Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Claim $10K Prize For StrongWebmail Breakin

Posted by Soulskill on from the worth-their-while dept.

alphadogg writes "Telesign, a provider of voice-based authentication software, challenged hackers to break into its StrongWebmail.com Web site late last week. The prize: $10,000. On Thursday, a group of security researchers claimed to have won the contest, which challenged hackers to break into the Web mail account of StrongWebmail CEO Darren Berkovitz and report back details from his June 26 calendar entry. The hackers, led by Secure Science Chief Scientist Lance James and security researchers Aviv Raff and Mike Bailey, provided details from Berkovitz's calendar to IDG News Service. In an interview, Berkovitz confirmed those details were from his account. However, Berkovitz could not confirm that the hackers had actually won the prize. He said he would need to check to confirm that the hackers had abided by the contest rules, adding, 'if someone did it, we'll kind of put our heads down.'"

1 of 193 comments (clear)

  1. Re:The Catch by digitalchinky · · Score: 5, Interesting

    Damn, I wish I lived in the US. This is easy money.

    For 10 grand in prize money - wow, they didn't think about this very well. The kit you need is all available on ebay for less than a grand. I already have the modems, EDT data capture cards, a couple of Sun ultra's (old, but they do the job dependably), a spectrum analyser, antennas, level converters, up/down converter, transceivers and a bunch of cables to connect it all together.

    It would take a half a day at most. Camp outside his office or home, figure out which cell tower he is on (line of site) and poke an antenna in the path of the microwave link the tower uses to talk to the exchange. (This traffic is all unencrypted, bog standard T1/E1 stuff) - do whatever you need to do to trigger the text alert, suck down the CCITT-7 channel, then pick through the SMS payload until you find the code. Log in and take the cash.

    Legal? I'd say absolutely, you haven't actually monitored a 'cell phone' at all, nor have you tuned your receive gear to any part of the spectrum used by a cell phone. All you've done is read the out of band signalling system on an entirely separate trunk over a link, that is not breaking the 'do not monitor phone calls' rule. (No such rules exist where I live, mostly because radio is still thought of as magic by the Government)