'Hack the Army' Program Pays Out About $100,000 for Netting 118 Bugs

The Department of Defense rewarded individuals and groups who hacked into its servers.

Grow Your Business, Not Your Inbox

Stay informed and join our daily newsletter now!
Will be used in accordance with our Privacy Policy
'Hack the Army' Program Pays Out About $100,000 for Netting 118 Bugs
Image credit: via PC Mag
Reporter at PCMag
2 min read
This story originally appeared on PCMag

And you thought hacking the Pentagon was easy: The U.S. Army last week revealed details of its first bug bounty program.

The four-week Hack the Army scheme generated 416 vulnerability reports (nearly 30 percent of which are unique and actionable) and approximately $100,000 for security researchers and bug hunters.


The most significant flaw -- as reported by HackerOne, a security consulting firm under contract with the Pentagon -- was uncovered due to a series of chained vulnerabilities that unwittingly took a hacker from the public-facing goarmy.com site to an internal Department of Defense page usually requiring special credentials to access.

"On its own, neither vulnerability is particularly interesting, but when you pair them together, it's actually very serious," HackerOne explained.

The Army remediation team and Army Cyber Protection Brigade stepped in to patch the hole.

"We're not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense," former Army Secretary Eric Fanning said in the November announcement about Hack the Army. "We're looking for new ways of doing business."

The DoD experimented with a similar program last spring, when it invited white-hat hackers and researchers to infiltrate the Pentagon; 138 established vulnerabilities cost the federal government some $150,000 -- money well spent, the agency said in June.

"What Hack the Pentagon validated is that there are large numbers of technologists and innovators who want to make a contribution to our nation's security, but lack a legal avenue to do so," Fanning said.

But unlike Hack the Pentagon, which offered static websites not considered targets, Hack the Army provided sites considered critical to its recruiting mission, according to HackerOne.

"Crowdsourcing is really the only way to get the dynamic skills you need that a static workforce can't get you," Lisa Wiswell of the DoD's Defense Digital Service, said in a statement last fall.

More than 370 people participated in hacking the largest branch of the U.S. Armed Forces -- including 25 government employees, 17 of whom are military personnel.

More from Entrepreneur

Get heaping discounts to books you love delivered straight to your inbox. We’ll feature a different book each week and share exclusive deals you won’t find anywhere else.
Jumpstart Your Business. Entrepreneur Insider is your all-access pass to the skills, experts, and network you need to get your business off the ground—or take it to the next level.
Create your business plan in half the time with twice the impact using Entrepreneur's BIZ PLANNING PLUS powered by LivePlan. Try risk free for 60 days.

Latest on Entrepreneur

Entrepreneur Media, Inc. values your privacy. In order to understand how people use our site generally, and to create more valuable experiences for you, we may collect data about your use of this site (both directly and through our partners). By continuing to use this site, you are agreeing to the use of that data. For more information on our data policies, please visit our Privacy Policy.