Feeds

Catch a hacker, win a book

Honeynet Project wants YOU

  • alert
  • submit to reddit

High performance access to file storage

Organizers of the Honeynet Project's Forensic Challenge are inviting aspiring cyber sleuths to match wits with the perpetrator of a dastardly hack attack on an unnamed Linux machine last November.

Contestants can download intrusion detection system logs from the night of the attack, along with mountable images of the hacked computer's disk drive. Then, by painstakingly analysing the clues left by the intruder, players must uncover such facts as the technique used to crack the system, the type of malicious code that was left behind, and as much as possible about the perpetrator, according to the official rules released Monday by organizer Dave Dittrich, a computer security guru at the University of Washington.

Answers must be in before February 19th. The top-twenty digital detectives, as judged by Honeynet's 30 members, will each win a copy of McGraw-Hill's Hacking Exposed, a $28 value.

The Honeynet Project deliberately scatters vulnerable computers around the Net to lure in "black hat" hackers who then become virtual lab rats, their every move carefully scrutinized and written up in academic research papers.

The Monday launch of the project's first Forensic Challenge coincides with the start of eWeek's third high-profile "Open Hack" competition. Open Hack offers a cash reward of $50,000 to the first person who can penetrate four specially designated systems in a two week period.

That makes playing Sherlock Holmes both less sexy and less potentially lucrative than playing Moriarty, acknowledges intrusion detection expert Martin Roesch, a Honeynet member. "Well, yeah, there's fifty thousand dollars at stake. Hell, I'm thinking of doing it," says Roesch. "But you're far more likely to get a useful experience out of participating in the Forensic Challenge than participating in the Open Hack challenge."

Open Hack is "contrived," while the Forensic Challenge requires the kind of real-life detective work that network administrators, security experts and law enforcement agencies put to use when performing autopsies on hacked computers, Roesch says.

As with other Honeynet endeavours, the perpetrator of the November intrusion was secretly monitored by the project. But the surveillance logs will remain under lock and key until the contest results become public on 19 March.

For now, only one thing is publicly known about the culprit: he or she will not be taking home one of the free books. "The person who hacked the box is not eligible," writes Dittrich.

© 2001 SecurityFocus.com, all rights reserved.

Related Story

Inept crackers stung by intended 'victim'

SANS - Survey on application security programs

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Ex–Apple CEO John Sculley: Ousting Steve Jobs 'was a mistake'
Twenty-nine years later, post-Pepsi exec has flat-forehead moment
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Intel sees 'signs of improvement in the PC business' but earnings remain 'Meh...'
Prospects for the future, however, please Wall Street money men
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.