According to foreign media reports, on August 5, in the crowded ballroom of the Paris Hotel in Las Vegas, seven teams composed of 68 programmers, hackers and security researchers created a history.
These teams participated in Defense Advanced Research Projects Agency, DARPA's Cyber Grand Challenge)。 They have proved that the software they developed can automatically search for, identify and fix vulnerabilities in any program. Hackers use these vulnerabilities to create viruses, control your computer or break into ATM machines.
DARPA will often hold various challenges, but this is the first time for "Network Challenge". Such competition is conducted among intelligent software without human intervention. Among all the participating teams, one team named ForAllSecure won the first prize of $2 million.
"The whole competition was very intense." David Brumley, the leader of the ForAllSecure team and a professor at Carnegie Mellon University, said after the competition, "Now, we are really happy. We are so excited. We just won the $2 million prize."
A glimpse of the future
In general, when you think of DARPA, you may think of driverless cars, robots and electromagnetic railguns. However, the achievements of these programmers in Las Vegas are comparable to any project ever undertaken by DARPA.
You know, hackers must find out the loopholes in the basic software of the system if they want to break into the computer system. For hackers, finding vulnerabilities may be easier than you think. This is because the software we use every day - whether our computer operating system or our favorite web browser - is composed of millions of lines of code written by ordinary people. Since human beings are not perfect, the code they write is naturally not impeccable.
Hackers will spend special time to find these loopholes, and use these loopholes to control computer systems, steal movies and financial information.
Under normal circumstances, security researchers often take a year to find out these vulnerabilities, fix them, and then send patches for us to download and install to prevent hackers from using these vulnerabilities to attack our computers. Before these vulnerabilities are repaired, these hackers can often use them to do whatever they want.
Now, you may feel that computer hackers have an overwhelming advantage over security experts who protect your computer security. It's like two armies are fighting. One army is equipped with a large tank, and the other army only carries a stick.
Because of this, the "Network Challenge" came into being. In all kinds of challenges held by DARPA before, the participants were competing to carry out various ambitious, almost science fiction experiments, such as building driverless cars and intelligent robots.
However, the influence of "Cyber Challenge" is much greater than them. It can end virus and hacker attacks, thus protecting your networked coffee machine and intelligent thermostat, as well as the driverless cars and robots that appeared in DARPA's previous competitions.
Snatch the flag
In order to test the automatic running program of the contestants, DARPA's challenge imitated a common hacker game: snatching the flag. In the hacker version of the banner grabbing game, hackers and programmer teams will be assigned the same software. They must find loopholes in these software and use these loopholes to carry out hacker attacks to win points.
When a team finds a vulnerability, they can choose to repair the vulnerability to prevent other teams from using the vulnerability to attack, or they can choose to use the vulnerability to attack other teams. The team with the highest score will win the game.
In the banner snatching competition of the network challenge version, the seven teams must develop their own intelligent software, and let these software find the vulnerability in the program provided by DARPA, and then decide whether to fix the vulnerability to prevent attacks or use the vulnerability to launch attacks.
This is not an easy task. The participants in the competition are all world-class experts. These computer programs are a great achievement even if they are close to the level of human hackers.
The biggest vulnerability was found
It is impressive that these teams participating in the Network Challenge have never seen the program provided by DARPA to them before. Therefore, these teams have to make thorough preparations in advance to deal with various possible emergencies through carefully designed software.
The programs developed by these seven teams can not only find the vulnerabilities in DARPA software by themselves, but also resist the attacks of competitors, and even counterattack. In order to increase the difficulty of the challenge, DARPA even added the most destructive vulnerabilities in history to the software it provided, including the "heart bleeding" vulnerability that turned the world pale in 2014. This vulnerability allows hackers to steal a large amount of user name and password information from websites that are considered very safe and protected by people.
Surprisingly, the program of the network challenge team can even find and repair the "heart bleeding" vulnerability in an instant. More impressive is that the program of one team can even identify the vulnerabilities in the software provided by DARPA. Yes, even the software used by DARPA to detect team programs has a vulnerability, which was discovered by one of the teams.
This is equivalent to saying to the university committee that the answer to the most difficult math problem it gave in the SAT exam was wrong, and you found the correct answer. Yes, it's really amazing.
Naturally, the computers that support these team programs must also be very powerful. In fact, according to DARPA, the computers of these teams need enough energy to supply a city block. Such super computing power will naturally generate huge heat. Therefore, DARPA has to use trucks to tow many industrial refrigeration devices to cool down, because the hotel can no longer meet such cooling requirements.
So, what are the participants of the Internet Challenge going to do next? Professor Brunley said that they would go back and continue to develop more intelligent software to make the world's networks more secure.
"We will continue to look for better ways to find vulnerabilities, so that this intelligent software can detect more program vulnerabilities." Professor Brunley said, "We believe that the world needs this technology."
The article is adapted from Rice Hull Net: http://it224.com/
