THE COMPUTER SECURITY INDUSTRY’S Pwnie Awards ceremony is a week away and the nominations are out. The notorious Lulzsec hacking outfit, the Anonymous hacktivist collective, the Stuxnet industrial sabotage worm and the alleged WikiLeaks source Bradley Manning are all up for the ‘Epic 0wnage’ Pwnie award at Black Hat.
Anonymous was nominated for hacking into HBGary Federal and dumping the security firm’s emails on the Internet. The widely publicised security breach became a PR disaster for both the federal contractor and its sister company HBGary, as the emails revealed potentially unethical behaviour and offensive cyber security dealings.
According to the Pwnie Awards organizers, Lulzsec is nominated for hacking virtually everyone, or better said, anyone. The group’s 50-day stint left a whole bunch of electronics manufacturers, game developers, government agencies, media outlets, and other companies embarrassed and scrambling to secure their servers and online properties.
Bradley Manning, the US Army intelligence analyst accused of leaking hundreds of thousands of secret documents to WikiLeaks, is also nominated for the ‘Epic 0wnage’ Pwnie award. Manning is said to have removed the records from the US State Department’s secure network on a CD labeled Lady Gaga.
The fourth and final nomination in this category is Stuxnet, the incredibly complex industrial sabotage worm created to set back Iran‘s nuclear fuel programme. The worm is believed to be directly responsible for the destruction of thousands of uranium enrichment centrifuges at Iran‘s Natanz nuclear plant.
“0wnage, measured in owws, can be delivered in mass quantities to a single organization or distributed across the wider Internet population. The Epic 0wnage award goes to the hackers responsible for delivering the most damaging, widely publicized, or hilarious 0wnage,” the organisers explain.
The Pwnie Awards were established in 2007 and are handed out every year in a ceremony held during the Black Hat USA security conference. This year the event will be held on 3 August at Caeser’s Palace in Las Vegas.
The judging panel is made up of renowned security researchers like Dave Goldsmith, Mark Dowd, Dino Dai Zovi, HD Moore, Dave Aitel, Halvar Flake, Alexander Sotirov and Ralf-Philipp Weinmann.
There are nine award categories: best server-side bug, best client-side bug, best privilege escalation bug, most innovative research, lamest vendor response, best song, most epic fail, epic 0wnage and lifetime achievement.
The winner of the 2011 ‘Most Epic FAIL’ Pwnie is already known because Sony is the sole nominee in that category. In fact, the troubled entertainment company has been nominated five times for separate security failures.
The ‘Lamest Vendor Response’ award will be disputed between Novell, Magix and RSA Security. However, considering the impact the SecurID breach and the company‘s downplaying of the incident, RSA is the odds-on favourite to take home the prize.