That challenge was called, “Break into our CEO’s email account and win $10K” and even gave the hackers his username and password for the account. The reason Telesign believe StrongWebmail.com is so secure is the fact it requires a special code to login that can only be known with a phone call, and that code changes every time you try and log in. So even with a username and password access should not be possible.
But even with that extra layer of security in place hackers claim to have already gained access to the CEO account. The hacking group sent evidence of the hack to the IDG news service including details of what was in the account on June 26 (the date Telesign wanted hackers to report upon). Telesign CEO Darren Berkovitz confirmed the information was from his account, but not that they had won as he had to check they followed the rules.
The details of the hack have not been released for obvious reasons, but it is suspected a man-in-the-middle solution was used, where the verification is bypassed by waiting for the real account owner to login and then just using that session to get the information they needed.
The group who performed the hack included Lance James, chief scientists at Secure Science, and Aviv Raff FraudAction Reasearch Lab Manager at RSA.
Read more at PC World
