Hack the Army Considered a Success
Posted by: Timothy Weaver on 01/20/2017 03:21 PM
[
Comments
]
The recent "Hack the Army" program was a success according to the U.S. Army.
The bug bounty paid out upwards of $150,000 to a select group of white-hat hackers that found and reported 400 bug reports, 118 of which were unique and actionable.
A pool of 371 hackers and researchers were invited to participate to try to penetrate online properties and databases normally off-limits. Of that group, 25 were government employees and 17 were from the military.
In announcing the bug program last November, former Secretary of the Army Eric Fanning said: “The Army is reaching out directly to a group of technologies and researchers who are trained in figuring out how to break into computer networks they’re not supposed to; people we normally would have avoided.”
Two vulnerabilities were found that alone were no big deal, but together they would allow a hacker to access an internal Department of Defense website. The flaws were fixed.
“They got there through an open proxy, meaning the routing wasn’t shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system. On its own, neither vulnerability is particularly interesting, but when you pair them together, it’s actually very serious.”
Former Secretary of the Army Eric Fanning remarked about the program: “We recognize we cannot continue to do business the way that we are, and that we’re not agile enough to keep up with things that are happening in the tech world. There are people all over the world trying to get access to our sites, our data, our information. We have very well trained, capable teams in the military and the Department of Defense, but it’s not enough.”
Source: Threat Post
The bug bounty paid out upwards of $150,000 to a select group of white-hat hackers that found and reported 400 bug reports, 118 of which were unique and actionable. A pool of 371 hackers and researchers were invited to participate to try to penetrate online properties and databases normally off-limits. Of that group, 25 were government employees and 17 were from the military.
In announcing the bug program last November, former Secretary of the Army Eric Fanning said: “The Army is reaching out directly to a group of technologies and researchers who are trained in figuring out how to break into computer networks they’re not supposed to; people we normally would have avoided.”
Two vulnerabilities were found that alone were no big deal, but together they would allow a hacker to access an internal Department of Defense website. The flaws were fixed.
“They got there through an open proxy, meaning the routing wasn’t shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system. On its own, neither vulnerability is particularly interesting, but when you pair them together, it’s actually very serious.”
Former Secretary of the Army Eric Fanning remarked about the program: “We recognize we cannot continue to do business the way that we are, and that we’re not agile enough to keep up with things that are happening in the tech world. There are people all over the world trying to get access to our sites, our data, our information. We have very well trained, capable teams in the military and the Department of Defense, but it’s not enough.”
Source: Threat Post
Comments
