Perhaps in light of the fact that hackers were recently able to steal $81 million from the account of the Bangladesh central bank held at the New York Fed, or as a result of the Fed admitting several data breaches over the past few years, the Pentagon decided to finally get around to testing the security of its network.
The program, called "Hack the Pentagon" invited hackers to identify vulnerabilities on five public Pentagon internet pages in exchange for cash for each security gap exposed. As a result, the 1,410 hackers that participated found 1,189 vulnerabilities, and the first gap was found just 13 minutes after the event began. Out of the 1,189 vulnerabilities, the Pentagon determined that only 138 were valid and unique – "These are ones we weren't aware of, and now we have the opportunity to fix them. And again, it's a lot better than either hiring somebody to do that for you, or finding out the hard way." Defense Secretary Ash Carter said.
The Pentagon said this was the first time the federal government has undertaken a program with outside hackers attempting to breach the networks, and the total cost was $150,000. Roughly half of the $150k was paid directly to the hackers as bounties, with a range of $100 to the maximum prize of $15,000 for submitting a pair of security gaps.
The program will be followed by a series of other initiatives that promote the communication of security gaps within government networks, including allowing anyone who finds a security gap in Defense Department systems to report it without fear of prosecution – which unless people are hacking the government out of a sense of patriotic duty, presumably pays significantly less than the market for such information. The department will also expand the bounty program to the military services and encourage contractors to allow similar scrutiny.
Interestingly, rather, disturbingly, a recent high school graduate alone found six vulnerabilities.
From McClatchyDC
One of the hackers was David Dworken, who just graduated from high school. He said he worked on the program during his free time, logging in between homework assignments. He ended up submitting six vulnerabilities, but they all were reported by other hackers also.
He said he started getting interested in hacking when he was in the 10th grade. "I took a computer science course at my school and then other students and I were actually just messing around and we found a couple vulnerabilities on my school's website. That's the first thing I did with that," the future Northwestern University student told reporters.
Even though he didn't qualify for a payout, Dworken said it was worthwhile.
"It also works well in terms of, like networking and getting a reputation kind of thing," he said. "You know, I'm just in high school. I've had recruiters contact me about internships over the summer."
Someone tell us that this event, in which 138 gaps were revealed that the Pentagon didn't know about, had more than kids fresh out of high school participating!
High school participants aside, given the fact that the Office of Personnel Management was hacked last year, compromising some 22 million government employees, we're very surprised to learn that the Pentagon proclaimed this event was the first of its kind. Then again we take that back, we are not shocked at all – it undoubtedly took the government nearly a year to figure out that it had better start testing the security of its networks.
Also as a bonus reminder, the security systems used by the US government are so old and outdated, that an 8'' floppy disc houses nuclear coordinate data. Everyone feel secure?
The post “Hack The Pentagon” Program Unveils Hundreds Of Security Gaps appeared first on crude-oil.top.