£35,000 hacking challenge cracked

Hackers crack challenge within 24 hours, and Solaris gets the blame
Written by Will Knight, Contributor on

A team of computer hackers has captured £35,000 for hacking into a computer system just twenty-four hours after the competition began. The hack is likely to be a major embarrassment for the company behind the high-profile hacking comptetion, despite its assertion that the break in has highlighted a major new vulnerability in the Solaris operating system running on Intel x86 microprocessors.

Argus Systems organised the competition -- to break into a Web server locked down using its security product called PitBull -- to promote its products and to coincide with the start of Infosec, the UK's premier computer security event. Hackers were invited to circumvent PitBull, which automatically secures known vulnerabilities and restricts activity at the operating system level, and deface two functional -- but fictitious -- company Web sites.

The hacking group -- Last Stage of Delirium (LSD) -- broke into the target server on Saturday, just a day after the competition began, and informed Argus Systems. The target server was shut down as the company immediately launched an investigation.

However, Randy Sandone, president and chief executive of Argus Systems, denied that the decision to hold the hacker challenge was a mistake. "We continue to believe that these hacking contests are providing a public service to the industry," said Sandone, adding that the challenge has revealed an important operating system vulnerability.

"In this case, with the help of LSD, we've exposed a potentially devastating vulnerability that may exist in millions of computer systems around the world."

Sandone stressed that customers using PitBull need not acquire a patch to secure their servers, as the vulnerability lies with the Solaris operating system. Details of the vulnerability will be published once a fix is created.

Others believe the stunt backfired and is an embarrassment for Argus Systems Group, as well for as security consultant firm Integralis and hardware vendor Fujitsu Siemens, which helped organise the stunt and have coordinated three similar competitions in the US and Germany without suffering setbacks.

Gunter Ollman, principal consultant for computer security company Internet Security Systems, says that this may just go to show that there's no such thing as 100 percent security. "There's always going to be a potential risk there," he said. "The skills of people of the other side of the fence are getting better all the time."

The challenge was organised to mark the start of Infosec, which takes place in London this week.

Take me to Hackers

Take me to ZDNet's Net Crime Special

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Enterprise forum

Let the editors know what you think in the Mailroom. And read what others have said.

Editorial standards