A high school student by the name of David Dworken spent 10 to 15 hours per day in-between classes on his laptop, where he fell into the hobby of hacking the United States’ Defense Department’s websites.
However, when discovered by the department, officials did not scold or become angry with the 18-year-old. Instead, the young man, who graduated this week, was commended by the Secretary of Defense for finding “vulnerabilities before U.S. adversaries did,” as Reuters reported.
— Nine News LA (@9NewsLA) June 18, 2016
Defense Secretary Ash Carter relayed his reasoning for not passing punishment on the young man by stating that it was all a part of a pilot project.
“We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks… what we didn’t fully appreciate before this pilot was how many white hat hackers there are who want to make a difference,”
Interestingly enough, the hacks were invited by the Department of Defense as part of a pilot project that involved 1,400 participants and was launched this year. There were 138 reports that were validated that involved vulnerabilities. The project, as Reuters relays, invited these hackers to test cyber security of some of the public Defense Departments’ websites.
Additionally, the project only allowed hackers onto public websites, and they were not allowed access to the areas in need of heightened security. The Pentagon shared that it paid a total of around $75,000 to successful hackers in amounts ranging from $100 to $15,000.
The high school student, Dworken, who graduated on Monday, reported that he discovered “six vulnerabilities” yet received no reward for his efforts as the vulnerabilities had already been reported.
The student, who is set to study computer science at Northeastern University in the fall, shared that he had already been approached for internships due to his discoveries and computer skills, and noted that some of the bugs he found would have allowed people to display whatever they wanted on the websites, thereby giving the ability for hackers to steal account information.
The pilot project, entitled “Hack the Pentagon,” has a model similar to other competitions known as “bug bounties” that are used by United States companies to uncover any network gaps.
Reuters shares the cost such a project has attached to it, and reports Carter’s words about the benefits of the program to the Pentagon.
“The Pentagon said the pilot project cost $150,000, including the reward money, and several follow up initiatives were planned. This included creating a process so others could report vulnerabilities without fear of prosecution. It’s not a small sum, but if we had gone through the normal process of hiring an outside firm to do a security audit and vulnerability assessment, which is what we usually do, it would have cost us more than $1 million,’ Carter said.”
As Wired shared, back when the program was first launched, while the “Hack the Pentagon” program was the first for the federal government of the United States, the nation has been involved in the purchasing of black market bugs for some time now. Documents that were released by Edward Snowden, shares that the National Security Agency spends $25 million a year purchasing bugs for the purpose of functioning within its surveillance operations.
— The Hacker News (@TheHackersNews) June 14, 2016
Individuals who were selected to be a part of the pilot project were expected to be U.S. citizens and submitted background checks before they were allowed access to the Pentagon’s websites. As stated previously, more sensitive sites were not able to be accessed while this pilot project ran between the months of April and May of this year.
The Pentagon finally took security researchers’ advice to utilize a “bug bounty” program, and it seems to have been worthwhile. It’s obviously been a very important event in the life of Dworken, as he heads off into a career that will immerse him in responsibilities needing such skill.
[Photo by ChinaFotoPress/ChinaFotoPress via Getty Images]