“XXL” Hackathon : ESILV Students Rewarded by Companies for Their Cybersecurity, Training, E-health Solutions

More than 200 students from nine higher education schools took part in a multi-school corporate challenge, named “XXL Hackathon”,  focused around issues that concern institutions’ corporate partners. Several ESILV students were part of the winning teams of the “XXL Hackathon”, who created the best solutions for cybersecurity, training, and e-health.

The multi-school “XXL hackathon” organized by IESEG hosted various topics of concern for companies, ranging from a simulation of an attack/defense scenario to environmental, social or healthcare innovation issues. Some of the issues addressed by the multidisciplinary teams included the following:

• A simulation of an attack/defense scenario mixing cybercrime and fraud with the help of the IBM X-Force Command Cyber Tactical Operations Center (C-TOC), to work on the problem of cybersecurity.
• Social or environmental hackathon subjects provided by Butagaz & the Sigfox Foundation
• UX/UI Sprint Design challenges, suggested by Accor Hotel and M6

The inter-school teams were given 48 hours to elaborate their ideas and come up with a final prototype, presentation or study they had to present before a jury and companies’ representatives on the 6th of March in the afternoon. After having evaluated each 10-minute pitch, the juries selected several winning teams.

Sketching out the worst-case scenario for a cyber-attack hitting a bank from inside IBM’s C-TOC

Encased inside a cutting-edge Command Cyber Tactical Operation Center, students teamed up in five teams to play the role of hackers and cyber-defendants.

Gathered around a security watch room that is controlled by gestures and integrated into a 23-tonne state-of-the-art truck , 18-wheel semi-trailer specially fitted out by Mercedes-Benz, the ESILV students had to manage the two scenarios that were part of the cyber-crime challenge in the banking environment.

Winners of the cyberattack scenario on HSBC 

On the one hand, three attack teams had to put themselves in the shoes of a bunch of hackers, trying to recreate the so-called “hacker mind”, with all the means at hand: motivation, material, types of attacks, etc.

The setting was a ramsomware attack that would put economic and energy stability in the crosshairs. Among the “hackers” who made use of the security vulnerabilities simulated for the occasion by HSBC, we note particularly Clovis CARLIER and Sébastien FOURNIER, the two 2nd year students at ESILV.

Clovis shares with us his team’s ” war plan “:

” “We have had a day and a half to develop a pitch on the most cost-effective hacking tactics, concentrating on social engineering attacks. We then suggested action plans that involved carrying out audits using a ‘Red team’, we also offered a quiz on phishing sensitivity for the jury, and ended with an advertisement poster for HSBC to ideally reach the general public.

So we were given 10 minutes to pitch our project, which was therefore focused on the human vulnerability in IT. In addition to the educational quiz and the advertisement poster, in the first part we made a demonstration how easy it is for hackers to manipulate unprepared using sophisticated tools. We also demonstrated a technique that is very widespread in the hacker community, which is phishing. It was quite impactful for the jury because it took us less than a minute to do all this ” (Clovis CARLIER, ESILV student) 

Winners of the cyber defence scenario

On the defense side, the two teams were to embody a crisis cell, providing answers for cyber threats, protection mecanisms and crisis management. The final objective? To propose a cyber risk management policy adapted to the HSBC. One of the cyber defenders awarded by HSBC is Reza ZOHRABI, in his 4th year at ESILV.

“Today, digital engineers who have no clue about the rise of cyber dependency, and hence no knowledge of the risks and the consequences of cyber attacks in this regard, would be just reckless engineers. For IBO students, this is a major hands-on experience. It could encourage them to adopt “secure by design” processes and make system security an obvious priority for them.” (Walter Peretti, mechatronics teacher, head of industrial projects)

Winners of the Butagaz theme: improving safety training

It took 48 hours of intensive work for Nasreddine’s GRIHMA team, a second year student at ESILV, to win the Butagaz prize for an innovative virtual reality training solution.

“We needed to find a way to improve Butagaz’s training to make its employees more aware of the risks and place more importance on safety. My team and I decided to work on the following issue: How can we encourage those employees who are not proactive in the current safety training process to become more involved and integrate it as an integral part of their jobs? To address this issue we have decided to make training active and not passive, as was previously the case. We have decided to make training more fun using simulation games for different jobs.” (Nasreddine GRIHMA, ESILV student)

Digital Health Team winners

 Jérémy Donadio’s project on brain-computer interface, a 3rd year engineering student, won the CHU Nantes prize for solutions that support the digital transformation of the medical sector. 

The challenge made students think about the challenges of cyber-security and pushed them to use collective intelligence to generate new innovative solutions for businesses seeking to be more efficient.