What is a hackathon?

I’ve been going to HackRU, the semesterly hackathon held at Rutgers, for a few semesters now.[1]

I noticed I kept getting the same response when I told my non-nerdy Rutgers friends what I’d be doing on the nicest weekend of the year so far, April 18 and 19. “What’s a hackathon?” they’d ask. “Is that like, hacking into something?”

The conversation would then inevitably turn to the DDoS attack that took the Rutgers network down a few weeks ago. You can read my thoughts about that here, but to be completely clear: I would not call that a hack.

Here’s how I usually explain a “hack” in the context of a hackathon:

Did you ever play with Legos as a kid?[2] Remember the all-important instructions? They told you, step-by-step, how to build what was pictured on the box. This is almost like learning to code for the first time — you follow instructions, learn how each part works, and eventually get something to work.

But sometimes, once you finished building that cool spaceship or car or whatever, you got bored. So you broke everything down back to the original parts and started to build something new. For me, this was when Legos really got fun. I’d go full-on Dr. Frankenstein, taking airplane wings and lightsabers from a Star Wars kit, parts from a pirate set, maybe even a character or two from Harry Potter.

I made all kinds of crazy things. At one point I built my own universe of space-pirates, complete with a moon-base type thing, a fleet of space-fighters, and even a giant battleship.

To me, that’s what a “hackathon hack” is — an amalgamation of parts, borrowing a little from here, a bit from there, and combining it all into some weird new package. Faiq and Sam’s 2048 Against Cancer is an easy-to-understand example of a “hack” — they took a popular game (2048) and a popular payment system (Venmo) and created a game that donates a penny to a charity every time you make a move. They “hacked” those two things together into a cool and unique package.

After being asked this question so many times, I thought it’d be interesting if I asked my friends at HackRU how they’d explain what a hackathon is to someone who’s never been to one.

Here’s what they told me. (emphasis mine)

A hackathon is a real time invention competition.” - Mike Swift

“Code or make something in 24 hours. If you like it after 24 hours, then stick with it. If not then move on to something else.” - Rick, director of RU MakerSpace

“Without sounding pretentious, people come here to build the future. Through a hack, app, program, connection, etc. — even if you don’t create something, you’ll make incredible connections here.” - Sam Goldfield

A hackathon feels like suspended reality. Have you ever had a dream at 8am, experienced a whole thing, and woken up just 5 minutes later even though that dream felt like hours?” - Michelle Chen

“24 hours, build cool shit” - Aedan Dispenza

24-passion filled hours of ‘fuck it, why not?’” - Michelle Chen at 4:13am

“It’s a bunch of people in a room on computers hacking things” - Chris Gavin

“A bunch of people with computers and water bottles trying to sleep, but not sleeping.” “And like, trying to program ideas, then spending hours trying to find that bug, or just hallucinating about one.” “But also going to a place and just making something awesome.” - 3 high school sophomore hackers from Freehold Boro

I’m not happy right now. It’s depressing. I’ve lost all hope in trying to make a thing work and I’m going to sleep. But I’m still coming back tomorrow morning.” - Faiq Raza at 4:33am

“It’s a place where I meet some of my best friends over and over again week after week. We build cool shit together.” - Kaushal Parikh

“24–36 hour programming event where you make something start to finish. The goal is to learn something you want to learn, meet some cool people, and make some new friends.” - Jade Yee

“It’s a place where you can connect with a community for encouragement, where you can bring ideas and, in 24 hours, test them out and see if they should live or die. You figure out if this thing is worth caring about.” - Rick, director of RU MakerSpace

“A gathering where you can come to talk with likeminded people about what’s good.” - random guy waiting on line for coffee at 10:45 pm

“The most exciting collaborative space to create ideas. Impossible ideas materialize. It opens your mind to a lot of new ideas you’d never venture into otherwise.” - KPCB winners of $1000

“Overnight event where people come together to learn and make something they’re interested in. It’s an environment where you can branch out and learn. The prizes are nice, but it’s all about the learning.” - Billy Lynch

  1. Usually, I go to cover the event for The Daily Targum, the Rutgers student newspaper. But this semester — which also happens to be my last semester at Rutgers — was my first time actually hacking on a project at a hackathon.  ↩

  2. Or as an adult? Nothing wrong with that.  ↩

Thoughts on the DDoS attack that brought down the Rutgers network over the weekend

Rutgers students were hit with a nasty surprise this weekend when a Distributed Denial-of-Service (commonly called a DDoS) attack crippled the University’s network. Things are fine now — according to an email the Rutgers Office of IT head Don Smith sent to students around noon on Tuesday, “the Office of Information Technology has restored on-campus and off-campus services to normal operation.” But for the duration of the weekend, the attack affected nearly every front-facing part of the Rutgers network:

  • Students using on-campus networks (including in dorms and libraries) reported multiple instances where they lost internet access for extended periods of time
  • Sakai and eCollege, the two main portals that students use to submit and receive assignments, were inaccessible to off-campus students and professors[1]
  • The main Rutgers.edu website was down for at least 15 minutes on Saturday
  • Despite this, OIT says they have “not detected any instances of a breach of confidential information

So how did this happen?

I’m far from an expert on network infrastructure, but here’s my understanding of what went down over the weekend[2]. A malicious figure (who I will talk more about in a little bit) launched a DDoS attack on the Rutgers network infrastructure. A DDoS attack typically works by spamming a network until it can’t handle the number of requests, interrupting or entirely shutting down that network.

According to various rumors floating around the Rutgers subreddit (which are rumors and as such may or may not be true), the perpetrator did this using a botnet of anywhere between 80,000 to 140,000 bots. Even if those bots don’t get into the system (and as far as we know, they didn’t), the sheer weight of their attacks could be enough to cause some serious outages, as we saw over the weekend.

Once the network was attacked, Rutgers shut down external access to the Central Authentication Service (CAS) to preserve security. The CAS is a vital part of how the Rutgers network infrastructure works; it’s like the gate to the Rutgers online kingdom. You must log-in through CAS before you can access the majority of Rutgers services, including (but not limited to) Sakai, eCollege, WebReg, Degree Navigator, and RUWireless and RUWireless_Secure. Curious minds can read more about the CAS here. This is why off-campus students and professors couldn’t access Sakai or eCollege — Rutgers suspended its entire authentication service, leaving them unable to verify anyone’s identity.

Do we know who did this?

This is where things get interesting. There are no official reports indicating the person behind these attacks, but right when the attacks started, a user on on r/Rutgers claimed responsibility. He posted various “proof” that he controls a botnet capable of delivering significant amounts of traffic.

Dimitry Apollonsky interviewed the purported hacker, who goes by the handle exfocus on Reddit and @ogexfocus on Twitter. Dimitry also started a conversation on the Rutgers Hackathon Club Facebook page (I’m pretty sure you have to be in the group to see that post) on the technical aspects of this debacle. I’m more than a little skeptical of some of the answers this exfocus figure gave to Dimitry (particularly the claim that he’s being paid $500 an hour to launch these attacks), but it’s an interesting read nonetheless, and I commend Dimitry for getting in touch with this shadowy figure. My favorite part of the interview is when exfocus says he’s a Taylor Swift fan. Haters gonna hate, I guess.

Regarding the University’s response to this event

Here’s where things get really interesting. The Daily Targum, the official Rutgers student newspaper[3] didn’t publish an article until Tuesday morning, days after the attacks started. It turns out there was a reason for that. From the Targum’s article on the network outage (emphasis mine):

The second DDoS attack overloaded the Rutgers network on March 4, 2015, when the alleged attacker sent two emails to The Daily Targum detailing his intentions.

That’s right: The Daily Targum received advance warning of this attack, which the article later says they passed along to OIT. To be clear, I was not among those informed and didn’t know about this until I read the article this morning. The article goes on to quote the message from the purported hacker (again, emphasis mine):

“A while back you had an article that talked about the DDoS attacks on Rutgers,” the email read. “I’m the one who attacked the network … This might make quite an interesting story … I will be attacking the network once again at 8:15PM EST. You will see sakai.rutgers.edu offline.”

The emails, which were relayed to OIT the same day, launched an investigation. Around that time, Smith asked The Daily Targum to postpone reporting about the second attack and the emails until OIT could consult with police.

This is a tricky spot. If I got an email from someone pretending to be a hacker, I’d be skeptical. But here’s the catch: that very day the network went down. The Targum article says that once that happened, OIT presumed the warning was credible: "Smith asked The Daily Targum to postpone reporting about the second attack and the emails until OIT could consult with police." OIT and the Targum kept quiet presumably because they didn’t want to create an atmosphere of fear and confusion. But OIT didn’t have an official response on the matter until two entire days after the network outages got serious. I would argue this created even more fear and confusion than some kind early of warning or something, but there’s obviously a discussion to be had here over the ethics of doing something like this.

But if you ask me, I think Sakai and particularly eCollege are critical and necessary parts of how students live and work on a day to day basis at Rutgers, and OIT should openly communicate to students everything they know. I think it’s unacceptable that they took as long as they did to inform students what was happening.

TL;DR / A few notes now that everything is working smoothly again (…for now)

  • If anything, this whole event goes to show how absolutely vital the internet is in how students live and work. My Facebook and Twitter feeds were full of students making jokes and complaining about the situation, the r/Rutgers subreddit and YikYak on campus even started a meme about how OIT oddly addressed students as “Gentlepeople” in their email announcing the outage, and several different press outlets jumped on the story, most notably Charlie Kratovil of New Brunswick Today, who did a great job covering the event and its fallout over the weekend on Twitter.

  • I'm a little biased, but if you ask me this story just goes to show that, as Rutgers President Barchi admitted in an interview with the Daily Targum last semester, Rutgers is at least 15 years behind where it should be in terms of technology infrastructure.

  • This is not the first incident of this type this school year: in November 2014 a similar DDoS attack brought Rutgers network down just before the class registration period. Interestingly enough, class registration for next semester happens next week. The attacker also claimed responsibility for those attacks. I’m not sure if I want to make a connection between class registration and the DDoS-ing, but that seems like the best reason behind this I can think of. Why the hell would anyone do this otherwise? Rumors claim that the hacker was annoyed by the bus system or is getting paid to take down the network, but I don’t know how much of that I believe.

  1. I think that Rutgers intentionally shut this part of the network down to avoid overage fees from their provider just as much as they did to reduce security risks. Also, more than one of my professors postponed assignments due Monday morning because even they couldn’t access Sakai or eCollege, which was awesome.  ↩

  2. Please feel free to tweet me @tylergold or email me if you notice anything particularly egregious.  ↩

  3. I write a weekly tech column for the Targum, but I had written this week’s post before these events, which is why this week’s Tech Tuesday is about Periscope and Meerkat and why I’m posting this here.  ↩


I just rediscovered this story that I wrote back in January. I typed it on my iPhone on the train ride immediately after the events I'm describing.

I witnessed something awesome tonight. It could have been nothing, but I think it was something. In fact, I think it one of the best romantic surprises I've ever seen (on a screen or in real-life). Let me explain.

It's 7pm on a Tuesday night. I'm making my way through Penn Station towards the New Jersey transit section. The late crowd of commuters is finally headed home, hoping to catch the 7:03 express. As I'm walking to the train, I hear a loud noise from about five feet to my left. I whip my head to the source of the sound: a quick whistle followed by a piercing hooooot. The whistle was so loud it turned the heads of the entire herd of commuters waiting in the lobby.

I'm at a particularly good vantage point to see who made the noise. It's a kid who can't be older than 21. He's built somewhere in-between me and my younger brother: not too tall, thin but lean. He's a good looking dude, with a happy, bright-eyed grin. A flash of guilt runs across his face when the entire lobby turned to look at him; he was clearly trying to get the attention of only one person. Based off how happy he looks, I wonder if it's a girl. I think nothing of it.

But I walk down the stairs to join the herd I hear the noise again, but noticeably more quietly. I slow down and notice someone walking against the tide towards the kid who made the whistle-hooooot, who is now crouched behind his suitcases. He's playfully hiding from the person who is now emerging from the herd and walking towards him.

It's a girl who's probably the same age as he is; I would guess 19 or 20. She has long black hair framing a pretty, naturally tanned face. Her clothes are of similar fashion to his: she's wearing a cool leather jacket with brown boots with a big heel that she clearly knows how to rock.

She's equally glad to see him; maybe even more so. She has a thin smile, but her eyes say everything. She is beaming at his suitcases — she obviously knows who it is hiding behind them. Maybe the whistle-hooooot is an inside joke.

It's immediately apparent to me that these two are a "thing". Could they be traveling together? No, they're way too excited for that. I think this encounter might have been serendipitous — or at the very least a surprise for one of them, probably her.

I don't know how they know each other, and I'll probably never find out. But as soon as she reached him hiding behind his suitcases — could he be traveling to meet her? — he jumps up and the two lock into one of the most passionate, excited, natural embraces I've ever seen. They whisper nothings into each other's ear, and then start kissing. They don't stop, of course, because they're young and young people don't care about PDA. I turn around to give them some privacy (even though they don't seem to want it) and reflect on the crazy vibes they were giving off.

As the screens above the lobby finally flash to show which track my train is on, I quickly glance back at the couple. They're still locked together, still talking. As I look, they start passionately kissing again.

I turn around and join the commuter stampede rushing towards the train tracks.