If You feel the potential of a hacker, but feel frightened to commit a crime and to travel to jail? Pavel Durov, the creator of the social network VKontakte, gives You an official permission and stimulates digital specialists to enter a competition against time and the messaging application Telegram. But let us observe the offer in series.
Pavel Durov, a brilliant mind, programmer and laureate of many governmental and state stipendiums, has his own doubts about the security of cryptographic protocols and initial products. The considered protocol that developers and IT-specialists argue about is MTProto used in the Telegram app (to receive detailed information on the features and functions, please visit Google Play or the Apple App Store). To determine the possible faults or ensure the reliability of the protocol, Mr. Durov offered all interested to launch an attack. The motivation to enter the race is very attractive – 200 000 dollars. The payment will be done in BTC, but in case the winner disapproves bitcoin or any other cryptocurrency he can obtain the sum in fiat currencies of his choice.
The rules of the competition seem to be very plain. Every day Pavel sends a Message to Nikolay (his brother). The massage travelling from number (+79112317383) to number (+79218944725) will include some plain text that might differ from day to day and an email. In case a hacker will be able to succeed in his attack on the protocol, he will obtain the address, where he has to send a letter. The email of the winner, the person who succeeded in the task should provide: “the entire text of the message that contained the secret email, Your Bitcoin address to receive the $200,000 in BTC, a detailed explanation of the attack”. The last point will help to make the protocol better. The incoming and outgoing traffic of the Telegram account of Mr. Durov is presented on homepage of the massaging service and reprinted by many news platforms. In real time mode, of course.
The deadline of this competition is the 1st of March, 2014. On that day the keys to the task will be issued in case there is no legitimate winner. If someone solves the task faster, both, the keys and the winner, will be given present to the audience earlier. Similar competitions will follow in future and become a tradition of the project. The idea is smart enough to determine possible leaks and mistakes in the developed protocol by people driven by ardor and competitiveness.
The technical side of the question also includes the structure of the daily traffic:
Unixtime Length-in-bytes Direction (in/out) ServerIP:Port Hexdump
And it includes only the higher bytes of the TCP flow, the boarders of the IP packages are ignored, the TCP/IP names are also omitted. The initiator of the tournament advices to start with messages with amount of symbols exceeding the limit, repeated massaging of the server and other actions that might bring the server out of balance. Next steps should be invented by the participants.
Experts believe that there will be definitely a competitor to solve the tasks on time, as the protocol seems to have many weak points. More news on the topic will follow in the nearest future.