The winners of the Security Nightmare 2015 have been announced 

TREsPASS invites you to the Social Engineering Challenge 2015. You can apply by submitting your proposal before December 1st before December 15th. After selection by a professional jury, the award-winning proposal will be announced at the CPDP conference in Brussels, Belgium, on January 27-29, 2016.

Cybercrime is increasing rapidly all around the globe. Methods such as phishing, scamming, and hacking are becoming more sophisticated. At the same time, cloud computing has taken off and much of our data is stored and processed in public and corporate cloud data centers, dynamically crossing geographic borders, accessible through the network from anywhere. To counteract this pervasive problem, organisations have investigated technical solutions as well as awareness programs for employees and customers. As Social Engineering is a key factor in 92% of industrial espionage attacks (Verizon), the human factor is attracting increasing media –and attacker– attention. However, systematic analysis of the securing against attacks including Social Engineering is still rare, and scientists and practitioners from diverse research disciplines are trying to understand the mechanisms behind it more holistically.

But you can help! This year, you are invited to think of attack scenarios for a cloud-based setting. Though this might include some clever technical steps, tricking the human element of security is what this challenge is about: the ultimate security nightmare. We are not looking for new hacking tools, spam bots, phishing attacks, blackmail, etc., but rather how you, as an outsider, could gain access to the crucial and famous fileX stored in the cloud that would give you money and fame, if you could get your hands on it.

To make the given setting more concrete, imagine a scenario as described on www.trespass-project.eu/award/CloudScenario.pdf.

To give you some ideas and stimulate your creativity, you may wish to visit the Social Engineering Panel.

Describe your Social Engineering cloud attack idea and include a suitable countermeasure to prevent your scenario from taking place: think of policies, access controls, etc. It would be ideal if you also provide a short outline of an experiment/research proposal that could be used to test the feasibility or relevance of your attack scenario.

Submit your 2-page proposal and a 1-page CV before December 1st before December 15th, 2015 to

The proposals will be evaluated and judged based on creativity, feasibility and deceivability. The best proposal will be awarded with €750 and the winner will be invited to the CPDP 2015 conference to receive the award. A maximum of €800 travel costs will be reimbursed.

Disclaimer: Please check the terms and conditions below. We are collecting input for research and dissemination purposes, so please make sure that the information provided is non-confidential.

Terms and Conditions

The TREsPASS consortium is represented by the UNIVERSITEIT TWENTE, whose registered office is at DRIENERLOLAAN 5, 7522 NB ENSCHEDE, The Netherlands

Members of the TREsPASS consortium connected in any way with the competition together with members of the judging panel shall not be permitted to enter the competition.

There is no entry fee and no purchase necessary to enter this competition.

Route to entry for the competition is limited to proposals submitted via the following URL:

Participants up to 16 years old must state that they have obtained approval from their legal guardian(s) for participation in the competition.

Closing date for entries will be December 1st, 2015. After this date, no further entries to the competition will be permitted.

No responsibility can be accepted for entries not received for whatever reason.

The TREsPASS consortium reserves the right to cancel or amend the competition and these terms and conditions without notice in the event of a catastrophe, war, civil or military disturbance, act of God or any actual or anticipated breach of any applicable law or regulation or any other event outside of the TREsPASS consortium’s control. Any changes to the competition will be communicated to entrants as soon as possible by the TREsPASS consortium.

The TREsPASS consortium is not responsible for inaccurate prize details supplied to any entrant by any third party connected with this competition.

The prize is 750 Euro cash, in the form of a cheque made payable to the prize winner.

The prize is personal and is registered in the name of the winner.

In case of refusal or non acceptance of the prize or conditions that are inherent to the competition, the prize will not be awarded. In that case, the TREsPASS consortium is entitled to choose another winner.

The winner will be chosen by an independent panel of experts appointed by the TREsPASS consortium.

The panel of experts will select the best proposal based on creativity, feasibility and deceivability.

The winner will be notified by email within 28 days of the closing date. If the winner cannot be contacted or does not claim the prize within 14 days of notification, we reserve the right to withdraw the prize from the winner and pick a replacement winner.

The winner will be invited to collect the award at the CPDP 2016 conference.

If the winner is unable to attend the conference and collect the award, the TREsPASS consortium will withdraw the prize from the winner and pick a replacement winner.

The TREsPASS consortium’s decision in respect of all matters to do with the competition will be final and no correspondence will be entered into.

By entering this competition, an entrant is indicating his/her agreement to be bound by these terms and conditions.

The competition and these terms and conditions will be governed by Dutch law and any disputes will be subject to the exclusive jurisdiction of the courts of Netherlands.

By submitting a proposal, a participant agrees that his/her name and image can be used by the TREsPASS consortium any publicity material, if he/she is chosen as winner. The winner’s name will be published on the TREsPASS website 28 days after closing date. The URL of the TREsPASS website is www.trespass-project.eu/.

Any other personal data relating to the winner or any other entrants will be used solely in accordance with current Dutch data protection legislation and will not be disclosed to a third party without the entrant’s prior consent.

The information provided will be used for scientific research and may be referenced in scientific publications.

The information provided may be published as part of the TREsPASS consortiums dissemination activities. This may include but is not limited to the TREsPASS website, the TREsPASS Twitter feed and the TREsPASS Linked-In account.

This promotion is in no way sponsored, endorsed or administered by, or associated with, Facebook, Twitter or any other Social Network. You are providing your information to the TREsPASS consortium and not to any other party. The information provided will be used in conjunction with the following Privacy Policy found at www.trespass-project.eu/privacy

The information disclosed by participants should not contain reference to real persons or organisations without their explicit written consent.

The information disclosed by participants should not be confidential.

The TREsPASS consortium will not be held accountable for any of the actions carried out by participants.