As so many people keep asking me about what is Geekweek and what I did in Geekweek, I finally decided to write it down. I did give brief answers every time when I got the questions for GeekWeek. But it seems that it is hard to make it clear enough in a short answer, especially when I told them that I built a visualization application which doesn’t sound like related to cyber security. With this article, next time when people ask me what I have done in those 9 days on the other side of Canada, I would send them this blog and they will get a full picture of Geekweek. By structuring this article as questions and answers, after reading this, you are supposed to get a basic idea of GeekWeek and able to find the necessary information about it.
What is GeekWeek?
If you go search the keyword “GeekWeek” on google, you probably would not get the information about the GeekWeek I had participated, for these reasons, first, this is an event only for a very small and professional community, and second, their website is not really well maintained and handing in sufficient information(or they were trying to protect the privacy of this event). GeekWeek started in 2014, and up to 2017, there were 4 GeekWeeks have been held. It is an event aiming at gathering cyber security expertise together for a few days, taking them away from their regular work environment to implement the innovative ideas they once had that relates to prevention, identification, analysis or mitigation of cyber-attacks. In short, it is a hackathon for cyber security. Started from the first one, all four of the GeekWeek events happened in the capital of Canada, Ottawa. The first event only have 20ish participants. The number doubled every year and reach 150 in 2017 which is Canada 150. Here is the links of the website for each years’ Geekweek. The 2014 one was overwritten by the 2015 one, so in total there are only 3 links for 4 events.
Who organized GeekWeek?
From their websites, you can know that Canadian cyber incident response center was the host of the first two events, while Carleton University joined as another host in 2016 and 2017.
Who participated in GeekWeek?
As the host, CCIRC sent their security expertise to the events. Most of the project and team leaders are from CCIRC. Besides CCIRC, sponsors also sent people to the events. As I know they will send out the invitations to some security related government departments and companies. They also accepted applications online. The applicants can be employees in the industry or students from universities. The applicants were interviewed before they were decided to be accepted or rejected to the event. For Geekweek 2017, 15 students from Canada university and around 10 expertise from other countries had participated.
How about GeekWeek 2017?
As I mentioned before, Geekweek 2017 is the largest compared to the previous ones. There are totally 150 participants which are divided into 4 big teams for 4 different project themes. Each big team was further divided into several sub teams, so finally each sub team had around 10 people. The sub teams were working on the topics that related to the big project theme. Each big team had a captain who was responsible to connect and combine all the sub teams’ work and eventually presented all the work in the final presentation of GeekWeek. Each sub team had one or two team leader who, as I know, either from CCIRC or had previous experience of GeekWeek. Their role is to support their team members when they encounter problems and act as the interfaces for the sub team and the captain.
What did my team build?
My team’s theme is related to the cyber health. Our goal is to be able to analysis the status of the open network and try to detect and notify the problems. There are different datasets to be analysis to find the problem. My sub team was working on the open dataset from Shodan, which is the world’s first search engine for Internet-connected devices. The dataset we had contains all the Betnet devices from Canada and their information. We built an application to cluster and visualize those devices. The clustering algorithm should be able to cluster the devices basic one of the character such as internet IP. The visualization goal is to be able to visualize the cluster’s geo location, and when the user want to look into the cluster, we can provide the detail relationship among the devices.
Technical summarize about the visualization application we developed
The visualization application we built use electron framework. All original data is stored in Mangodb. For the cluster level visualization we store the analysis data in Neo4j is a graph database. Our application connected to this two datasource, use leaflet which provide map interfaces, and pixi, which provide data visualization and analysis interface to accomplish the functionalities. And another application we built is a dashboard, which provide indicators of the status of the network as well as their geo information on a map. To fulfill this functionality, we set up grafana as the dashboard, and influxdb as the datasource. We stream the data into influx with python scripts and Grafana were able to show this data in the preconfigured dashboard.
In summery, Geekweek is an exhausted but fun and meaningful activity. I spent 9 days with experts from all around Canada to build thing. We had fun, built networks and make friends.