Hackers find security gaps in Pentagon websites

June 17, 2016 by Lolita C. Baldor

High-tech hackers brought in by the Pentagon to breach Defense Department websites were able to burrow in and find 138 different security gaps, Defense Secretary Ash Carter said Friday.

The so-called white-hat hackers were turned loose on five public Pentagon internet pages and were offered various bounties if they could find unique vulnerabilities. The Pentagon says 1,410 hackers participated in the challenge and the first gap was identified just 13 minutes after the hunt began.

Overall, they found 1,189 vulnerabilities, but a review by the Pentagon determined that only 138 were valid and unique.

The experiment cost $150,000. Of that, about half was paid out to the hackers as bounties, including one who received the maximum prize of $15,000 for submitting a number of security gaps. Others received varying amounts, to as low as $100.

"These are ones we weren't aware of, and now we have the opportunity to fix them. And again, it's a lot better than either hiring somebody to do that for you, or finding out the hard way," said Carter.

The Pentagon said this was the first time the federal government has undertaken a program with outsiders attempting to breach the networks. Large companies have done similar things.

Called "Hack the Pentagon," the program will be followed by a series of initiatives, including a process that will allow anyone who finds a security gap in Defense Department systems to report it without fear of prosecution. The department will also expand the bounty program to the military services and encourage contractors to allow similar scrutiny.

One of the hackers was David Dworken, who just graduated from high school. He said he worked on the program during his free time, logging in between homework assignments. He ended up submitting six vulnerabilities, but they all were reported by other hackers also.

He said he started getting interested in hacking when he was in the 10th grade. "I took a computer science course at my school and then other students and I were actually just messing around and we found a couple vulnerabilities on my school's website. That's the first thing I did with that," the future Northwestern University student told reporters.

Even though he didn't qualify for a payout, Dworken said it was worthwhile.

"It also works well in terms of, like networking and getting a reputation kind of thing," he said. "You know, I'm just in high school. I've had recruiters contact me about internships over the summer."

Explore further: Pentagon invites hackers to attack its websites

Related Stories

Pentagon announces new push for 'smart' fabrics

April 1, 2016

US Defense Secretary Ash Carter announced an initiative Friday to create smart textiles that one day could see tents made of power-generating fabric, running shoes as light as socks and uniforms that detect chemical and nuclear ...

Recommended for you

Google braces for huge EU fine over Android

July 18, 2018

Google prepared Wednesday to be hit with huge EU fine for freezing out rivals of its Android mobile phone system in a ruling that could spark new tensions between Brussels and Washington.

EU set to fine Google billions over Android: sources

July 17, 2018

The EU is set to fine US internet giant Google several billion euros this week for freezing out rivals of its Android mobile phone system, sources said, in a ruling that risks fresh tensions with Washington.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.