Catch a hacker, win a book

[InfoSec News <isn () C4I ORG>]

http://www.theregister.co.uk/content/6/16109.html

By: Kevin Poulsen
Posted: 16/01/2001 at 05:08 GMT

Organizers of the Honeynet Project's Forensic Challenge are inviting
aspiring cyber sleuths to match wits with the perpetrator of a
dastardly hack attack on an unnamed Linux machine last November.

Contestants can download intrusion detection system logs from the
night of the attack, along with mountable images of the hacked
computer's disk drive. Then, by painstakingly analysing the clues left
by the intruder, players must uncover such facts as the technique used
to crack the system, the type of malicious code that was left behind,
and as much as possible about the perpetrator, according to the
official rules released Monday by organizer Dave Dittrich, a computer
security guru at the University of Washington.

Answers must be in before February 19th. The top-twenty digital
detectives, as judged by Honeynet's 30 members, will each win a copy
of McGraw-Hill's Hacking Exposed, a $28 value.

The Honeynet Project deliberately scatters vulnerable computers around
the Net to lure in "black hat" hackers who then become virtual lab
rats, their every move carefully scrutinized and written up in
academic research papers.

The Monday launch of the project's first Forensic Challenge coincides
with the start of eWeek's third high-profile "Open Hack" competition.
Open Hack offers a cash reward of $50,000 to the first person who can
penetrate four specially designated systems in a two week period.

That makes playing Sherlock Holmes both less sexy and less potentially
lucrative than playing Moriarty, acknowledges intrusion detection
expert Martin Roesch, a Honeynet member. "Well, yeah, there's fifty
thousand dollars at stake. Hell, I'm thinking of doing it," says
Roesch. "But you're far more likely to get a useful experience out of
participating in the Forensic Challenge than participating in the Open
Hack challenge."

Open Hack is "contrived," while the Forensic Challenge requires the
kind of real-life detective work that network administrators, security
experts and law enforcement agencies put to use when performing
autopsies on hacked computers, Roesch says.

As with other Honeynet endeavours, the perpetrator of the November
intrusion was secretly monitored by the project. But the surveillance
logs will remain under lock and key until the contest results become
public on 19 March.

For now, only one thing is publicly known about the culprit: he or she
will not be taking home one of the free books. "The person who hacked
the box is not eligible," writes Dittrich.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".