Here’s How To Legally Hack The Pentagon For Cash Prizes
The Pentagon is taking a lesson from Google, offering a bounty for people to hack them. Not everyone can apply for the program, but for those who do and find a vulnerability, there’s $150,000 in cash prizes available.
According to NBC News, the contest will start on April 18, 2016, and run through May 12. “Hack the Pentagon” provides a legal avenue for selected people to find vulnerabilities in the Defense Department’s computer systems, some of their computer systems. The company HackerOne will create the platform for the program.Secretary of Defense Ash Carter announced it will bolster their defense.
“This initiative will put the department’s cybersecurity to the test in an innovative but responsible way. I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot.”
Reuters reported that the Pentagon has had internal investigators, known as “red teams,” to hack the systems, looking for vulnerabilities. But, offering bounties to external hackers has become a best practice in the cybersecurity industry.
Google and Facebook have long had similar programs for people to report vulnerabilities for cash rewards. Uber, the ride-share app, recently started it’s own contest for hackers to win up to $10,000.
With the Hack the Pentagon program, there are some limitations, of course. Potential participants have to go through a thorough background check. They must be a “U.S. person” and, according to a Pentagon release, “must not be on the U.S. Treasury Department’s Specially Designated Nationals list of people and organizations engaged in terrorism, drug trafficking and other crimes.”
Likewise, the system will be the public-facing computer system, more sensitive systems will still be off-limits for now.
Exactly how much a participant is paid, and for what, also doesn’t seem clear from the information from the government or HackerOne, but they say participants will be paid out of the $150,000 fund.HackerOne CEO Marten Mickos praised the program as a major opportunity for the Pentagon in a press release.
“Collaboration and transparency with external finders has become essential to securing connected software on the Internet. Embracing the hacker community is not only a watershed move by the Pentagon, among the world’s most powerful organizations, but also signals deeply promising progress for all of software security.”
As previously reported by the Inquisitr, the Pentagon has had its share of problems with hackers. In August of last year, a hack compromised the Defense Department’s computer programs, including emails from high-level officials about sensitive issues.
At the time, Russia was the prime suspect because of the level of sophistication and the tactics used, although China was also cited a potential culprit.
Secretary Carter says the military in general has not been getting good grades for its cybersecurity, adding to the danger.
DJ Patil, the White House’s chief data scientist, explained the Pentagon is always open to attack.
“When people hear ‘bug bounty,’ they think we are just opening ourselves to attack, but what people forget is, we are always in this day and age under attack. By bringing crowds to the problem… you’re getting a jump on the curve.”
Patil said it might set a precedent for other government agencies to eventually follow suit.
People interested in the Hack the Pentagon can register to participate at the HackerOne website, which can be found at this link.
[Photo by Win McNamee/Getty Images]