Cybercrime is a growing threat in an ever-increasing technological world. Stopping it is vital and the Luddy School of Informatics, Computing, and Engineering helps lead the way with groundbreaking research and innovative inspiration.
Case in point, the inaugural BSides Bloomington event. Highlighted by gold-sponsor Security & Privacy in Informatics, Computing, and Engineering (SPICE) Center, it featured activities to spark interest and imagination for those interested in security informatics.
“Our end goal was to create an effective and inclusive learning environment,” said Henery Cash, a cybersecurity and global policies major. “We did a great job accomplishing that goal.”
BSides, which drew 150 participants and other key sponsors such as the Center for Applied Cybersecurity Research and Omni Security Operations Center, emphasized fun, approachability and interactive opportunities. It also featured cybersecurity technical lectures and hands-on labs.
Joshua Streiff, SPICE director, said BSides had all the variety and excitement of large hacker conferences such as Black Hat and Defcon, but was more personable for those new to security informatics as well as cybersecurity veterans.
Through the use of “villages,” which were rooms of practice activities, Streiff said organizers created a “safe environment for students and practitioners to communally have fun with others who enjoy the same interests.” It was designed by Luddy’s Internet of Things House, which addresses human and technical Internet aspects in a holistic, multidisciplinary manner and which acts as IU’s only hacker house.
“The villages were a slice of what Luddy’s IoT House does for students, clubs and outreach, building knowledge, awareness and community year-round,” Streiff said.
The event, three years in the planning, was run by students in Security Information, Cybersecurity and related career and research paths.
The IoT House ran all the activity villages, including the IoT Hacking Village, the Kids Village, and the Lockpicking Village. Students from Luddy’s Cyber Security Club, the C^3 Capture the Flag Competition Club, and those from the Cyber Security and Global Policy program staffed the event. They guided new participants and challenged security professionals with real world products and networks to attack.
Streiff said students from Ivy Tech also assisted and a large group from Rose-Hulman attended.
The IoT village had four game stations: hacking, where participants breached test wifi networks and IoT devices therein; lockpicking of all kinds; table top games; and youth level cryptography and ethical hacking. Participants tested their hacking skills and won prizes.
A big hit, said Madhav Metha, a master’s in secure computing who helped in the IoT village, was the lockpicking opportunity.
“It was the most fun game there,” he said. “It not only symbolized that hackers will use everything in their arsenal to get into your systems, but also showed how easy it can be to break locks.”
Cash helped participants scan networks and exploit vulnerabilities, even breaching WEP and WPA networks, all while building valuable relationships.
“It was an amazing experience seeing so many talented Cybersecurity-interested people convening in our backyard,” he said. “We were told that this was one of the best events a lot of attendees had ever attended.”
One Level A Network exercise -- a practice drill to protect computers from hackers -- enabled participants to use their computers to control outside printers and open web pages on a compromised Apple laptop.
“Seeing how excited they were to learn was a great experience,” Cash said.
Added Mehta: “I got to meet tons of new professionals and upcoming students interested in cybersecurity.”
Xiaojing Liao, assistant professor of Computer Science, gave a talk detailing some of her difference-making cybersecurity research.
It centered on the ever-evolving challenges and opportunities in privacy compliance analysis. Liao said a significant emphasis was placed on the role of a privacy-accountable mobile software supply chain. This approach is crucial for implementing proactive privacy-enhancing measures, consistently upholding privacy accountability, and promoting responsible data usage and protection within the mobile software ecosystem.
A highlight was when Liao discussed a cybercrime incident that targeted the mobile software supply chain to gain access to users’ social network data.
“This revelation clearly struck a chord,” she said, “as the audience expressed profound concern.”
Liao, Streiff and the IoT house are part of the Security & Privacy in Informatics, Computing, and Engineering Center at Luddy. The center supports and mentors the Cyber Security Club and the Capture the Flag Club.