OpenHack III, a computer-hacking contest sponsored by eWeek magazine, featured some stiff competition when it opened last Monday. In one corner is Argus Systems Group, maker of a computer security product called PitBull that the company claims is virtually impenetrable.
In the other is an army of hackers who have two weeks to try to break into a PitBull-protected system and win a cash prize, courtesy of Argus (www.argus-systems.com). Hacking contests have been going on since the mid-1980s, but Argus has raised the stakes this time with a $50,000 prize, in an effort to validate a product it believes - and many experts agree - is the Fort Knox of computer security. Argus thought of giving a car away - but realized from past hacking contests that participants aren't always old enough to drive.
Hackers generally try to access computer operating systems by exploiting holes in the applications the systems run, and most security products try to plug those holes. But PitBull protects the operating systems themselves, making it virtually impossible for a hacker to gain access. In recent contests in Las Vegas and Munich, Germany, hackers failed to break into Argus-protected systems. But hackers have always shown resilience in the face of attempts to defeat them. Eric Lundquist, eWeek's editor-in-chief, says no system is perfectly secure. "I like that old rodeo saying: 'There's never been a horse that can't be rode, there's never been a rider that can't be throwed,' " he says.
Most hacking competitions are lighthearted affairs, with hackers and security experts swapping tales and friendly advice. But the contests have serious implications. Big e-commerce companies like Yahoo and eBay have been hit by hackers, and some smaller companies are struggling to persuade customers that their sites are safe places to make purchases.
Argus hopes the contest will prove the worth of its product. But many in the computer-security community think hacking competitions prove little because the cleverest, most dangerous hackers stay away or are reluctant to reveal their secrets - a requirement to claim the prize.
"If you have the skills to break into a product that's secure, are you going to announce it to the world, or are you going to keep those skills to yourself?" says Jeff Moss, a hacker and security expert at Blackhat, a computer company based in Seattle.
Randy Sandone, the chief executive at Argus, acknowledges the test is imperfect. "Even if we survive the two weeks without breaches, we're not going to claim that the our system is fundamentally impenetrable," he says. Nevertheless, the contest gives incentive to "some pretty serious people to give [the system] a good thrashing."
(c) Copyright 2001. The Christian Science Publishing Society