NSA's 'Codebreaker Challenge' Features Exploiting Blockchain To Steal Ethereum (ltsnet.net) 56
"The National Security Agency's 2018 Codebreaker Challenge kicked off on Friday, 9/21, and runs through 12/31," writes Slashdot reader eatvegetables. Each year's challenge -- which is open to U.S. students -- comes with its own (fictitious) backstory which the organizers say is "meant for providing realistic context."
This year's story? A new strain of ransomware has managed to penetrate several critical government networks and NSA has been called upon to assist in remediating the infection to prevent massive data losses. For each infected machine, an encrypted copy of the key needed to decrypt the ransomed files has been stored in a smart contract on the Ethereum blockchain* and is set to only be unlocked upon receipt of the ransom payment. Your mission is to ultimately (1) find a way to unlock the ransomware without giving in to the attacker's demands and (2) figure out a way to recover all of the funds already paid by other victims.
* For the purposes of this challenge, a private blockchain has been created with no real monetary value associated with the Ether.
"The first half focuses on network protocol analysis and binary reverse-engineering," writes eatvegetables, while "The second half is all about attempting to exploit the blockchain."
An email address from "a recognized U.S. school or university" is required, and the original submission notes that America's college students "are already hard at work trying to push their school to the top of the leaderboard."
This year's story? A new strain of ransomware has managed to penetrate several critical government networks and NSA has been called upon to assist in remediating the infection to prevent massive data losses. For each infected machine, an encrypted copy of the key needed to decrypt the ransomed files has been stored in a smart contract on the Ethereum blockchain* and is set to only be unlocked upon receipt of the ransom payment. Your mission is to ultimately (1) find a way to unlock the ransomware without giving in to the attacker's demands and (2) figure out a way to recover all of the funds already paid by other victims.
* For the purposes of this challenge, a private blockchain has been created with no real monetary value associated with the Ether.
"The first half focuses on network protocol analysis and binary reverse-engineering," writes eatvegetables, while "The second half is all about attempting to exploit the blockchain."
An email address from "a recognized U.S. school or university" is required, and the original submission notes that America's college students "are already hard at work trying to push their school to the top of the leaderboard."
Re: (Score:2)
you forgot the people that did all you say, were all promoted and are still employed or very comfortably retired.
Re: (Score:2)
Unless you've examined the "ransomware" in question, and seen the smart contract, I'm not sure how you can properly make such an analysis.
Re: (Score:2)
Go to the end of the network and read along well before encryption.
No need to worry about difficult real time encryption. The solution is waiting and very readable on a distant computer and consumer OS.
Re: Nobody will be able to do this (Score:1)
I have the solution! (Score:5, Funny)
A new strain of ransomware has managed to penetrate several critical government networks and NSA has been called upon to assist in remediating the infection to prevent massive data losses.
Restore from backups! No backups? Let's start with who we're going to fire for not having backups and work our way up to indictments for gross negligence. ;)
Re: (Score:3)
How would cloud backups survive deletion by the same attacker? Wiki hosting service Orain died when a malicious intruder deleted all of its hosted backups.
Re: (Score:3, Insightful)
If your backups are also online then you have failed to make backups.
Re: (Score:2)
What medium do you recommend for a backup that is both offline and offsite? You need offline to guard against the Orain problem, but you need offsite to guard against natural disaster.
Re: (Score:1)
With data sets having outgrown DVD long ago, and BD-R never really catching on, what "removable media" are you referring to? Entire HDDs?
Uum,yes? Or tapes. (Score:1)
We used HDD systems for backup in freaking 1999.
But if you do not need fast random access, good old tapes haven't stood still, and still have *insane* densities and data rates.
Re: (Score:3)
It's called a 1 ton safe, can be onsite and yet for all intents and purposes it is offsite protected by thick steel walls and insulation as a final layer. Don't forget to shut the safe door when you put the backups in.
Now if you want to be sure you are really backing up, then you have to take the really radical step of erasing your system and actually trying to restore it, to see what you have really got. If you are concerned, that you might be backup numbnuts, create a parrallel small empty network and to
Re: (Score:2)
I completely agree with you about doing periodic restore drills onto spare boxes. I was just curious about what sort of removable media people were using for physical backups nowadays.
Re: (Score:2)
It's called a 1 ton safe, can be onsite and yet for all intents and purposes it is offsite protected by thick steel walls and insulation as a final layer.
No, no, no. The safe is fine, but that's not going to help you when there's a flood...Florence anyone? Natural disasters are one of the primary reasons you go offsite...and not nearby. How about the World Trade Center...would your safe have been safe there?
Re: I have the solution! (Score:2)
Re: (Score:2)
If you haven't tested the restore process, you have also failed.
After I got the system running well enough I had free time, I tested the restore of a $2 billion government financial database; turned out the backup was not actually backing up the database file, but a shadow file consisting of all zeros.
glad I found that out, and fixed it, before anything went wrong (nothing did on my watch anyway)
Re:I have the solution! (Score:4, Funny)
Restore from backups! No backups?
Of course they have backups. This is US government, they can always ask Wikileaks for copies of their documents.
Editor changed post to sensationalist crap (Score:2)
Editor changed post to sensationalist crap! The new title is nonsensical. The content of original post hacked up and a mess.
Re: (Score:2)
Deep breath..... Ok. @EditorDave, I know that you meant well. Sorry. Didn't mean to yell at you.
Re: (Score:2)
Deep breath..... Ok. @EditorDave, I know that you meant well. Sorry. Didn't mean to yell at you.
I don't think that was the reaction he's going to be complaining about. [makeagif.com]
Re: (Score:2)
LOL
Russia will win (Score:2)
They will hack into a school computer and enter the competition to win the prix.
Re: (Score:2)
The Nsa Worked To “Track Down” Bitcoin Users, Snowden Documents Reveal (March 21 2018)
https://theintercept.com/2018/... [theintercept.com]
"... report dating to March 2013" Welcome back to XKeyScore MONKEYROCKET, OAKSTAR AC .
Re: (Score:2)
You mean technology developed 10 years ago is the most proven ever in the history of computing?
Riveting.
NSA breadth in scale and scope... (Score:2)
The solution is not collegiate.
SO each participant have self pre-qual their code as candidate, target or suspect in future. Very much like fingerprinting is their signature coding style.
Smart!
The ugly truth is.. (Score:1)
Since the inception of cryptocurrency, it was bound to be exploited to this particular degree. In reality, the fact remains that cryptocurrency as a whole will continue to falter as a viable currency in it's current state at this current time.
Changes in blockchain technology may improve this in the future, however, in it's current state it is too volatile to trust as a constant construct for valued currency.