The company is inviting participants to crack its encrypted email sending solution, which enables users to send private emails to any addressee using any email service provider.
For the contest, MySecureZone has encrypted a message, and the goal for participants is to crack the encryption and obtain the contents of that message in a clear, legible form that people can read. The fastest person to successfully complete the task will receive a 5% stake in Secure Communication Services Ltd., which operates the MySecureZone.com website.
MySecureZone said that encrypted emails sent through the service do not travel through the network, nor can they be read by tapping into network data traffic between the server and the recipient. The encrypted messages are stored on the company’s server, which recipients can reach via a link without the need to install special software; they only need to know the encryption passphrase, which would have been previously generated by the sender.
Additionally, the sender can specify a time span for each email after which even the recipient can no longer read the message.
“The goal of our company is to help people protect their online privacy and to bring the highest grade user-friendly IT security to the public,” said Istvan Balazs, CTO of MySecureZone, in a statement. “For ultimate security, our system rests on the strong foundations of open source. We know that, on the internet, the user login process is one of the most vulnerable areas of personal information protection. That's why we have created a state-of-the-art, web-based, two-factor authentication solution that is unique and innovative. This will ensure that, even with a weak password, your private messages will be safe and secure."
The hacking challenge is meant to prove this out. It's an interesting move considering that other privacy-oriented mail services, including Lavabit and Silent Mail, decided to shut down after leaked documents from Edward Snowden cast doubt on the security of existing, accepted encryption standards thanks to NSA meddling. In the wake of that, NIST has opened a review of all of its algorithms.
For the challenge, in a simulated situation, participants will start out at the stage where they can access the email account of the addressee of the encrypted email, and can obtain the link pointing to the message. From a technical viewpoint this is already a leg-up in itself, compared to an average cyber-attack, but it faithfully simulates a situation where someone can access their spouse’s or co-worker’s email account, or where someone can gain access to users’ correspondence from the side of the email service provider.
The contestant with a successful solution must present in detail their process of solving the task, and will be required to provide access to tools, and copy from the tools (software) they used, including the working, correct decryption pass-phrase, within 72 hours of submitting their solution.
Private individuals over 18 can enter the contest, which runs through November 25. MySecureZone.com will publish the HASH of the objective message, and at the same time escrow it in the custody of an attorney-at-law, when the contest begins.
The company underscored that malicious activity won’t be tolerated: “Please do not attempt DoS and DDoS attacks as you will only endanger the successful outcome and usefulness of the challenge,” the company said in the challenge rules. “You would not get any closer to the solution. The contest goal is to read the encrypted email. Please do not try to hack into or paralyze other contestants’ computers. If you break any of these rules, you will be instantly disqualified from the Contest and will be liable to legal action.”