It would be alarmingly easy for the hackers to steal your private information, starting simply with your Instagram selfies and connecting them to your online shopping. That’s what Nithin Gangadharan, a master’s student of computer science at Northeastern University, was trying to do on a recent Wednesday in a programming lab. So to speak: It was all part of a hacking competition for students attending universities in Boston. Gangadharan, who won third place that day, was part of the group of Northeastern students who dominated the competition by taking the top five spots. As he stared at his computer for hours, trying to hack a mock online skateboard store, Gangadharan poked holes in the website to log into the back end without a password. Could he inject code to purchase without a credit card?
More than 100 students with different backgrounds were sitting in the same lab, tampering with the website to buy skateboards at substantially reduced prices, break into private databases, and conduct other clever tricks to exploit it. It was the first time Gangadharan had attacked a vulnerable website. Because his background is not in cybersecurity, he said the competition made him more skeptical about functions in that website—and websites in general—that seem normal but that can be security concerns. “Like that, clicking a link in a comment chat box can lead you to misleading websites (that could extract your private information),” Gangadharan said. He added, “I did not realise that that was a kind of security vulnerability because people just do that anyway.”
The mock website, part of a virtual environment used for cyber security training, awards points to hackers according to the vulnerabilities they spot. Finding the administrative login portal to the site is easy and it scores fewer points. However, logging into another user’s account without the password? That can move hackers high on the scoreboard. That was the case for Kyle Sferrazza, a third-year cyber security major at Northeastern who was also participating in the competition for the second time. In 2018, Sferrazza fell several spots after the scoreboard shut off. This year, he won first place—and the $5,000 scholarship that came with it. “I had like 25 or 30 percent more points than the second person,” he said. “I was kind of worried that they would find something big while the scoreboard was off.”
Harminder Singh