Malicious codes are usually written by hackers, but at Binghamton University these “evil” codes are being written to raise awareness about the issue.
The eighth annual Underhanded C Coding competition is being hosted by Scott Craver, an associate professor of electrical and computer engineering at BU. The competition asks participants to create “evil codes,” meaning codes that appear to be innocent and easily pass visual inspections, but then implement unusual and unwanted behavior. The competition, which has been at BU since 2005, gets its name because entries must be written in C Code and implement underhanded behavior.
The purpose of making participants create these “evil” codes isn’t to promote hacking and malicious computing behavior, but to raise awareness about it. Craver got the idea for the competition in 2005 after being inspired by a small contest at Stanford University that addressed fears of voter fraud in the presidential election; the code would look normal but would store the votes so they weren’t private or secure.
“In 2004, the year the presidential election took place, there were a lot of concerns about the security of voting machines,” Craver said. “Stanford’s contest was to write a simple computer program that looks like it’s counting votes.”
According to James O’Neil, a sophomore majoring in computer science, coders need to be more aware of the harmful side of hacking.
“I think the competition does a good job on bringing awareness about cyber crime and hacking,” O’Neil said. “A lot of people don’t know the full extent of how much harm someone can do by hacking and I think this is a great way to show that.”
The contest runs from August 15 to November 15, and Craver will select and announce the winners in January. The winner will receive a $1,000 cash prize.
According to Craver, before selecting a contest winner he filters through the submissions and gets rid of code that is longer than 100 lines.
“Every year we challenge people to write something that looks like it’s working but is intentionally misbehaving,” Craver said. “Initial filtering is based on length and readability. We throw away programs that are long, because the object is to hide something and the longer a program you write, the easier it is to hide something.”
In the past, winning codes simply misplaced a comma to create their program that allowed luggage clerks to purposely misroute luggage, showing how easy it is to do something malicious and complex.
When the contest first began in 2005, they only had a handful of contestants, but the contest now gets more than 100 participants, according to Craver.
This year, the Underhanded C Contest is pairing up with nonprofit Nuclear Threat Initiative to assess the possibility that someone could miswrite treaty-verification software and allow one party to misbehave. Inspired by the Iran deal, this year’s challenge is based on the issue of nuclear arms control monitoring and verification technologies.
Craver is hoping that this contest will make software developers more self-aware when they are writing code.
“I want this contest to raise awareness among the software development world that this sort of thing can be done,” Craver said. “So when you write computer software you must be a little more vigilant to prevent the bugs from appearing.”