Carnegie Mellon University’s competitive hacking team, the Plaid Parliament of Pwning (PPP), just won its fifth hacking world championship in seven years at this year’s DefCon security conference, widely considered the “World Cup” of hacking. The championship, played in the form of a virtual game of “capture the flag,” was held August 8-11 in Las Vegas.

PPP now holds two more DefCon titles than any other team in the 23-year history of DefCon hosting the competition.

If you’re wondering who the best and brightest security experts in the world are, look no further than the capture the flag room at DefCon.

David Brumley, Professor, Electrical and Computer Engineering

“If you’re wondering who the best and brightest security experts in the world are, look no further than the capture the flag room at DefCon,” says David Brumley, a professor of Electrical and Computer Engineering at Carnegie Mellon, and the faculty advisor to the team.

Three of the five biggest data breaches ever have occurred in the past 12 months, leaking nearly 2 billion personal records. For security experts trying to defend against these types of attacks, the annual DefCon conference provides an opportunity to hone their skills and practice on one another.

"These competitions are so much more than just games," says Zach Wade, a student in Carnegie Mellon’s School of Computer Science and one of PPP’s team captains. "They bring together the security community to share and test new ideas that can be used to strengthen the security of the systems and devices we use every day."

A group of students on a stage behind a man who is speaking

Source: Zach Wade

PPP stands on stage at DefCon’s closing ceremonies as they are announced as the winners of the 2019 capture the flag competition.

Over the course of the 72-hour hacking spree, teams made up of students, industry workers, and government contractors attempted to break into each other’s systems, stealing virtual “flags” and accumulating points. To add drama, team scores were hidden from view on the second day, and scores and rankings were hidden on the last day, sending teams into a hacking frenzy.

“Our team’s success reflects our dedication to training the problem solvers of the future,” says Jon Cagan, interim dean of Carnegie Mellon’s College of Engineering.

This year’s competition consisted of 16 pre-qualified teams with members from at least seven countries around the world. Team “HITCONxBfKin” from Taiwan placed second overall, with team “Tea Deliverers” from China trailing in third.

"This year, we were particularly in the zone for the challenges and our teamwork was very on point,” says Carolina Zarate, a recent graduate of CMU'sInformation Networking Institute. She says the team’s camaraderie is an essential aspect of their success, and sums up the 72+ hour experience as involving "(mostly) goofing off, not sleeping, and maybe a little hacking with friends."

The Carnegie Mellon hacking team first formed in 2009 and began competing at DefCon in 2010. The team previously won the contest in 2013, 2014, 2016, and 2017.