The World Series of Hacking—without humans
LAS VEGAS—On a raised floor in a ballroom at the Paris Hotel, seven competitors stood silently. These combatants had fought since 9:00am, and nearly $4 million in prize money loomed over all the proceedings. Now some 10 hours later, their final rounds were being accompanied by all the play-by-play and color commentary you’d expect from an episode of American Ninja Warrior. Yet, no one in the competition showed signs of nerves.
To observers, this all likely came across as odd—especially because the competitors weren’t hackers, they were identical racks of high-performance computing and network gear. The finale of the Defense Advanced Research Projects Agency’s Cyber Grand Challenge, a DEFCON game of “Capture the Flag,” is all about the “Cyber Reasoning Systems”(CRSs). And these collections of artificial intelligence software armed with code and network analysis tools were ready to do battle.
Inside the temporary data center arena, referees unleashed a succession of “challenge” software packages. The CRSs would vie to find vulnerabilities in the code, use those vulnerabilities to score points against competitors, and deploy patches to fix the vulnerabilities. Throughout the whole thing, each system had to also keep the services defined by the challenge packages up and running as much as possible. And aside from the team of judges running the game from a command center nestled amongst all the compute hardware, the whole competition was untouched by human hands.