From Hack.lu 2009
Cryptographic Challenge/Contest at hack.lu 2009 (Inspired closely from real facts and cases)
Strinking news guys. We have our heroes (and winner of the challenge by the way): Claus and Alex and a few others from the redteam.pentesting . Here is their victory message:
Alex and I finished level 3. The key is DEATH2HT
The text reads:
Glory to our God. The number to call is 666-666-666
Well the award ceremony for our heroes is scheduled for tomorrow. Great and wonderful job indeed. Really impressing.
You can now have a quiet evening and night, drink many beers.
The Hack.lu team
Hi Guys. Well we have very strong guys. Urrah. They have just managed to break the second message and they did not count their pain. Congratulations to the redteam-pentesting.de team (Claus, Alex and all the team). Here are their message (today 2:05pm)
"we (Alex and I) recovered the key: Judh8G/U
The plaintext is:
Glory to our God. May the Almighty be with us, my brother. The attack will take place October 30th at 2pm. You will stand yourself in the lobby of the hotel and trigger the bomb by dialling the secret number.The target is the Hack.lu conference to be held at the Park Hotel Alvisse. You will use the phone which was given to you before your departure. The phone number you should call to trigger the bomb is information that is now with you if you can find it. Probe your heart and your memory: absence is a presence that is ignorant. Good luck my brother and may the Almighty be with you.
We will now proceed breaking level 3."
Good guys. Our hopes now rely on you.
The Hack.lu Team
Hi Guys. While the Hack.lu conference is starting, the tension is palpable. What about the taliban AntiHackers? But the hope comes back since the first crypto-challenge has been broken. Here is the plaintext:
GLORY TO OUR GOD. MAY THE ALMIGHTY BE WITH US, MY BROTHER, TO ERADICATE THE WESTERN INFIDELS'S TECHNOLOGY AND PREVENT THEM TO ENSLAVE US, WE AND OUR BROTHERS. DEATH TO HACKERS WHO PENETRATE OUR NETWORKS. YOU HAVE TO BEWARE OF EVERYBODY HERE. THIS COUNTRY IS UNFRIENDLY. A ROOM HAS BEEN RESERVED FOR YOU AT THE HOTEL WHICH HAS BEEN SAID BEFORE YOUR DEPARTURE. YOU STAY THERE UNTIL THE ATTACK. BE AS DISCREET AS POSSIBLE. YOUR INSTRUCTIONS FOR OUR OPERATION AWAIT YOU IN A SPECIAL LOCATION WHERE YOU CAN PICK THEM UP SECURELY. IT CONSISTS IN A GEOCACHE (GEOGRAPHICAL HIDDEN PLACE) WHICH IN FACT IS A BOX YOU WILL FIND LOCATED AT THE FOLLOWING COORDINATES: 40 DEGREES NORTH 38,422 MINUTES, 6 DEGREES EAST AND 9353 MINUTES. WHAT IS CONTAINED IN THAT BOX WILL TELL YOU HOW TO CONDUCT THE OPERATIONS. BE CAUTIOUS WITH ITS CONTENT SINCE YOU WILL HAVE A SINGLE OCCASION TO ACCESS IT. GIVE THE SECRET KEY AND READ. GOOD LUCK MY BROTHER AND MAY THE ALMIGHTY BE WITH YOU. END OF TEXT.
It was a simple transposition cipher and the key was THEALMIGHTYVSHACKERS. Well one of us has been clever enough to break it. The key has now disappeared from the geocache since the terrorist second team already got it. But our agent has just managed to have a copy of it. Ask Rebekka et the registration desk and you will be able to make a copy of it.
The battle is going on. Note that there will be a short technical briefing of one agent of ours. Today 28-Oct.2009 short before 2 PM. Will the second challenge be as simple as the first one? Do not neglect and underestimate the crooked mind of the Taliban AntiHackers. http://2009.hack.lu/images/a/ab/Briefing_hacklu.pdf
The Hack.lu Team
We got it!.- Our agent has succeeded to steal a copy of the first encrypted message that the second team must find once in Luxembourg. Unfortunately, this team has already left for Europe. Our last chance is that you decrypt it before October 27th, 2009. Terrorists have become suspicious and have probably changed a bit their original plan. Here is the message:
RIHSO ORRWE S.DCO TBLOO WPIIH FOEU9 NTHOC OIAAI MUCLV WTAVY NEEIE HTRIL PT(LO AN3E. AOSOV CTMMF ASASE EHTEH FNHD. EAUOL ICGAX TA8SW TC.NE CKYIT OMTEN TBETR IYEIY Y.BFY NUSHC LLDND OLTIN EGERW TMEST NOOOR IETEO TPTAC KNOEO HE4AA ONEES SYRHX OYTNY LEOSV NOYSE EDORA EUEHA LGE,M NYEIU SHOAO LLOWH MRKEA HLVHE AKIST OMTPI LL0IN CLTTI L.REE UBOIA ARP.E TMOBP UIUOS YROIC OCS6I EORTW IEOYU .HIEE ,ARAD UEHAR TETTA NIEPB DIHES HTNCA AEKLO OT,RG SHHKE UORAD RSYUN RCGLF DNES3 ILPWO ATGMY Y,T'N ATETE RROBY ASCNO COECY TT,EH BOBTA EEBGE YGETL EOSOO CAFHU HEERU HSNCI IWGT3 TEEUE CVDNT THREO NTWRF OROHR EA.OI EEAAN NIRE5 ALOSY CE.DH HYTTT DHUBE ESEFU TOIWA TSG)U ES2ST XDCNI SAOTT DTDDR SETHO SBTSU LESAI A.HNA EDTRE TWOSH ORCAD EBHEH OARE. NELOS ASOAT HIRWW F:2TI WUATN INTY. GAREC EUCNW TDRWR TCSNI IESAH IO4MA SICUS GTDHB REENN VSEYR RHUEA NSRPP OECDT CONDN DUAHI OSDT. OIAIP UDEUB ISTNT IRNRC CYCES TRRGT NOITL TCUEN GWRFD E.NOY YAAER TCIEE ULADI AOOEU IHTIL NELHE
Before disappearing suddenly, our agent just gave us information that may be important: one of the terrorists bought a GPS. Good luck our protection depends on you now!
The Hack.lu Team
News from the frontline.- Our agents have finally gathered important information regarding the preparation of the attack by the Taliban AntiHacker group.
Following a now classic principle, two teams that do not know each other, are working in parallel. The first came on Luxembourg soil several weeks ago. It has performed all the logistics (to hide the bomb, organize contacts, hide instructions...). Everything is now in place. This team has hidden encrypted instructions to allow the second team to perform the actual attack. It is thus critical to decrypt these instructions in order to prevent the attack.
This attack itself consists of three phases: Initially, a first encrypted message (challenge 1) gives general instructions and the location of two identical geocaches in Luxembourg city where to retrieve a second (encrypted) message. This second message (challenge 2) gives instructions to retrieve the code for remote triggering of the bomb (by means of a cellular phone) as well as new encrypted instructions. Those latter instructions (challenge 3) indicate where the bomb has been hidden and when and how to trigger the attack.
Our agent strives hard to get the initial encrypted message as soon as it is sent to the second team. So we cannot loose time in the battle against the evil. So watch this site very often to get the news.
The Hack.lu Team
Confirming our fear, the terrorist attack planned in the context of the Hacker Doomsday" project is well advanced. Our agent confirmed that a three-step attack will be launched against the Hack.lu conference. Each step is prepared through encrypted messages and intend to give instructions to the terrorists. These instructions will be hidden in Luxembourg public places or near the conference venue. So there will be three message/content do decrypt.
Our agents are currently risking their life and are striving to collect more intelligence about the attack and if possible to steal the first secret message and possibly information about the cryptosystem used.
We then need you for this decrypting effort. Any volunteer is welcome and can enlist at email@example.com (object=cryptochallenge). The challenge will take place onsite during the conference for the attendees only. The first challenge will be posted here a few days before the conference.
The Hack.lu Team
Hi to all
In fact it is not really a simple crypto challenge as you can imagine but rather a common effort to try do discover the hideous plan of a mysterious "Taliban AntiHackers" group -- a sub group of the e-djihadists -- which since the beginning of 2009 has resumed its operation against the western computer security community (websites, experts, conferences...). A former so-called Hacker Doomsday" project seems to be active again.
According to our agents infiltrated in this mysterious group, a few evidences gathered from now, clearly indicate that the next target of the hacker doomsday project is the Hack.lu conference. We must then fear a "Taliban AntiHackers" terrorist attack. Bad news indeed. But we have you ,attendees, to help us make this coward attack fail. Our agents are currently trying to steal and collect more secret data about the next group actions. Unfortunately, those data are encrypted.
The good news is that the "Taliban AntiHackers" group does not trust existing cryptosystems which are publicly available. They have designed their own systems. Another good news: they are rather lame in crypto stuff (crypto kiddies) and the system they have designed and they use, seems to be weak. So we need you to help us break them, decrypt those sensitive data and thwart the attack. Here lies the crypto contest. So every good will is welcome. Register to be involved in the decrypting effort!
More to come ... depending on our agents into the underground!
The Hack.lu Team