C3E Idea Detail - Public Challenge: Hacker's 10-pin Bowling


Submitted by Christopher Rose

Title: Public Challenge: Hacker's 10-pin Bowling

Problem:

Remote intrusion detection/prevention/study

Proposal:

Not sure how to answer this question (I'm a "naive") but see detail below.  I think this might be a type of honeypot, but I see it as more of a  type of "Netflix Challenge"

 

Set up literally mechanical systems  (bowling is an example) and invite (challenge) hackers to knock down the pins by hacking into the machine(s) in question.  Have different levels of difficulty.  (obviously this could be changed to simple compromising or obtaining some hidden info -- capture the flag, so to speak -- but mechanical has a certain appeal and speaks to a certain type of viscerally disturbing threat where machines control more and more mechanical aspects of our lives).  Offer significant prizes for success (Netflix offered 1M -- the team that eventually won was from AT&T).

Strengths:

Everyone understands cyber-problems today in a way they did not 5 years ago.  Spam is epidemic as is phishing and other forms of abuse.  So inviting and inciting public interest in hacking and securing might spur greater (funding) interest by lawmakers.

Weaknesses:

There might be zero interest or the respondant pool might not be useful for further insight into the truly scary hard-target attacks we are really trying to understand and thwart.

References:

Absolutely no idea, so take all above with a grain of salt.  I've never been constrained in my commentary by lack of knowlege. :) :) 

 

David Chaboya This idea is interesting, but needs more direction. For example, there are already capture the flag contests at Blackhat and other conferences. We would need to decide the purpose of the challenge, and what data/metrics we expect to capture. For example, if we were to spend 1M to pay a hacker to break into a secure system.. would that money be better spent building a private exploit for the government? What hacker skill could one hire for $1,000,etc..?

Reply