Meet the student hackers behind the ‘Plaid Parliament of Pwning’

BY Elisabeth Ponsot  October 26, 2013 at 5:00 PM EDT


Earlier this year, the “Plaid Parliament of Pwning” team held a hacking contest for high school students called “Toaster Wars.”

Consider a phone charger that not only charges your smartphone, but also scans any Android device for malware, viruses and other malicious rootkits — alerting the user if his or her phone has been compromised.

Brian Pak, 24, is a developer and founding member of a 2-year-old start-up in Reston, Va., whose “Skorpion charger” prototype does just that.

The start-up, “Kaprica Security,” has eight members on staff, five of whom got their start in cybersecurity by learning just the opposite — how to hack — as members of a team of student hackers at Carnegie Mellon University in Pittsburgh.
PPP logo

For the past three years, the group, known as the “Plaid Parliament of Pwning,” has often won prestigious hacking competitions across the country and around the globe.

Today, the PPP is the top-ranked competitive hacking team in the world, according to CTFtime.org.

The “plaid” in the alliterative team name is a nod to the university’s mascot: Scotty, a Scottish terrier adorned with a plaid pattern scarf. “Pwn” is hacker-speak for “own,” as in the hacker takes a computer over and owns it.

For the past four years, the group has deepened its knowledge of the various categories tested in hacking competitions, including cryptography, reverse engineering, exploitation, web hacking and digital forensics, Pak said.

The PPP competes in “CTFs” or “Capture the Flag” contests, where teams battle for “flags:” pieces of information hidden such that it can only be retrieved once the problem is solved.

Ryan Goulden, 20, a junior at CMU and current co-leader of the PPP said most CTF competitions are one of two styles: either a “Jeopardy” game, consisting of a board with challenges worth points, or an “Attack/Defense” game, where teams must hack into each other’s servers for points.

CTFs also provide simulated environments for people interested in cybersecurity to practice their hacking skills without breaking the law, Gouldon said.

To further encourage an even younger generation of cybersecurity experts, earlier this year, the PPP hosted a “picoCTF” contest for high school students called “Toaster Wars.”

Sponsors for the 2013 picoCTF included Intel, Microsoft and the National Security Agency.

A picoCTF is similar to a traditional Capture the Flag competition, but is targeted toward younger students, with an emphasis on education. The “Toaster Wars” website states its primary goal is to “educate students on what computer security is about and to show how much fun this field can be.”

While days of non-stop coding may not seem exciting to some, the PPP hackers find CTF competitions to be both challenging and rewarding.

Goulden, who doesn’t see himself pursuing cybersecurity as a career, said for him, it’s all about the competitions.

“I’m pretty much only doing this for fun,” he said.

It’s no secret that cybercriminals are stealing personal information and credit card numbers by hacking into corporate and government computers. One school in Pittsburgh is training the next generation of cybersecurity experts to fight off the bad guys — by teaching them to think the same way.