The Hack the Pentagon program is meant to encourage security researchers to find weaknesses in their systems. This initiative will offer participants financial rewards in place of legal punishment for participating in the program.
First Published 6th April 2016
The US Department of Defense is running a bug bounty program.
2 min read | Reflare Research Team
The last several years have seen many battles between the US government and hackers as well as major critical data leaks. Many government agencies have approached hacking in a way that demonises hackers and security in general. This past week marks a turning point for security experts. The US Department of Defense announced a new pilot program called Hack the Pentagon.
As we reported several in previous weeks, government agencies are among the top targets for hackers. Government employees were urged to stay on alert for suspicious behaviour and attacks. Instead of fighting hackers, the US government has changed its attitude towards attacks and is now opening the doors for research. The goal is to find vulnerabilities across government systems and understand the way hackers operate.
This is the US government's version of a bug bounty. Bug bounties, which pay security experts for the responsible disclosure of vulnerability information have been used by the corporate sector for years to engage with hackers and reap the benefits. The largest player in bug bounties is HackerOne.
The current moves are a step forward in the right direction for government agencies that have long treated hackers as criminals. By collaborating with hackers, agencies can tap the knowledge and skill of non-governmental security experts.
Rewards are set up to $150,000 and the pilot program will run from April 18th to May 12th 2016.
Furthermore, a major security breach occurred in Panama this week. The root cause of the breach is still unknown but it is believed to be an insider attack. The Panama law firm Mossack Fonseca suffered a data leak when 11 million private documents were exposed to the public. These papers indicate that several high-profile government representatives used Mossack to help launder money and avoid tax regulations. Officials named in these documents include Russian President Vladimir Putin, Icelandic Prime Minister Sigmundur David Gunnlaugson, Egypt's former President, Hosni Mubarak, former Libyan leader Muammar Gaddafi and Syria's President Bashar al-Assad.
The aftermath of these documents is still unknown. The leaked documents show that organisations are not only susceptible to outside attacks. Insider threats have increased in popularity in the last several years, and they remain some of the most damaging.