Previous Story
Hackers find gaps in Pentagon websites
Posted On Jun 18 2016
Comment: Off
The hackers were participating in the Pentagon’s first “bug bounty”, where it asked those with computer hacking capabilities to investigate five public websites and identify potential lapses in security where a nefarious hacker could do damage.
White-hat hackers in the Defense Department’s monthlong Hack the Pentagon bug bounty program found 138 vulnerabilities that the department has since remediated – and now Defense Secretary Ash Carter wants to make the model a fixture within DOD.
Defense Secretary Ash Carter and member of the Defense Digital Service reveal the results of Hack the Pentagon.
Carter said DOD had plans to encourage defense contractors to submit their programs and products for independent security reviews and bug bounty programs before they deliver them to the government. The introduction of Hack the Pentagon represents the first time the USA government has experimented with a commercial bug bounty that allowed participating hackers to be paid for discovering vulnerabilities.
The program ran from April 18-May 12.
The Pentagon asked 1,400 people to attempt to hack in to their system, offering rewards from $100 (£70) to $15,000 (£10,450) to those who managed to get in. “The pilot showed us one way to streamline what we do to defend our networks and correct vulnerabilities more quickly”.
“These are ones we weren’t aware of, and now we have the opportunity to fix them”.
Additionally, the project only allowed hackers onto public websites and they were not allowed access to the areas in need of heightened security.
“I generally just worked on it during any free time I had, during free periods”, according to Dworken, who said he will study computer science in college with aspirations of a cybersecurity career. He ended up submitting six vulnerabilities, but they all were reported by other hackers also.
“We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks”, Carter said.
But that has not been the case for one teenager, who has been thanked for finding bugs and approached by recruiters about possible internships.
