We recently hired a new cybersecurity expert in our Research & Development group. We were chatting, just kind of getting to know each other, and he mentioned he had successfully hacked one of the Pentagon’s websites.
Instead of hauling him off to jail, they paid him. It’s a smart move that many corporations should consider. Of course, he was participating in the Department of Defense-sponsored, first-ever, Hack The Pentagon exercise. And he found several vulnerabilities.
And, yesterday it was announced that the DoD had finished closing all 138 verified security vulnerabilities uncovered by that ‘exercise’. They estimate it could have cost $1M if they paid a professional firm to do so, instead they shelled out ~$150K. Hey, 85% off! Get your discounted vulnerabilities right here!
(More details of the past event, which has future ones coming, is available by clicking “Continue Reading” under this teaser block.)
Some more about the details of the past program:
In the first “Hack the Pentagon” challenge, the department asked anyone with expertise in IT security to find security flaws on five of its largest public-facing websites, including the Defense.gov homepage. The first vulnerability report arrived seven minutes after the contest started, and 1,410 pro and amateur hackers from 44 states wound up making 1,189 reports of security problems during the three-week pilot in late April and early May (though many of those reports were duplicates of the same vulnerabilities).
Our employee mentioned he had to be vetted prior to getting to attempt hacking the site…so just don’t point your favorite exploit tool at Defense.gov in the hopes of becoming rich. It likely won’t end well for you.
However, if you want to pursue this type of activity, check around with local universities in your area or businesses. Start by taking a look at the National Cyber Analyst Challenge.