China has for the first time invited international white hat hackers to test its latest cyber defense system, which successfully withstood over 500,000 attacks with no failure.
Hosted by the Chinese Academy of Engineering (CAE) and Nanjing government, the unique hacker challenge, which ran from May 10 to 12 in Nanjing, eastern China’s Jiangsu province, tested the nation’s first set of equipment designed and manufactured under Cyber Mimic Defense (CMD) – an original theory proposed by CAE academician Wu Jiangxing in 2008.
This marked the first international hacking competition on China’s actual cyber defense system, making it stand out among capture the flag (CTF) competitions in which each team attacks other teams while defending their own.
By setting up multiple sets of servers – like an octopus with tentacles, the special CMD system is able to continue defending even with glitches such as vulnerabilities and backdoors, which are currently a dangerous menace to almost all cyber facilities.
According to Wu, the system could only break if all hackers launched an attack on the same part of the system at the exact same time. However, the probability of such an attack is low. “Just like the consensus protocol used in blockchain technology: the larger the population, the harder it is to reach consensus,” he explained in an interview on Saturday on the sideline of the challenge.
As Wu predicted, the 22 elite hacking teams from China, Japan, Russia, Poland, and Ukraine failed to hack the CMD system, which consisted of web servers, routers, firewalls, and domains, all of which are commercially available products.
During the three-day challenge, white hat hackers were first put under black box testing when they tried to break into the system, with no hints or tips offered. They then conducted white box testing when Trojans and backdoors were authorized to be put inside the CMD system.
“No team was able to completely break the full system, because all hacking teams launched their attacks under traditional cyber defense theories. That is also why we say CMD is a game-changing theory. The cybersecurity condition is no longer an easy, weak target. It can now hold its ground and is rather hard to break,” the academician said.