A cyber attack is a quietly hectic affair, with hackers poring over screens and fingers blurring across keyboards. V3 discovered this when we attended a simulated cyber attack on the BT Tower.
The BT Tower is one of the highest profile communications targets in the UK and the building's viewing gallery made an apt location for the Cyber Security Challenge UK and defence firm Raytheon to test the skills of hacking and cyber security enthusiasts.
Whittled down to 24 individuals after nine months of online assessments, the 'hackers' were split into groups and challenged with seizing back control of the Tower's server from fictitious hacker group, the Flagday Associates, seen in the video below.
Raytheon UK's head of cyber research, Paul Crichard, told V3 the simulated attack was a way to find people with hacking abilities beyond professional networks, and help plug a digital skills gap in the UK's cyber security sector.
"We do get a real variety of people we wouldn't see otherwise. I think there are hidden nuggets out there," he said.
Crichard added that Raytheon adopts this ethos and employs cyber security workers from unexpected backgrounds.
"With my core researchers, I've got an ex-welder and an ex-ballroom dance teacher who've come nicely into the [cyber security] world, and it's been fantastic to find them," he said.
Can they hack it?
Hackers are often thought of as introverted and elusive, hiding behind the internet's supposed veil of anonymity.
But Crichard said the simulation was designed to test how effectively the hackers work as a team in a high-pressure environment, rather than rely on individual skills.
The hackers were not warned about the server takeover, but when the attack arrived V3 noted how some of the hackers gathered in a huddle to figure out the problem, while others remained fixed to their laptops.
Raytheon's cyber security teams had buried clues throughout the challenge to direct the hackers to the infamous Shellshock and Heartbleed exploits to break back into the Tower's server within 30 minutes. This did not happen.
In fact, one of the teams attempted to use a brute force attack on the server, effectively spamming it with password attempts until it crashed and needed a restart, delaying the event by about 15 minutes.
Over the next hour and half, several teams were level-pegging, executing exploits with varying degrees of success, and prompting onlookers and talent spotters to excitedly crowd around them each time.
It was cyber security student Adam Tonks who brought his team to victory when he seized back control of the server using an exploit of the Bash shell software and triggered the BT Tower to start rotating.
Tonks was joined by Darren Brooke, an IT consultant from South Wales, Robert Laverick, a software developer, and Steve Haughton, a network manager from Cardiff.
Having observed the team in action, V3 noticed how the four hackers each worked to their own strengths yet also pulled together as a team.
"We all split up and tried different things, different areas, and we just pulled in the points. In the end we came good with the final challenge," Haughton said afterwards.
Laverick echoed the sentiment, adding: "It's good to see people's different strengths and weaknesses. There are so many aspects to cyber security. It's great to see what everyone else can do and what you can learn from that."
The winners all had some form of experience in the IT world, but none of them had any formal cyber security training and were mostly self-taught through Google searches and forum discussions.
Cyber skills hunt
Cyber Security Challenge UK's goal is to use such simulations to attract people into cyber security careers, and raise awareness of the need for skills in the sector.
Stephanie Daman, chief executive at Cyber Security Challenge UK, said that, despite the skilled amateurs at the event, there is an element of duality in the hunt for digital skills.
"We're at a really strange point at the moment; loads of jobs, not enough people that we can easily pull into the profession, but actually quite a lot of skill out there," she said. "It's finding that skill and pulling it in."
Crichard added: "I also think we still have a responsibility and a need to uplift and make [cyber security] more opportunistic for others."
Rob Partridge, head of BT's Security Academy, explained the firm is already doing this as a major sponsor of the challenge.
"I think we could have a critical skills gap because of the analysis that we've done on the demographics of the industry. Twenty-seven percent of the current workforce will be of retirement age in the next 10 years and that leaves a big hole," he said.
"So we need to make sure we fill that gap, and it's events like this that help us do that."
Many of the sponsors of the event clearly have a vested interest in recruiting some of these hackers.
"Sponsoring challenges like this means that not only can we spot talent and recruit off the back of it, we can build a pipeline of talent for the future as well," said Partridge.
Crichard added that, after the Challenge's grand final in March, the contestants can expect companies to woo them into professional cyber security positions.
Events such as the BT Tower attack will lead to others designed to attract skilled enthusiasts into the technology industry, particularly as organisations like Google, Ofcom and BCS raise concerns over the UK's digital skills.
Moreover, the need to fill the skills gap is becoming a concern that goes beyond the technology industry. A Lords report claimed recently that digital skills will make or break the UK.
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment