Salted Hash has obtained an interesting press release from a security vendor that's running a contest.
A company calling itself HackProof Systems Inc. has launched a contest that will pay $5,000 to first person who can crack a server protected by their technology. The company makes no mention of any rules of engagement, nor do they detail what the technology does exactly.
From today until midnight on September 30, first person who is able to compromise the server located at 18.104.22.168 and discovers the "Golden Token" will be rewarded with $5,000 USD. The token has instructions, which must be followed exactly in order for the prize to be claimed.
The contest website has no rules, and provides no overview of what HackProof Systems' technology does, only a claim that the technology itself will be available in Q1 2017. In a press release announcing the contest, the company says they don't believe they'll have to pay out.
"HackProof Systems is confident no one will be able to hack into the server protected by our new security technology," said Gordon Craig, founder and CTO of HackProof Systems, in an emailed press release.
"The company decided to issue a public challenge to hackers worldwide, to prove to us and the world that our security solution lives up to the company name. HackProof Systems technology prevents anyone from hacking into a client/server information system, making it a perfect solution for commercial or governmental installations."
One possible reason for no payout would be that no one takes the contest seriously. Hackers and security professionals are natural skeptics and vendors who claim their product is hack proof or bullet proof are quickly dismissed out of hand.
The common term in the security industry is snake oil, because nothing – absolutely nothing – is foolproof. Everything and everyone has a weakness, and criminals will exploit it.
Then again, there is a chance that someone does discover a flaw in the system, and instead of claiming the small sum of $5,000, holds on to this knowledge and trades it for larger gains down the line.
How much would a flaw in a "hacker proof" government system be worth on the open market? One million dollars? Two million?
The lack of detail with regard to the technology protecting the server, along with what appears to be an anything goes set of rules, suggests the game is rigged in favor of the vendor – much like the hacker challenges in the vendor area at RSA or Black Hat.
If someone does manage to complete the contest, and you'd like to share the details, feel free to reach out. We'd be interested in hearing about your experience.