'Hack the Army' Program Pays Out About $100,000 for Netting 118 Bugs

The Department of Defense rewarded individuals and groups who hacked into its servers.
'Hack the Army' Program Pays Out About $100,000 for Netting 118 Bugs
Image credit: via PC Mag
Reporter at PCMag
2 min read
This story originally appeared on PCMag

And you thought hacking the Pentagon was easy: The U.S. Army last week revealed details of its first bug bounty program.

The four-week Hack the Army scheme generated 416 vulnerability reports (nearly 30 percent of which are unique and actionable) and approximately $100,000 for security researchers and bug hunters.


The most significant flaw -- as reported by HackerOne, a security consulting firm under contract with the Pentagon -- was uncovered due to a series of chained vulnerabilities that unwittingly took a hacker from the public-facing site to an internal Department of Defense page usually requiring special credentials to access.

"On its own, neither vulnerability is particularly interesting, but when you pair them together, it's actually very serious," HackerOne explained.

The Army remediation team and Army Cyber Protection Brigade stepped in to patch the hole.

"We're not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense," former Army Secretary Eric Fanning said in the November announcement about Hack the Army. "We're looking for new ways of doing business."

The DoD experimented with a similar program last spring, when it invited white-hat hackers and researchers to infiltrate the Pentagon; 138 established vulnerabilities cost the federal government some $150,000 -- money well spent, the agency said in June.

"What Hack the Pentagon validated is that there are large numbers of technologists and innovators who want to make a contribution to our nation's security, but lack a legal avenue to do so," Fanning said.

But unlike Hack the Pentagon, which offered static websites not considered targets, Hack the Army provided sites considered critical to its recruiting mission, according to HackerOne.

"Crowdsourcing is really the only way to get the dynamic skills you need that a static workforce can't get you," Lisa Wiswell of the DoD's Defense Digital Service, said in a statement last fall.

More than 370 people participated in hacking the largest branch of the U.S. Armed Forces -- including 25 government employees, 17 of whom are military personnel.

More from Entrepreneur

Terry's digital marketing expertise can help you with campaign planning, execution and optimization and best practices for content marketing.
Book Your Session

For a limited time only, get this bundle of Entrepreneur PressĀ® titles for less than $30 (60% OFF) on our bookstore when you use "LEAP" at checkout.
Buy Now

Are paying too much for business insurance? Do you have critical gaps in your coverage? Trust Entrepreneur to help you find out.
Get Your Quote Now

Latest on Entrepreneur

My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.