This is a bullshit challenge. The attack model in which it is set is nothing like the theoretical models cryptographic systems are designed to be secure against, and even less like how crypto software is actually attacked in practice. There is no possibility for known plaintext, chosen plaintext, chosen ciphertext, side channels, etc.
If they just encrypted their communications with AES-128 in ECB mode with a fixed random secret key, the challenge could not be won. And that's not even semantically secure. So we will learn absolutely nothing about the security of their software from the results of this challenge. Whoever designed this challenge is either extremely dishonest or knows nothing about cryptography.
If they really want to improve their software, they should offer a $200,000 bounty for a proof of concept implementation of an attack within their threat model.
Edit: I originally started this post with "...probably designed to get press rather than to actually improve the software...", which I have removed, since I have no evidence to support the claim.
If they just encrypted their communications with AES-128 in ECB mode with a fixed random secret key, the challenge could not be won. And that's not even semantically secure. So we will learn absolutely nothing about the security of their software from the results of this challenge. Whoever designed this challenge is either extremely dishonest or knows nothing about cryptography.
If they really want to improve their software, they should offer a $200,000 bounty for a proof of concept implementation of an attack within their threat model.
Edit: I originally started this post with "...probably designed to get press rather than to actually improve the software...", which I have removed, since I have no evidence to support the claim.