Cyber-hackers win $2m for designing auto-hacking program
A $2m prize has been awarded to the developers of a program dubbed ‘Mayhem’, which won the final round of a three-year contest to teach computers to launch and defend against cyber-attacks.
The Cyber Grand Challenge concluded on Thursday evening in a Las Vegas convention centre ballroom, following a digital battle among software programs running on seven supercomputers.
The Defense Advanced Research Projects Agency (DARPA), which is the US military laboratory credited with creating the Internet, has spent $55m (£42m) in total on the competition.
It dubbed it the first ‘capture the flag’ hacking contest played solely by computers.
DARPA said it hoped the contest would speed the slow process of identifying and patching real-world bugs. It can take more than a year from the time a vulnerability is uncovered until a vendor releases a software patch, it said.
That delay gives hackers time to attack unprotected systems, one factor that security experts say has contributed to the surge in cyber-attacks.
There are also national security concerns, with America frequently being attacked via the internet from other global powers like Russia and China. Although attacks from China seem to be levelling off with a recent report from a US-based network security company stating that breaches attributed to China-based groups have plunged by 90 per cent in the past two years.
Agency officials have said the competition has succeeded in its goal of stimulating development of technologies for automating the process of protecting computer networks against cyber-attacks.
The hacking challenge included 96 rounds in which computers were charged with examining software programs, identifying bugs, patching them and finding ways to attack rival machines.
Thousands watched the finale as announcers presented a play-by-play account of the competition. It took place ahead of Friday's start of Def Con, a hacking convention expected to draw more than 20,000 people to two sprawling Las Vegas convention centres.
DARPA program director Mike Walker said the seven machines succeeded in identifying a total of 650 code vulnerabilities and rewriting 421 programs to fix them.
"A spark was lit today," he said. "We have proven that autonomy is possible."
‘Mayhem’ was provisionally named winner, pending an overnight review of the results.
The winning program was created by eight computer experts from San Francisco and Pittsburgh, Pennsylvania. They are affiliated with Carnegie Mellon University, which regularly produces teams that earn top scores in the annual Def Con hacking contest.
Mayhem will compete against Carnegie Mellon students and other elite hackers when this year's Def Con contest starts Friday. It is the first time a computer has competed.
Second place went to a program dubbed Xandra, created by security experts from the University of Virginia and GrammaTech Inc, earning $1m.
Previous DARPA contests include one for self-driving vehicles, which is widely credited with kick-starting the now robust autonomous-vehicle industry.
In April, the Pentagon invited vetted outside hackers to test the cybersecurity of some public US Defence Department websites as part of a pilot project to make them more secure.