The $natch Contest Is Over

The $natch contest took place during Positive Hack Days IV. Contestants needed to detect vulnerabilities in remote banking systems.

The contest was held in two stages. At first, the participants were provided with copies of virtual machines containing vulnerable web services of an online banking system (an analogue of an actual Internet banking system). The participants should detect vulnerabilities in the system within a specified period of time. In the second stage the participants were to exploit the vulnerabilities for unauthorized money withdrawal.

The remote banking system iBank was designed especially for the contest. It contained vulnerabilities that occurs in real life.

Participants had an hour to use the vulnerabilities they had detected during the first stage and to transfer the money from the ATM to their own account. 20,000 rubles were stored in the system.

This year, hackers were about to empty the account of the virtual bank. 17,000 rubles were stolen. Hackers could also attack the accounts of other participants.

The winner was d4d. He managed to steal 9359.71 rubles from the system. A participant named Helm took second place having withdrawn 6 thousand rubles. BigBear has stolen 533 rubles and came third.