Budd said crime contests have their own rules to reduce the chance of cheating. Exploit rules state that entries “must not be published elsewhere,” are “meaningful and voluminous,” contain technical details such as code or algorithms, and are “at least 5,000 characters (excluding spaces).” It is said that it is necessary to beit is equal to About 1,000 words, or roughly the length of this WIRED article. The rules for XSS are similar, “copy and paste = disgracefully kicked out of contest”, but articles must be longer (at least 7,000 characters) and must have “proper formatting, spelling and punctuation”. It has been.
But scammers cheat. In the most recent competition, Exploit had 35 entries and XSS had 38 entries. However, XSS disqualified 10 of them. The winner of the contest is determined by forum members voting on entries, Sophos said, but site administrators can choose the winner, and there have been complaints of voting fraud.
These competitions have evolved and grown over time, says Budd.Previous research by cybersecurity firm Digital Shadows Since being acquired by ReliaQuestRoman Faithfull, Cyber Threat Intelligence Analyst at ReliaQuest, said these early contests were pretty straightforward. “At first, they were pretty reserved,” says Faithfull. “They were not necessarily organized by forum administrators.”
Some of the early contests, he said, asked forum members to design logos and offered small cash prizes to commenters in forum threads who had the longest accounts on the site. It is said that there was “As the forums became more sophisticated, so did the competition as a whole,” says Faithfull.
Since around 2015, most of the contests have been held annually, according to ReliaQuest researchers, with a focus on writing and submitting articles and code. “The emphasis is on what brings people money,” he added. The prize pot has increased accordingly. At XSS, the total prize pot for him in 2018 was $1,000, but in 2021 he rose to $40,000, with the winner being awarded $14,000. They’re in really bad shape and they need the cash urgently,” Faithful said. “You are unlikely to see a ransomware group or someone who is actually in a very high position.”
According to Sophos research, the range of entries in the two most recent competitions is fairly wide-ranging. Some are more innovative, while others are basically repeating information found elsewhere. The winning entry for Exploit’s 2021 crypto competition was the creation of a cloned blockchain.com website, which Sophos said was overall “relatively simple.” “Such cloned sites would typically be used like any other phishing or credential harvesting site,” the study said.
Other winning and honorable mentions in the Exploit competition focused on targets for initial coin offerings, a guide to creating phishing sites to steal people’s cryptocurrency account details, and a tutorial on creating cryptocurrencies from scratch. Ta. However, it’s worth noting that free public tutorials on how to do this have existed for several years,” said the Sophos research.
