Hacked by an 11 Year Old
The Wordfence team recently sponsored and attended WordCamp Atlanta. Instead of doing the usual boring corporate thing with our booth, we decided to host a capture the flag, or CTF contest. A CTF is essentially a hacking contest. It is a series of puzzles that the contestant needs to solve. They might include decrypting an encrypted piece of text, performing a challenge involving a browser and website, or hacking into something we set up.
CTFs have been held at security conferences for decades. We decided to bring a CTF to WordCamp in order to help WordPress site owners learn to think like hackers. If you know how hackers think, you can do a better job of defending your site. We made this CTF very accessible, so that people with a wide range of abilities could participate.
The CTF started at 10am on Saturday morning and ran until noon Sunday. It was hosted online and anyone could participate, although we only promoted it to WordCamp attendees. You also had to be at WordCamp Atlanta to be eligible for a prize.
We had some amazing prizes including coffee mugs if you passed level 1, lock pick sets if you passed level 3, and then game consoles as the top prizes including a full Playstation VR setup and game for first prize.
It was a huge amount of fun because to promote the CTF, we gave lock picking lessons at our booth. It’s really cool to see someone pick a lock for the first time. They’re always so surprised when it pops open.
By the time Sunday morning rolled around, we looked at the leaderboard and realized we had a real contest on our hands. A young man by the name of Grayson came to our booth and said he was competing. We asked him what his username was and were surprised to learn he went by ‘Unstoppable’ and was in 6th place. That was really impressive because we had quite a few contestants.
I chatted with his Dad and suggested we might give him a prize for making it so far as an 11 year old. Well… that wasn’t necessary.
At about 11:30am on Sunday, Matt Barry, our lead developer and the contest designer, started calculating who the winners were. We had to eliminate people who weren’t physically at the conference. Once we had the final list, Grayson our 11 year old contestant, had arrived in third place and he remained there as the contest ended.
I got on stage to hand out the top three prizes to first, second and third. I told the room with about 400 people the story of how we assumed an 11 year old would need a consolation prize and that, actually he just hacked his way into third place to take one of our top prizes. The crowd went kinda wild as Grayson stepped onto the stage to collect. Here he is (published with Dad’s permission):
I’m expecting this young man will soon start his career as a world-class security researcher. We had an opportunity to chat about security as a career and how researchers think – and I’m sure he has an amazing future ahead of him.
I’d like to thank our other contestants and congratulate Mike V who took our top prize and our second prize winner Adam S. Thanks very much to all of our other participants, you guys made it an amazing game.
This is a photo of Tim Cantrell from the Wordfence team teaching a group of kids about cyber security at WC Atlanta. On his right is Matt Barry, our CTF designer.
This is Tim Cantrell and his son Evan manning the Wordfence booth:
Late on Saturday night we threw an impromptu lock picking party with some of our fellow sponsors who are also security researchers along with a few attendees. I won’t post any photos from that to protect the not-so-innocent, but here is a photo of one of our newly minted lock-pickers in action.
Attending and sponsoring WordCamp Atlanta was a huge success for us for many reasons. What we learned from our customers and from the WordCamp community alone made the event an incredible success for us.
From myself and our team, I’d like to extend our heartfelt thanks to the organizers and volunteers who made WordCamp Atlanta possible. It’s an incredible amount of work and without you the event would not be possible.
My team and I are looking forward to attending more WordCamps this year and, who knows, we might even bring our lock-picking gear and a few other fun hacker toys with us.
Comments
11:11 am
That's great! Thanks for sharing!!
11:45 am
Cool story, good luck to that kid.
11:48 am
My son (who is 12) is going to get a kick out of this when I show him. Who knows what these kids will be able to accomplish when they are older! Thanks for sharing. OH and the lock picking set and contest is awesome.
12:49 pm
This sounds like a great time! I hope your team is able to bring a CTF to WordCamp Portland this year :)
12:50 pm
Thanks Kyle, will check in with Dan who is coordinating which ones we attend.
2:43 pm
I always enjoy your updates Mark. Thanks for writing them like you do.
5:09 pm
Very cool that someone that young was able to do so well.
I'd be interested in playing around with the CTF setup that you guys had. Is it still available online somewhere?
6:12 pm
Hi,
Do you still have the hacking contest online? I would be interested in taking a look.
Cheers.
8:35 pm
Thanks for sharing. Our son started coding and programming when he was 10. He used to amaze me with his abilities. We lost him aged 16, hit by a vehicle going through a red light. I often wonder how far beyond me he would have progressed. His younger sister won a scholarship to an agricultural university, but followed in his footsteps and graduated in computer science. Good luck to Grayson, he should have a great future!
11:20 pm
Awesome - I am several multiples of 11 but I was pleased to match his score... was going to try for more but the site is down now. PLEASE add WordCamp Vancouver (BC) to your travel plans :D
10:22 am
Will mention Vancouver to Dan who is coordinating this. It's just a few hours from where I am in Seattle.
11:35 pm
That was quite impressive and thanks for sharing this beautiful story with us.
It is a good thing you guys created the opportunity for Grayson. It will impress on his mind and many more you may never come in contact with that they can make a name for themselves without going against the law. Kudos to the WordFence Team. Cheers