NSA's 'Codebreaker Challenge' Features Exploiting Blockchain To Steal Ethereum (ltsnet.net)

← Back to Stories (view on slashdot.org)

NSA's 'Codebreaker Challenge' Features Exploiting Blockchain To Steal Ethereum (ltsnet.net)

Posted by EditorDavid on Saturday September 22, 2018 @09:34AM from the show-me-the-money dept.

"The National Security Agency's 2018 Codebreaker Challenge kicked off on Friday, 9/21, and runs through 12/31," writes Slashdot reader eatvegetables. Each year's challenge -- which is open to U.S. students -- comes with its own (fictitious) backstory which the organizers say is "meant for providing realistic context."

This year's story? A new strain of ransomware has managed to penetrate several critical government networks and NSA has been called upon to assist in remediating the infection to prevent massive data losses. For each infected machine, an encrypted copy of the key needed to decrypt the ransomed files has been stored in a smart contract on the Ethereum blockchain* and is set to only be unlocked upon receipt of the ransom payment. Your mission is to ultimately (1) find a way to unlock the ransomware without giving in to the attacker's demands and (2) figure out a way to recover all of the funds already paid by other victims.

* For the purposes of this challenge, a private blockchain has been created with no real monetary value associated with the Ether.
"The first half focuses on network protocol analysis and binary reverse-engineering," writes eatvegetables, while "The second half is all about attempting to exploit the blockchain."

An email address from "a recognized U.S. school or university" is required, and the original submission notes that America's college students "are already hard at work trying to push their school to the top of the leaderboard."

56 comments

Min score:

Reason:

Sort:

Nobody will be able to do this by Anonymous Coward · 2018-09-22 09:36 · Score: 0

These are difficult if not impossible tasks. Especially not college kids.
1. Re:Nobody will be able to do this by tricorn · 2018-09-22 10:45 · Score: 1
  
  Unless you've examined the "ransomware" in question, and seen the smart contract, I'm not sure how you can properly make such an analysis.
2. Re:Nobody will be able to do this by AHuxley · 2018-09-22 15:07 · Score: 1
  
  AC its a "difficult if not impossible tasks" when attempted in the middle of the network.
  Go to the end of the network and read along well before encryption.
  No need to worry about difficult real time encryption. The solution is waiting and very readable on a distant computer and consumer OS.
  
  --
  Domestic spying is now "Benign Information Gathering"
3. Re: Nobody will be able to do this by Anonymous Coward · 2018-09-22 17:07 · Score: 0
  
  Can be done. reduce the difficulty of the mining of all nodes in various order of magnitude. Mine some private ether, and unlock the smart contract.
4. Re:Nobody will be able to do this by Anonymous Coward · 2018-09-22 20:48 · Score: 0
  
  These are difficult if not impossible tasks. Especially not college kids
  I agree.
  Those college kids should take another challenge that's both easier and actually increases National Security.
  Hack the NSA and delete (or strongly encrypt with a random key you never record) all those petabytes of US citizen metadata they've collected & stored and brick as much of the collection/storage hardware and software as possible.
  College kids get hands-on experience, we all get less authoritarian-style surveillance.
  Win-win.
5. Re:Nobody will be able to do this by Anonymous Coward · 2018-09-22 21:39 · Score: 0
  
  "Difficult if not impossible"?
  1. Blockchain is supposedly safe - but only if implemented "right". Analyze this particular instance, see if there is a weakness or programming blunder to exploit.
  2. Reverse engineering the attack program will sometimes uncover the attacker. So perhaps you get enough clues that you can break into the attackers base and steal the decryption keys you need. The attacker has some way of recovering the keys - so that he is capable of selling them. Perhaps the credentials to do so, can be uncovered through espionage. E.g. install a debugger and a keylogger on his machine, trace what he does when someone else pays for a key.
  Or trick him - perhaps his ethereum wallet can be stolen and used to pay for decryption keys - as well as taking back all the ransom money paid so far.
6. Re:Nobody will be able to do this by Anonymous Coward · 2018-09-23 02:06 · Score: 0
  
  Reverse engineering the attack program will sometimes uncover the attacker.
  $ decompile ransom.exe
  // ransom.cpp // 2018-09-23 by Anonymous Coward
7. Re: Nobody will be able to do this by Anonymous Coward · 2018-09-23 03:20 · Score: 0
  
  Just think if how safe we'll all be once block chain attacks or exploits are exposed!
  Everything the NSA does has a sinister undertone, how can anyone work for them and not want to kill thwmeslves
8. Re: Nobody will be able to do this by CollinCusce · 2018-09-23 16:31 · Score: 1
  
  Nah. Doable. The easiest solution is probably not available, though. Need to conduct a 51% attack. If it's pow, you'll need to throw hash power at it. If it's clique or that other protocol Parity uses (whose name escapes me), which is likely since most reasonable private networks are, then you're boned because you'll need a quorum to add nodes and if you have control of that you don't need the attack. 51% attack will let you approve the transactions you need to set the balances to the ransom, return the ransom funds to those wallets that paid, and then delete the contract, rendering the funds irretrievable and irrelevant. The keys could unlock and you're saved. This isn't realistic on a real public chain, unless you're the NSA with almost unlimited compute resources available. Now if it's a matter of hacking the contract, that's a different story, but start with tools like Mythril or Quantstamp and see what you find. This will be the only approach if it's a POA network instead of POW because if you had the quorum to add sealer nodes you already have the 51% attack right there.
Sounds like a great idea by Anonymous Coward · 2018-09-22 09:42 · Score: 0

I can't wait to run these NSA-provided binaries on my computers
I have the solution! by Gravis+Zero · 2018-09-22 09:49 · Score: 4, Funny

A new strain of ransomware has managed to penetrate several critical government networks and NSA has been called upon to assist in remediating the infection to prevent massive data losses.
Restore from backups! No backups? Let's start with who we're going to fire for not having backups and work our way up to indictments for gross negligence. ;)

--
Anons need not reply. Questions end with a question mark.
1. Re:I have the solution! by tepples · 2018-09-22 09:52 · Score: 2
  
  How would cloud backups survive deletion by the same attacker? Wiki hosting service Orain died when a malicious intruder deleted all of its hosted backups.
2. Re:I have the solution! by Gravis+Zero · 2018-09-22 09:56 · Score: 2, Insightful
  
  If your backups are also online then you have failed to make backups.
  
  --
  Anons need not reply. Questions end with a question mark.
3. Re:I have the solution! by manu0601 · 2018-09-22 10:00 · Score: 3, Funny
  
  Restore from backups! No backups?
  Of course they have backups. This is US government, they can always ask Wikileaks for copies of their documents.
4. Re:I have the solution! by tepples · 2018-09-22 10:07 · Score: 1
  
  What medium do you recommend for a backup that is both offline and offsite? You need offline to guard against the Orain problem, but you need offsite to guard against natural disaster.
5. Re:I have the solution! by Anonymous Coward · 2018-09-22 10:26 · Score: 0
  
  Either slave to removable media onsite and physically transport the media to an offsite location (old school)...
  Or your cloud provider should only queue backups for deletion. As long as the provider gives you a decent window to detect the unauthorized deletions and reverse that process, you'll be fine. The provider also needs to prevent the overwriting of backups, to similarly prevent intentional or accidental destruction via overwrite.
6. Re: I have the solution! by Anonymous Coward · 2018-09-22 10:40 · Score: 0
  
  Obligatory
  Obligatory Dilbert
7. Re:I have the solution! by Kaenneth · 2018-09-22 10:50 · Score: 1
  
  If you haven't tested the restore process, you have also failed.
  After I got the system running well enough I had free time, I tested the restore of a $2 billion government financial database; turned out the backup was not actually backing up the database file, but a shadow file consisting of all zeros.
  glad I found that out, and fixed it, before anything went wrong (nothing did on my watch anyway)
8. Re:I have the solution! by tepples · 2018-09-22 11:09 · Score: 0
  
  With data sets having outgrown DVD long ago, and BD-R never really catching on, what "removable media" are you referring to? Entire HDDs?
9. Re:I have the solution! by Anonymous Coward · 2018-09-22 13:04 · Score: 0
  
  My offline offsite home backup solution consists of two hard drives. I make an encrypted, incremental backup to both drives, I then give one of the drives to a friend whom I meet semi-regularly for him to keep at his house. Next time I visit him, I swap the drives over to keep them up to date. Encryption keeps my data safe in case any of the drives gets lost or stolen.
10. Re: I have the solution! by Anonymous Coward · 2018-09-22 14:19 · Score: 0
  
  https://www.anandtech.com/show/13028/sd-association-announces-sd-70-spec-sd-express-interface-up-to-985-mbs
11. Re:I have the solution! by rtb61 · 2018-09-22 15:09 · Score: 2
  
  It's called a 1 ton safe, can be onsite and yet for all intents and purposes it is offsite protected by thick steel walls and insulation as a final layer. Don't forget to shut the safe door when you put the backups in.
  Now if you want to be sure you are really backing up, then you have to take the really radical step of erasing your system and actually trying to restore it, to see what you have really got. If you are concerned, that you might be backup numbnuts, create a parrallel small empty network and to try restore it as if it was the real thing, not forgeting to erase everything once you have finished.
  I can assure you, if you have never attempted restoring major elements of your system, then your backups are likely to be unreliable.
  
  --
  Chaos - everything, everywhere, everywhen
12. Re:I have the solution! by tepples · 2018-09-22 15:14 · Score: 1
  
  I completely agree with you about doing periodic restore drills onto spare boxes. I was just curious about what sort of removable media people were using for physical backups nowadays.
13. Re:I have the solution! by Anonymous Coward · 2018-09-22 21:19 · Score: 0
  
  Now if you want to be sure you are really backing up, then you have to take the really radical step of erasing your system and actually trying to restore it, to see what you have really got.
  That seems both inadequate and excessive at the same time.
  If your hardware is destroyed in a fire you need to be able to restore the backups on new hardware.
  No need to erase the old system, just try to build a new system from the backups.
  Should it fail you still have the old system going.
14. Re: I have the solution! by Zero__Kelvin · 2018-09-23 01:53 · Score: 1
  
  There is an entire industry that specializes in facilitating off site backups.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
15. Re:I have the solution! by Anonymous Coward · 2018-09-23 02:10 · Score: 0
  
  What medium do you recommend for a backup that is both offline and offsite? You need offline to guard against the Orain problem, but you need offsite to guard against natural disaster.
  https://www.merak.eu/en/services/backup-storage
16. Re:I have the solution! by dcw3 · 2018-09-25 00:01 · Score: 1
  
  It's called a 1 ton safe, can be onsite and yet for all intents and purposes it is offsite protected by thick steel walls and insulation as a final layer.
  
  No, no, no. The safe is fine, but that's not going to help you when there's a flood...Florence anyone? Natural disasters are one of the primary reasons you go offsite...and not nearby. How about the World Trade Center...would your safe have been safe there?
  
  --
  Just another day in Paradise
Editor changed post to sensationalist crap by eatvegetables · 2018-09-22 09:50 · Score: 1

Editor changed post to sensationalist crap! The new title is nonsensical. The content of original post hacked up and a mess.
1. Re:Editor changed post to sensationalist crap by eatvegetables · 2018-09-22 10:14 · Score: 1
  
  Deep breath..... Ok. @EditorDave, I know that you meant well. Sorry. Didn't mean to yell at you.
2. Re:Editor changed post to sensationalist crap by Gravis+Zero · 2018-09-22 10:39 · Score: 1
  
  Deep breath..... Ok. @EditorDave, I know that you meant well. Sorry. Didn't mean to yell at you.
  I don't think that was the reaction he's going to be complaining about.
  
  --
  Anons need not reply. Questions end with a question mark.
3. Re:Editor changed post to sensationalist crap by eatvegetables · 2018-09-22 11:19 · Score: 1
  
  LOL
Russia will win by captbollocks · 2018-09-22 09:51 · Score: 1

They will hack into a school computer and enter the competition to win the prix.
Great way to find talent by Anonymous Coward · 2018-09-22 09:54 · Score: 0

When your job find great codebreakers...well this is how you go about it. Not seeing the problem here.
"Contracts" are not "blockchain" by Anonymous Coward · 2018-09-22 11:10 · Score: 0

Blockchain technology is one of the most proven tech's ever. I mean like ever in the history of computing. If there was a way to exploit Bitcoin for billions of dollars then someone would have done it.
Quite often any exploits are due to the software (often non-official) that uses the blockchain. Contracts in particular are vulnerable because this is external code (not blockchain code) that is written by morons.
1. Re:"Contracts" are not "blockchain" by Anonymous Coward · 2018-09-22 14:03 · Score: 0
  
  "someone would have done it"
  If the NSA or any of the other foreign intelligence agencies are successful in finding and exploiting a blockchain weakness they will not be advertising their success.
  "Blockchain technology is one of the most proven tech's ever" Making statements such as this can be dangerous to an inflated ego. The people proclaiming the Blockchain security is unbeatable will just lead to more people taking on the challenge.
2. Re:"Contracts" are not "blockchain" by AHuxley · 2018-09-22 15:13 · Score: 1
  
  AC re "advertising their success"
  The Nsa Worked To “Track Down” Bitcoin Users, Snowden Documents Reveal (March 21 2018)
  https://theintercept.com/2018/...
  "... report dating to March 2013" Welcome back to XKeyScore MONKEYROCKET, OAKSTAR AC .
  
  --
  Domestic spying is now "Benign Information Gathering"
3. Re:"Contracts" are not "blockchain" by Anonymous Coward · 2018-09-22 16:35 · Score: 0
  
  The basic mathematic of blockchain is sound (and known since the 1970s), assuming the proof-of-work function meets the requirements. Of course, bugs in smart contracts can easily happen.
4. Re:"Contracts" are not "blockchain" by Lisandro · 2018-09-22 20:19 · Score: 1
  
  You mean technology developed 10 years ago is the most proven ever in the history of computing?
  Riveting.
5. Re: "Contracts" are not "blockchain" by Anonymous Coward · 2018-09-23 03:24 · Score: 0
  
  Why would it matter how long ago something was proven?
  Does continuation forward in time ensure progress, security or advancement?
6. Re: "Contracts" are not "blockchain" by Anonymous Coward · 2018-09-23 06:07 · Score: 0
  
  And when exactly was blockchain "proven"?
  Google up "51% attack".
HDDs, absolutely. by Anonymous Coward · 2018-09-22 11:40 · Score: 0

I have three. And a nice USB sata drive adapter. I can backup our entire codebase in about 45 minutes, which I do every friday, and then I take the drive home. Really should get someone else in the rotation so backups are at two offsite locations.
True Dat (as my son would say) by Anonymous Coward · 2018-09-22 11:42 · Score: 0

Years and years ago we had this happen. Tapes that had been carefully updated week after week couldn't be read. What I really want to do at work is have a fire drill with nothing but the backup drives, PCs from Office Depot, and an internet connection and see how long it takes for everyone to get back up and running.
A new, real, malware will spread by Anonymous Coward · 2018-09-22 14:54 · Score: 0

when people who are not from a university get dubious links from other people who will "share" the challenges with them.
Come on now NSA, Russia has enough students in your colleges and universities to infiltrate. Why not open it to everyone and then exclude them from leaderboard score ?
NSA delenda est by Anonymous Coward · 2018-09-22 17:21 · Score: 0

NSA delenda est
INB4 the SELinux black-eyers ... by Anonymous Coward · 2018-09-22 22:55 · Score: 0

"The NSA did nothing wrong!"
"You tin foil hat!'
"The NSA leaks are all lies! Sieg Heil NSA!"
Uum,yes? Or tapes. by Anonymous Coward · 2018-09-22 23:00 · Score: 1

We used HDD systems for backup in freaking 1999.
But if you do not need fast random access, good old tapes haven't stood still, and still have *insane* densities and data rates.
New systems? No, cold spares! by Anonymous Coward · 2018-09-22 23:09 · Score: 0

Obviously if you are the world's enemy number one, like the NSA,you should have your entire network as a hot spare and again as a cold spare. Ideally always triple-mirrored. And then the entire thing, all three to nine networks of servers, cloned to two off-site locations a third around the world.
I mean I'm a private enthusiast, and I can afford that! You could nuke every major city in the world, and throw earth into a 100-year nuclear winter and my data wouldn't even blink. (Hint: Geothermal power rules.)
"incomplete" says Goedel! by Anonymous Coward · 2018-09-22 23:15 · Score: 0

Math is always based on its own made-up world and rules. Of course it is sound, if you *make* it sound.
That is useless unless it is actually verified in the real world though. Not even including the complications of implementation over mere theory.
But: Nice "no true Scotsman" there, blockchain luddites!
Re:Shut up, America's enemy No. 1, NSA! by Anonymous Coward · 2018-09-22 23:56 · Score: 0

sure vlad
Is this russian agitprop surge going to just be through the mid-term elections or is it a constant now?
NSA breadth in scale and scope... by ElitistWhiner · 2018-09-23 03:48 · Score: 1

The solution is not collegiate.
SO each participant have self pre-qual their code as candidate, target or suspect in future. Very much like fingerprinting is their signature coding style.
Smart!
Get it right... by Anonymous Coward · 2018-09-23 04:32 · Score: 0

Ethereum is the blockchain. The cryptocurrency is called Ether.
Who the fuck does this? by Anonymous Coward · 2018-09-23 08:20 · Score: 0

What kind of ultra-stupid, lonely moron would do NSA's 'Anything at all Challenge" ?
ITS A FUCKIN SPOOK/ASSASINATION GROUP you dumb shit
They dont "like" you and they are not "impressed" or whatever bullshit they want you to imagine.
They are seedy shitbags operating under the misguided belief that their flag, their god and their little douchebag family is the only thing that matters. You are the stupidest fuck if you get taken in by these "open challenge" bullshit. This is like "Hay! Top level counterfeiters! Here's your chance to show a SPY AGENCY with GLOBAL REACH who KILLS PEOPLE IN SECRECY all your counterfeiting and forgery skills! What could go wrong? If nothing else, enjoy being added to their list of potential actors capable of doing such a thing. Dumbass
Seriously, go do this because just participating in this says a ton about your psychological makeup:
* NEEDS ATTENTION
* LAZILY EXPOSES THEMSELF TO EVERYONE
* 100% EXPENDABLE
Re:Shut up, America's enemy No. 1, NSA! by nazsco · 2018-09-23 09:08 · Score: 1

you forgot the people that did all you say, were all promoted and are still employed or very comfortably retired.
The ugly truth is.. by Xnet+Project · 2018-09-24 03:41 · Score: 1

Since the inception of cryptocurrency, it was bound to be exploited to this particular degree. In reality, the fact remains that cryptocurrency as a whole will continue to falter as a viable currency in it's current state at this current time.
Changes in blockchain technology may improve this in the future, however, in it's current state it is too volatile to trust as a constant construct for valued currency.