CSIRT-UPJS – a security team from the University of Pavol Jozef Šafárik in Košice, Slovakia has organized the third Summer School of Cybercrime at the end of August. Students from any university in the Czech or Slovak republic could participate. The only condition was that they should study computer science, law, or any other related subject.
The lectures and workshops on various cybersecurity topics were given from the point of view of a security analyst, attacker, forensics expert, expert witness, prosecutor, and lawyer. The topics discussed included:
- Malware Analysis
- How can your appliance get infected?
- How to perform static and dynamic malware analysis?
- What techniques does malware use to make the job of an analyst harder?
- Security monitoring (SOC)
- What events are worth observing in log files?
- What tools to use for correlation and visualization of security data from various sources?
- Incident response
- What hardware and software does an incident responder need?
- In what order should an incident responder capture the artifacts?
- Where in the appliance can an analyst find traces of various kinds of activity?
- Legal issues related to information technology
- What activities over the network are considered criminal according to Slovak law?
- What are the sanctions for cyber criminality?
The whole summer school took 5 days. Students were divided into 8 teams consisting of three people and they were given various small tasks during workshops and lectures. During the first day, an attack on traffic lights in a fictional city was simulated. The attack was held against a WiFi router, personal computer, and RaspberryPi controlling the traffic lights. Data from the attack was captured and later used as evidence in simulated litigation.
Two years ago organizers prepared a tabletop exercise dealing with ransomware in a hospital, but this year there was litigation that was trying to prove whether or not could the accused be connected to the attack against city traffic lights. Students were divided into defense and indictment and each team was given a prosecutor and a lawyer that helped them to prepare for the trial. Students of computer science were also part of the trial in the role of expert witnesses who analyzed the data from the attack.
The most successful teams and individuals were given valuable awards – for instance, the possibility to participate at the Qubit conference, access to Hakin9 magazines, workshops from EC-Council, etc. The whole summer school could take place thanks to the financial support of SK.NIC fond and thanks to the help of several experts from the field of information security and cybersecurity.