The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year’s ceremony in Las Vegas.
That’s not surprising: government officials, US spy agencies, and software makers aren’t usually in the mood to acknowledge their failures.
The Pwnies give spray-painted pony statues to those who have either pulled off a great hack or failed epically. This year it was nation states that got a significant proportion of the prizes. The gongs are divided into categories, and nominations in each section are voted on by the hacker community. The ponies are then dished out every year at the Black Hat USA security conference in Sin City.
The award for best server-side bug went to the NSA’s Equation Group, whose Windows SMB exploits were stolen and leaked online this year by the Shadow Brokers. The tools attack three stunning vulnerabilities (CVE-2017-0143, 0144, 0145), and were later used by malware including WannaCrypt to wreck systems across the globe, forcing Microsoft to issue patches for out-of-date operating systems to fight the outbreak
While Uncle Sam’s snoops didn’t pick up their award, neither did other governments. The epic 0wnage award was split between North Korea and Russia for launching the WannaCry ransomware contagion and masterminding the Shadow Brokers, respectively.
Meanwhile, Australian prime minister Malcom Turnbull earned an award for the most epic fail for insisting the laws of Australia trump the laws of mathematics. The Aussie leader was told it’s not possible to backdoor encryption for counterterrorism snoops without ruining the crypto for everyone else, and was having none of it.
…All of this year’s nominations are here, and the results will be published on the awards website a little later.