3 min read

Hack the Pentagon, and you could win $150,000

Graham CLULEY

April 19, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hack the Pentagon, and you could win $150,000

Hackers are trying to break into The Pentagon.

There’s nothing unusual about that, of course. The difference this time is that The US Department of Defense is inviting hackers to find security vulnerabilities in some of its public websites, and is offering bounty payments of up to $150,000 for those who discover flaws.

pentagon-hack-600

There are, of course, some rules about the “Hack the Pentagon” bug bounty program, as the US DoD is keen for chaos not to ensue during the US goverment’s first commercial bug bounty program. These include:

  • You must have pre-registered and been approved to take part in the program.
  • You must be eligible to work in the United States.
  • You can’t be residing in a country currently under US trade sanctions – sorry Syrian and North Korean hackers, you’re not welcome!
  • You can’t be on the US Department of Treasury’s list of bad guys and organisations who have engaged in terrorism, drug trafficking and other crimes – I guess they’re worried about bad publicity.
  • Every participant has to agree to undergo a background check – no background check, no payout.

Furthermore, there’s bad news if you work for the United States Digital Service (USDS) – you’re not eligible for any payouts. Presumably the Depatrtment of Defense feels you should be finding any vulnerabilities and flaws as part of your regular job.

It’s worth pointing out that the Defense Department is keeping tight reins on bug hunters, limiting the scope of the bounty program to a defined list of public websites for a controlled duration of time (the hunt runs until May 12 2016) and not involving critical, mission-facing computer systems.

And I have no doubt that some researchers will be dissuaded from participating by the rules – and may feel uncomfortable with the idea of sharing their personal information with the US authorities for the purposes of a background check.

All the same, it’s good to see the US government embracing an initiative to bolster its security that has proven successful for many commercial companies in recent years. After all, it’s better for any vulnerabilities to be reported to the Department of Defense than sold on underground markets to other groups such as online criminals and foreign states.

“This initiative will put the department’s cybersecurity to the test in an innovative but responsible way,” said US Secretary of Defense Ash Carter. “I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot.”

I have long been an advocate that it is better to hack yourself (or hire penetration testers to check your systems for vulnerabilities) than wait for a malicious hacker to break into your network. At the same time, it’s important to not leave security considerations until the end of a project – security should be an important consideration from the very beginning.

Clearly we’ve come a long way since British computer hacker Gary McKinnon broke into classified Pentagon computer systems in his search for evidence that the United States was covering up evidence of extraterrestrial technology. The Department of Defense remains resolute that any hacking against its systems has to happen on its own terms, but it’s clearly not of the opinion that all in the hacking community have bad intentions.

And that sounds like a good thing to me.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Silviu STAHIE

September 30, 2022

1 min read