Not Ashley Madison, OPM wins the Pwnie award for Most Epic Fail at Black Hat conference
Finally the OPM hack attack is in news for something not as sinister as data breach. It won the the annual Pwnie Awards at the Black Hat USA conference for the best security vulnerabilities found by researchers and also a title of EPIC FAIL.
The United States government agency was “honored” at The Pwnies, a comedic awards show held at the Black Hat USA cybersecurity conference, for breaches that exposed the personal information of tens of millions of current and former federal workers, including the fingerprints of more than a million people who applied for government background checks.
The name “Pwnie” comes from the hacker slang “to pwn,” which is the process of taking over or owning a target. The winner of Pwnie award is chosen at the Pwnie show and given My Little Pony child’s toy with an emblazoned Black Hat logo on its posterior.
One of the many categories at the Pwnie Awards is for the Most Epic Fail, with this year’s nominees included both the mega hacks of 2015, the Ashley Madison and U.S. Office of Personnel Management (OPM) hacks.
Here too OPM walked of with the honors of being this year’s ‘Most Epic Fail’ award, as the hack of its systems resulted in 25.7 million Americans being at risk.
While in yet another category, Italian hacking company, The Hacking Team beat Kaspersky Labs and OPM by a thin margin. In the Pwnie category of Pwnie for Epic 0wnage, which is awarded to the company or group that was most completely taken over and embarrassed in an attack, both OPM as well as security vendor Kaspersky Lab was nominated due to Kaspersky’s obsession with Duqu malware, were beaten by the Hacking Team.
“Kaspersky sees Duqu wherever they look, even their own network,” remarked Pwnie judge Dino Dai Zovi.
The Hacking Team was hacked in July, leading to the disclosure of 400GB of data, including multiple zero-day vulnerabilities in Microsoft and Adobe applications, some of which are still being exploited in the wild.
The Most Overhyped Bug Pwnie award went to the Shellshock bug that impacted Linux systems in September 2014.
The Pwnie Awards also celebrate the best in research, and this year the Pwnie for Most Innovative Research went to the team of researchers from Inria, Microsoft Research, Johns Hopkins University, the University of Michigan and the University of Pennsylvania that disclosed the Logjam SSL/TLS vulnerability in May.
No one from OPM appeared to accept the award while Morgan Marquis-Boire from FirstLook, jokingly accepted the award on Hacking Team’s behalf.