[RWSB] 2016-11 Hack the Pentagon
The last several years have seen many battles between the US government and hackers as well as major critical data leaks. Many government agencies have approached hacking in a way that demonizes hackers and security in general. This past week marks a turning point for security experts. The US Department of Defense announced a new pilot program called Hack the Pentagon.
As we reported several in previous weeks, government agencies are among the top targets for hackers. Government employees were urged to stay on alert for suspicious behavior and attacks. Instead of fighting hackers, the US government has changed its attitude towards attacks and is now opening the doors for research. The goal is to find vulnerabilities across government systems and understand the way hackers operate.
This is the US governmentâ€™s version of a bug bounty. Bug bounties, which pay security experts for the responsible disclosure of vulnerability information have been used by the corporate sector for years to engage with hackers and reap the benefits. The largest player in bug bounties is HackerOne.
The current moves are a step forward in the right direction for government agencies that have long treated hackers as criminals. By collaborating with hackers, agencies can tap the knowledge and skill in non-governmental security experts.
Rewards are set up to $150,000 and the pilot program will run from April 18th to May 12th.
Furthermore, a major security breach occurred in Panama this week. The root cause of the breach is still unknown but it is believed to be an insider attack. The Panama law firm Mossack Fonseca suffered a data leak when 11 million private documents were exposed to the public. These papers indicate that several high profile government representatives used Mossack to help launder money and avoid tax regulations. Officials named in these documents include Russian President Vladimir Putin, Icelandic Prime Minister Sigmundur David Gunnlaugson, Egypt's former President, Hosni Mubarak, former Libyan leader Muammar Gaddafi and Syria's President Bashar al-Assad.
The aftermath of these documents is still unknown. The leaked documents show that organizations are not only susceptible to outside attacks. Insider threats have increased in popularity in the last several years, and they remain some of the most damaging.