SAP Labs Israel – The Cyber Challenge Conundrum
Cyber Week is one of the most important annual cyber events held in Israel.
A significant item on the agenda of Cyber Week is the Cyber Challenge – the ultimate hacking competition in the cyber arena. This year, SAP decided to take an active role in this event.
It was the week before Passover when our manager, Orit Bezalel, came to us and announced: “We are going to build the pre-challenge for the Cyber Challenge and we need to get it done within only two weeks.” After the first initial shock and the realization that the Passover holiday will not include a vacation, we still had some doubts that we could actually finish such a task within the required time frame without compromising the quality of our daily work for our customers. But, given that we understood that this was a great opportunity to learn and develop, we looked at each other, took a deep breath, and unanimously said… “Okay, let’s do it!”
Our group consisted of Orit Bezalel, the project lead, Anna Gurayevskaya, Omri Maman, Nathan Borik, Micha Azulay, Adam Floor, Asaf Benjamin, and the writer of this humble blog, Avishai Klaiman.
How we managed to successfully complete challenge,which turned into an amazing learning experience…
Designing the challenge
First, we defined the hacking techniques to be incorporated,based on the level of expertise that was required in order to compete in the Security Challenge.We then built the storyline around it: a city mayor was kidnapped, enabled by the kidnappers hacking into the municipality website and finding the mayor’s schedule. The player’s mission was to trace the steps of the hackers who broke into the website.
Choosing the right technology
We had to choose our technology wisely. We had some experience with MEAN stack, and we knew that this awesome technology would enable us to build this website within two weeks.
Conquering the development tasks
We worked as an agile team: posted tasks and met every day, sometimes even more often, for a status update.
We worked very hard, over weekends and throughout the Passover vacation. As with every challenging project, we had some ups and downs, and we had our doubts whether we could really finish this challenge within the two weeks without compromising the quality of the mission. Of course, Orit was always there to raise our heads and sooth our souls with encouraging words and … chocolates. We worked together in the spirit of “one for all and all for one.”
We did it!
After two weeks we had a challenge – albeit with minor bugs, but nevertheless working!
Testing with security experts
We wanted our challenge to be secured in such a way that the single steps could only be resolved in the intended manner. With the support of our security experts here at SAP Labs Israel we could ensure that the challenge was airtight and without any vulnerabilities.
The storyline changed – there goes our code…
After an intense round of building and testing, we got a message from the conference organizers that the storyline had to be changed. The mayor specified in the challenge decided not to approve that we use his name for the game. Needless to say, we were stunned. We already had a working challenge and now we would have to change the whole story, create a new UI, and customize the challenge steps to fit our new storyline.
The Cyber Week’s organizers had to quickly find another storyline. They managed to recruit Guri Alfi, the well-known Israeli comedian, to be the kidnapped celebrity.which added some more humor to our project.
With Guri as the main character, we struggled to find a website that would suit the new storyline. With the mayor we simulated a municipality website to be hacked, but what could people hack to kidnap Guri? In the end, we decided to build an imaginary site for Guri’s agency, who represents Guri only – this is why we called it the “One Man Show”.
So, again, we worked from dusk until dawn; reworking the challenge, checking constantly for bugs and fixing them immediately. After two more weeks we were done…once again!
With only a few minor bugs that still needed to be resolved, we decided to launch the challenge on May 31. Orit was working on finding a server to host our challenge. Due to time constraints and security concerns, various hosting companies could not supply the needed requirements. Eventually, we received a web server from Tel Aviv University for our challenge.
Finally – the big launch!
We did our last checks and fixed a few minor bugs. On May 31 we were finally ready to launch. In the evening of the same day, we had hundreds of unique visitors from different cities from around Israel, and even some from abroad. Thousands of pages were viewed, and each player tried to hack our website in various ways. No matter what the hackers (players) tried to do to our website, it remained up and running. We made a “Contact Us” page with a Gmail account that we opened in order to help people with various issues.
In the end, all of our hard work paid off, people participated in our challenge and they loved it!
We managed to hit our target. We aimed for ~90 people to participate in the Security Challenge at the conference and out of the 330 people who registered, 84 completed our pre–challenge successfully.
After all this hard work, we felt proud and had a great feeling of accomplishment. Now we are back to our day-to-day job. We hope that we will get a chance to realize another project like this again in the future!
Our biggest lesson is that if you set your mind to something, you can really achieve great things and everything is possible.
It always seems impossible until it is done. Nelson Mandela
We wouldn’t have succeeded without the support of the following great people and we would like to thank:
- Orit Bezalel, our manager, who believed in us from the beginning, and who kept our spirits high throughout this project with wise words and tasty chocolates.
- Gad Akuka for checking our website for security vulnerabilities.
- Vadim Tomnikov for helping us with Angular issues
- Oran Almog for helping us with the UI and giving us tips
- Genady Podgaetsky and Vitaly Vainer for making some time for us to try to solve our challenge and give us their feedback.
- Haya Rubinstein and Malca Sagal for helping us with the English in our website.
- Merav Simhi and Orna Kleinmann for giving us this opportunity.
Omri, Nathan, Anna, Micha, Adam, Asaf and Avishai.