The SecLab has been involved in a number of activities that put to work the group's vulnerability analysis skills.

Hacking Competitions

We have participated in several editions of DefCon's Capture The Flag (CTF) hacking competition. Our team, Shellphish, won the 2005 edition.

Kudos to the Ghetto Hackers and Kenshoto for organizing the various editions of this event.

Many of the lessons learned by participating to the DefCon's CTF were leveraged to design the UCSB international Capture The Flag (iCTF), which is the world's largest hacking competition.

The SecLab is behind the creation of UCSB's hacking group. The hacking group originated the Epic Fail team, who participated to various hacking competitions.

Hacking Voting Machines

Electronic voting systems play a critical role in today's democratic societies, as they are responsible for recording and counting the citizens' votes. Unfortunately, there are an alarming number of reports describing the malfunctioning of these systems, suggesting that their quality is not up to the task. Recently, there has been a focus on the security testing of voting systems to determine if they can be compromised in order to control the results of an election. We have participated in two large-scale projects, sponsored by the Secretaries of State of California and Ohio, whose respective goals were to perform the security testing of the electronic voting systems used in those two states.

The vulnerability analysis process identified major flaws in all the systems analyzed. In particular, in both cases we were able to demonstrate how we could develop a worm-like malware that would spread across the voting system infrastructure and change the results of an election, leaving no trace. The findings reported in these two studies resulted in substantial changes in the voting procedures of both states

.

You can watch the hacking movie:

Part 1

Part 2

More details about this project can be found on the SecLab page on voting.