3 min read

Hack the Pentagon, and you could win $150,000

Graham CLULEY

April 19, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hack the Pentagon, and you could win $150,000

Hackers are trying to break into The Pentagon.

There’s nothing unusual about that, of course. The difference this time is that The US Department of Defense is inviting hackers to find security vulnerabilities in some of its public websites, and is offering bounty payments of up to $150,000 for those who discover flaws.

pentagon-hack-600

There are, of course, some rules about the “Hack the Pentagon” bug bounty program, as the US DoD is keen for chaos not to ensue during the US goverment’s first commercial bug bounty program. These include:

  • You must have pre-registered and been approved to take part in the program.
  • You must be eligible to work in the United States.
  • You can’t be residing in a country currently under US trade sanctions – sorry Syrian and North Korean hackers, you’re not welcome!
  • You can’t be on the US Department of Treasury’s list of bad guys and organisations who have engaged in terrorism, drug trafficking and other crimes – I guess they’re worried about bad publicity.
  • Every participant has to agree to undergo a background check – no background check, no payout.

Furthermore, there’s bad news if you work for the United States Digital Service (USDS) – you’re not eligible for any payouts. Presumably the Depatrtment of Defense feels you should be finding any vulnerabilities and flaws as part of your regular job.

It’s worth pointing out that the Defense Department is keeping tight reins on bug hunters, limiting the scope of the bounty program to a defined list of public websites for a controlled duration of time (the hunt runs until May 12 2016) and not involving critical, mission-facing computer systems.

And I have no doubt that some researchers will be dissuaded from participating by the rules – and may feel uncomfortable with the idea of sharing their personal information with the US authorities for the purposes of a background check.

All the same, it’s good to see the US government embracing an initiative to bolster its security that has proven successful for many commercial companies in recent years. After all, it’s better for any vulnerabilities to be reported to the Department of Defense than sold on underground markets to other groups such as online criminals and foreign states.

“This initiative will put the department’s cybersecurity to the test in an innovative but responsible way,” said US Secretary of Defense Ash Carter. “I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot.”

I have long been an advocate that it is better to hack yourself (or hire penetration testers to check your systems for vulnerabilities) than wait for a malicious hacker to break into your network. At the same time, it’s important to not leave security considerations until the end of a project – security should be an important consideration from the very beginning.

Clearly we’ve come a long way since British computer hacker Gary McKinnon broke into classified Pentagon computer systems in his search for evidence that the United States was covering up evidence of extraterrestrial technology. The Department of Defense remains resolute that any hacking against its systems has to happen on its own terms, but it’s clearly not of the opinion that all in the hacking community have bad intentions.

And that sounds like a good thing to me.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read