£35,000 for hackers to crack Web server

A live hacking competition that begins tomorrow in London is intended to publicise the UK's lackadaisical attitude to security
Written by Will Knight, Contributor on

Computer hackers from around the world are being invited to break into a locked-down Web server for £35,000, in a competition launched for to publicise Britain's largest security conference, Infosec.

US-based security firm Argus Systems Group will offer the prize money to any hacker that can penetrate its PitBull security software, which is used commercially to secure Web sites from intruders.

To be successful, a hacker must break into the server and deface Web pages belonging to fictious companies: xType Moto-Rockets and xCursion Adventure Travel.

The competition is supported by security consultants Integralis and by Fujitsu-Siemens, which will provide the server hardware. The target server and key login information will be posted to the Argus Web site, three days before the start of Infosec.

Unlike firewalls or intrusion detection systems, which try to detect and prevent attacks from reaching a server, PitBull works at the operating system level, automatically securing known vulnerabilities and restricting activity.

"If anyone can ever find a way in, then we want to be the first to know about it so we have the responsibility for improving the software even more," says John Yerou, vice president of sales at Argus, in a statement. "This is the ultimate demonstration of new security measures, to invite the hackers in and to go public with the results."

This is the last in a series of four hacking stunts. Similar contests were held in the US and in Germany. "Argus has chosen the UK for the finale contest because the UK lags behind the Far East and the US in its recognition that Internet and e-commerce security needs have moved on," he says.

The competition that took place in the US saw 5.4 million attacks on the designated server, but none were successful, according to Argus.

The competition may seem to demonstrate complete confidence from the organisers, but Gunter Ollmann, principal consultant with Internet Security Systems, says that it may not be very difficult to make the server bulletproof. "You can lock-down a server so that it is impregnable to most known vulnerabilities, until you want to actually start using it for a dedicated task," he says.

The real risk, according to Ollmann, is most likely to come from new vulnerabilities appearing during the hacking competition.

Take me to Hackers

Take me to ZDNet Enterprise

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Enterprise forum

Let the editors know what you think in the Mailroom. And read what others have said.

Editorial standards