Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government Education Security The Almighty Buck United States

NSA's 'Codebreaker Challenge' Features Exploiting Blockchain To Steal Ethereum (ltsnet.net) 56

"The National Security Agency's 2018 Codebreaker Challenge kicked off on Friday, 9/21, and runs through 12/31," writes Slashdot reader eatvegetables. Each year's challenge -- which is open to U.S. students -- comes with its own (fictitious) backstory which the organizers say is "meant for providing realistic context."

This year's story? A new strain of ransomware has managed to penetrate several critical government networks and NSA has been called upon to assist in remediating the infection to prevent massive data losses. For each infected machine, an encrypted copy of the key needed to decrypt the ransomed files has been stored in a smart contract on the Ethereum blockchain* and is set to only be unlocked upon receipt of the ransom payment. Your mission is to ultimately (1) find a way to unlock the ransomware without giving in to the attacker's demands and (2) figure out a way to recover all of the funds already paid by other victims.

* For the purposes of this challenge, a private blockchain has been created with no real monetary value associated with the Ether.

"The first half focuses on network protocol analysis and binary reverse-engineering," writes eatvegetables, while "The second half is all about attempting to exploit the blockchain."

An email address from "a recognized U.S. school or university" is required, and the original submission notes that America's college students "are already hard at work trying to push their school to the top of the leaderboard."
This discussion has been archived. No new comments can be posted.

NSA's 'Codebreaker Challenge' Features Exploiting Blockchain To Steal Ethereum

Comments Filter:
  • by Gravis Zero ( 934156 ) on Saturday September 22, 2018 @05:49PM (#57361258)

    A new strain of ransomware has managed to penetrate several critical government networks and NSA has been called upon to assist in remediating the infection to prevent massive data losses.

    Restore from backups! No backups? Let's start with who we're going to fire for not having backups and work our way up to indictments for gross negligence. ;)

    • by tepples ( 727027 )

      How would cloud backups survive deletion by the same attacker? Wiki hosting service Orain died when a malicious intruder deleted all of its hosted backups.

      • Re: (Score:3, Insightful)

        by Gravis Zero ( 934156 )

        If your backups are also online then you have failed to make backups.

        • by tepples ( 727027 )

          What medium do you recommend for a backup that is both offline and offsite? You need offline to guard against the Orain problem, but you need offsite to guard against natural disaster.

          • by rtb61 ( 674572 )

            It's called a 1 ton safe, can be onsite and yet for all intents and purposes it is offsite protected by thick steel walls and insulation as a final layer. Don't forget to shut the safe door when you put the backups in.

            Now if you want to be sure you are really backing up, then you have to take the really radical step of erasing your system and actually trying to restore it, to see what you have really got. If you are concerned, that you might be backup numbnuts, create a parrallel small empty network and to

            • by tepples ( 727027 )

              I completely agree with you about doing periodic restore drills onto spare boxes. I was just curious about what sort of removable media people were using for physical backups nowadays.

            • by dcw3 ( 649211 )

              It's called a 1 ton safe, can be onsite and yet for all intents and purposes it is offsite protected by thick steel walls and insulation as a final layer.

              No, no, no. The safe is fine, but that's not going to help you when there's a flood...Florence anyone? Natural disasters are one of the primary reasons you go offsite...and not nearby. How about the World Trade Center...would your safe have been safe there?

          • There is an entire industry that specializes in facilitating off site backups.
        • by Kaenneth ( 82978 )

          If you haven't tested the restore process, you have also failed.

          After I got the system running well enough I had free time, I tested the restore of a $2 billion government financial database; turned out the backup was not actually backing up the database file, but a shadow file consisting of all zeros.

          glad I found that out, and fixed it, before anything went wrong (nothing did on my watch anyway)

    • by manu0601 ( 2221348 ) on Saturday September 22, 2018 @06:00PM (#57361312)

      Restore from backups! No backups?

      Of course they have backups. This is US government, they can always ask Wikileaks for copies of their documents.

  • Editor changed post to sensationalist crap! The new title is nonsensical. The content of original post hacked up and a mess.

  • They will hack into a school computer and enter the competition to win the prix.

  • The solution is not collegiate.

    SO each participant have self pre-qual their code as candidate, target or suspect in future. Very much like fingerprinting is their signature coding style.

    Smart!

  • Since the inception of cryptocurrency, it was bound to be exploited to this particular degree. In reality, the fact remains that cryptocurrency as a whole will continue to falter as a viable currency in it's current state at this current time.

    Changes in blockchain technology may improve this in the future, however, in it's current state it is too volatile to trust as a constant construct for valued currency.

The most important early product on the way to developing a good product is an imperfect version.

Working...