Science), Connor McGee (BS Computer Science), and Elizabeth Molloy (BS Information Systems and Cybersecurity).

From left to right: Ben Longobardi, Andrew Ku, Brandon DeLuca, Connor Magee, Elizabeth Molloy, Siobhan Kiernan, Kaitlyn Bestenheider, Adriana Aluia.

Each student had their own unique experiences. They were able to attend all of the following workshops in the four short days of the conference.

Applied Physical Attacks on Embedded Systems, Introductory Version
Subverting Privacy Exploitation Using HTTP
Building Application Security Automation with Python
Windows POST Exploitation
Penetration Testing in a Hostile Environment
UAC Bypasses in Win7/8/10

“DEF CON was really cool. The speakers, workshops, and talks we’re all super diverse,” says Andrew Ku, “I picked up things that I didn’t know I was going to pick up until I saw there was a village for it. But by far, interacting with other human beings was the highlight of my Def Con experience.”

Connor Magee agreed, stating, “Being able to pick the minds of some of the smartest people within the information security industry was a phenomenal experience!”

Two students were even able to present content that they had created at R00tz Asylum. R00tz is one of many villages featured at DEF CON, but unlike most other villages (see Crypto and Privacy Village, Lock Picking Village, Packet Hacking Village’s Wall of Sheep, and more), R00tz is dedicated to security aficionados age 6-16.

Kaitlyn Bestenheider and Elizabeth Molloy were asked by some of the organizers at Cryptography and Privacy Village if the material they created for Pace University’s GenCyber program could be used for their R00tz program. The girls were able to attend the “kids only” village to help present their material. Both girls cited it as the highlight of their DEF CON experience. Kaitlyn wrote about her experiences leading the workshop on her personal blog, Kait Tech – check it out!

But who was supervising Lizzie and Kait?

Brandon DeLuca summed up the overall experience well. “DEF CON, above all learning activities and interaction, was a motivating experience; you really learn a lot about unexplored topics in the area of study. Understanding just how skilled others are in their respective fields makes you want to push yourself even harder to learn and become the best.”

“It was kind of cool seeing the culture behind the stuff I’ve been learning about in school,” said Ben Longbardi.

To learn more about each of the students’ experiences, join us at the (WIT@Pace) meeting on Tuesday, October 17^th, 2017, for their “DEFCON Redux” event. Register for the WIT event here!

Thanks to Kaitlyn Bestenheider for covering DEF CON! We will have another student blog from Kait about her experience in the R00tz workshop soon!

Student post: East Coast Cyberattack poses the question: Are we truly safe?

On Friday October 21st, at around 7:10am EST, many internet users from all over the country lost connection to many commonly used sites in an attack that rippled across the country from east to west. The company was able to restore service a few hours later but then had to shut down at around noon. By this time, the hackers had started to make their journey to the West coast.

What happened? There was a huge attack on one major provider of the Domain Name System, Dyn Inc., which resulted in them taking down a few popular sites such as Netflix and Spotify (to name a few). Oh the horror!!!!

Kyle York, who is currently the Chief Strategy Officer of Dyn, said the hackers launched a distributed denial-of-service (DDoS) attack using tons of malware – infected devices connected to the internet. According to their records, this is the third attack they have experienced this year.

A DDoS can be achieved in a number of ways, but usually involves a distributed network of “zombie” machines, referred to as botnets. A botnet is formed with computers and other connected devices in homes or offices infected with vicious code which, upon a hacker’s request, can take over a web server with data. One or two machines wouldn’t be an issue, but if tens or hundreds of thousands fire such data simultaneously, it can impair even the best of web servers.

By Friday evening, the attacks were stopped and all was right in the world again.

Unfortunately, security professionals are anticipating more cyber attacks centered around the Internet of Things (IoT). This assumption was made after a hacker released a software code that powers the malware, called Mirai, just a few weeks prior.

“I have never seen severity this big, impacting so many sites and lasting over such a prolonged period of time,” said Dave Anderson, the vice president of marketing at Dynatrace LLC. “It just shows how vulnerable and interconnected the world is, and when something happens in one region, it impacts every other region.”

Cybersecurity is an ever growing concern across the globe. As hackers become more and more sophisticated, they constantly change their tactics to overcome security measures in place by companies and organizations. This causes an issue where cybersecurity professionals are forced to respond to attacks as they happen rather than prevent them entirely – no matter what security measures are in place, dedicated hackers are focused on finding a way to beat the ‘challenge’. As a result, the cybersecurity industry is constantly on the look out for talented professionals.

Seidenberg Students Involved in Dark Research

There is a lot of buzz about the Dark Web these days, especially after the highly-publicized take-down of the Silk Road. Concerns about the Dark Web are not just limited to drug markets, illegal arms, sinister hitmen and notorious hackers for sale but impacts our own personal well-being. Companies have been investing heavily in cyber intelligence tools and hiring new employees to scour the Internet for threats as well as the Dark Web.

Students at the Seidenberg School have been delving into the dark reaches of the Dark Web and assisting private and public sector entities to better understand organizational threats. This is especially important because stolen personal information, like payment card numbers, health records and other stolen data is actively marketed in bulk quantities. Cataloging and searching these marketplaces has been a challenge due to the lack of indexing Tor sites and the fact that these sites come and go on a daily basis. This is where the Seidenberg students’ research becomes vital to assisting law enforcement and the intelligence community.

Tor site for selling stolen payment cards

One member of the student researcher team said: “Researching the dark web has highlighted the importance of operational security to protect myself and my data.

“This experience has shown the important relationship between of academic and law enforcement, as criminals are exploiting the same vectors university students are researching. Students can personally benefit from this relationship by having a real world application for our research, and know that our findings can stop the activities we investigate.

“The dark web has shown me how vast the internet is and the potential for good and bad it has. It is a very exciting time to be a security researcher.”

The students undertaking the project are doing so in the Internet Technology class IT-662 Web & Internet Security.

The Dark Web is a vast chasm and DARPA’s Memex program is indicative of how the government has become more dependent than ever on university researchers to find the terrorists, organized criminal gangs and enterprising thieves on the Dark Web.

What is startling from our initial findings is that only a very small percentage of Tor sites, operating criminal marketplaces, are ever taken down with the perpetrators being brought to justice. It’s a daunting task but Pace University is doing its part to identify the nefarious actors on the Dark Web.