Security startup puts $100K bounty on table to lure code-cracking hackers

A local cloud security startup is ready to offer $100,000 to anyone who can crack its code.

Launched by serial entrepreneur Wael Aggan and his longtime associate Tarek El-Gillani, a former Nortel system architect, CloudMask is tackling an area in which Mr. Aggan says other companies are trying to combat modern threats with old-fashioned solutions.

Imagine a document containing important information, locked inside a safe. The problem, he explains, is that if someone manages to crack the safe, they can easily read the document.

CloudMask prefers to hide in plain sight.

One must assume that modern thieves are more cunning and sophisticated than users, says Mr. Aggan. If they really want to get in, an increased security perimeter won’t be much help.

“The hacker is not a guy with dirty boots who broke in your window to steal your TV. The hacker today is very sophisticated,” he says. “You need to think that the attacker is there, that it’s impossible to prevent the attacker from entering your data.”

It’s a reasonable assumption. According to a 2011 study by the Ponemon Institute, a U.S.-based privacy and security research firm, 90 per cent of senior executives surveyed said their companies had experienced a data breach and nearly half expected it to happen again. Another study in 2012 by the same firm found that 82 per cent of businesses had transferred sensitive or confidential information to the cloud or planned to within two years.

Rather than locking and hiding private documents, CloudMask shreds them, so to speak.

“We say welcome, here it is,” explains Mr. Aggan. But only the sender and the recipient have the ability to reassemble it – to anyone else, it looks like “random data.”

CloudMask will soon be ready to host its $100,000 hackathon to boldly put its product to the test. Mr. Aggan says a third-party authority has agreed to put up the bounty and provide judges. Ideally, he adds, CloudMask would hook up with a major U.S. security summit, such as Black Hat or RSA Conference, to host the challenge in early 2015.

The new firm shares its Centretown office with TradeMerit, a cloud-based business process management solution company Mr. Aggan co-founded in 2007. Prior to that, in 2001, Mr. Aggan started ViaSafe, a security and trade compliance firm that was acquired five years later.

The firm’s founders say being based in Ottawa has many advantages for a startup in the security space. The company was part of the federally run Canadian Innovation Commercialization Program and many of its major clients are high-security federal government agencies. The downside, says Mr. Aggan, is that confidentiality rules prevent the firm from boasting about its client base in order to attract new customers.

CloudMask’s other clients include banks and law firms, but its current target market is individual web users. The company will make the beta version of its software free to download for personal e-mail use come January. The firm also offers the pro version free to NGOs.

These offers set CloudMask apart from competitors that focus exclusively on large enterprise clients, says Mr. El-Gillani.

“It’s always been our target from a business perspective,” he says. “The technology from day one was designed so that it could be portable and scaled down to independent users.”

Protection of personal data on the cloud became a hot topic this fall when hackers published a number of celebrities’ private nude photos, including pictures of Oscar winner Jennifer Lawrence, who spoke out strongly against the hackers and their supporters.

Mr. Aggan says people shouldn’t have to explain why their private documents deserve to stay private.

“Privacy is your right,” he says. “It is not about why I need it – it is my right, and I have the right to have control of my data.”