You’re given five photos and told to crack the code.
Four of the photos are satellite images of airports. You start by using the highway numbers to track down their locations: you’re looking at Toronto, Hong Kong, Los Angeles and Havana.
But the fifth photo is the logo of a steganography program called Steghide. There's a file hidden within the photo, and you need a password to access it.
You have 48 hours.
“It took us 46 hours to solve that challenge,” says Anwar Jeffrey, a third-year double major in computer science and actuarial science. “Once you get going, you get really zoned in. You can find yourself going for six hours on a problem.”
Welcome to the world of competitive hacking. Anwar competes in online Capture The Flag (CTF) challenges where the goal is to find “flags” — pieces of information that are encrypted, hidden or stored somewhere tough to access, like finding text within an image. When a team captures the flag and submits it to a scoring page, they get points.
The keys to Anwar's challenge were the airport codes. He tested different combinations of YYZ, LAX, HKG and HAV to crack the password hidden within the Steghide logo. His team got the flag and first-hand experience dealing with steganography, the practice of concealing a file within another file.
“I could send you a picture online with audio or a video in it,” Anwar says. “I could hide text in it too, and nobody would ever know because you can’t see it.”
Anwar caught on to the CTF competitions fast. He only discovered them in September of his second year, and since then he’s played with a team of Western students that ranked in the top seventh percentile of teams worldwide.
But before Anwar broke into the world of cyber security and CTFs, he started with a jet pack.
Anwar had just graduated from high school in Botswana, and he wanted to be an aerospace engineer. Determined to build a jet pack from scratch, he started welding together an aluminum frame. He was halfway through the project when he hit a bump — he needed an air tunnel to test it in.
“I totally gave up on it when I asked my dad if I could get a miniature turbine from a Swedish company that makes jet turbines, and they cost an arm and a leg. My dad looked at me like I might be crazy,” Anwar says, grinning.
But he didn’t sit idle for long. Anwar was having a conversation with a friend who told him it’s all well and good to build to build a jetpack, but what would run it?
“I just thought it was gas, throttle, boom, and fly! But all of these things need to be controlled by chips. I thought, ‘Alright, I’m going to go learn software.’ ”
He headed to the library at the University of Botswana. There, he checked out a book on Python — a general-purpose programming language. Three weeks later he had Python down pat.
Though he wasn't enrolled, he started sitting in on the University of Botswana’s Java programming courses.
“I started doing that, and then I said, 'He’s going way too slow,' so I checked out a book on Java,” Anwar says.
This time it only took him one week to learn the language.
“Anwar is scary,” says Raj Pathak, a fifth-year computer science and actuarial science major. “I’m two years ahead of him in school, but he codes my head off.”
Raj has seen Anwar in action. He jokes they were friends before they even met each other, hitting it off after Anwar messaged Raj with computer science questions. They started cracking jokes together and never stopped.
Well, besides the stretches of silence during CTF competitions.
After Anwar and his friends starting diving into CTF competitions last year, word got out to other students in Western’s computer science program. More students wanted in, and what started as casual weekend get-togethers ballooned into larger events.
It was a natural progress to found the Western Cyber Security Club. As Anwar explains, laughing, “We needed more space and more pizza.”
Together with Fady Azmy, Harrison Chow and Michael Park, Anwar co-founded the club. It’s now more than 65 members strong with Anwar serving as the executive vice-president.
Anwar says hacking and cyber security goes deeper than their appeal to rebels who are inspired by groups like Anonymous that want to stick it to the man. It’s about creating a safer world.
“Software is in everything we do; our whole world runs on software now,” he says. “Criminals are going to get smarter. What’s the point of them breaking into a bank when they can just go through the system and mess up some stuff? In order to become a better cyber security developer, you have to understand how to hack. You need to protect yourself.”
With so many students active online, web security isn’t just for computer whiz kids anymore. Anyone is welcome at the Western Cyber Security Club’s events from novices to pros. Anwar says one event the club held was simply teaching students to create secure online resumes and portfolios. Topic aside, you’re sure to take at least one tip home: you’ll see that many of the hackers put tape over their webcams.
The growth of CTF teams on Ontario university campuses suggests cyber security is a growing interest for students, but that’s also thanks in part to Anwar and his clubmates. They’ve been spreading the word about CTFs at Hackathons — collaborative programming events where participants scramble to create a software product. This year, CTF teams from McMaster University and the University of Waterloo jumped in.
Looking to the future, Anwar says his plans are up in the air. He hasn’t nailed down what area of computer science he’s most interested in, and there’s no guaranteed path to a job in cyber security.
But he’s not worried. The future is kind of like hacking.
“The thing with hacking is there’s no rule book or guidelines as to where you start,” Anwar says. “There’s no right way to approach something, and there's a hundred roads to get to one answer.”