Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Bug Government Security The Internet United States

DoD Announces New Bug Bounty Program Called Hack the Pentagon (npr.org) 62

Quince alPillan writes: Announcing what it calls "the first cyber bug bounty program in the history of the federal government," the Department of Defense says it's inviting vetted hackers to test the security of its web pages and networks. Vetted hackers will need to pass a background check and will be attacking a predetermined system that is not a part of critical operations. This program is being put together by the Digital Defense Service, launched last fall.
This discussion has been archived. No new comments can be posted.

DoD Announces New Bug Bounty Program Called Hack the Pentagon

Comments Filter:
  • HACK THE PLANET!

  • by Anonymous Coward

    'vetted' participants only testing things that don't matter = security theater. Meanwhile the unvetted Chinese and Russian hackers are hacking their critical operations.

    • Not really. . It will likely give them a fingerprint or signature of sorts that they can later use to identify you if you hack something they don't like.

      Sounds way too sketchy to me.

    • Things that don't matter could be a mirror of things that do matter (or a mirror with all the data modified). It's reasonable to test on an almost identical system that doesn't accidentally trigger the order to launch ICBMs getting sent to real places.

      The 'vetted' part is probably to prevent someone from discovering a bug in play, and putting it in practice. But, yeah, depending on how the "vet" someone....

  • by Anonymous Coward

    it's a trap

  • by nehumanuscrede ( 624750 ) on Wednesday March 02, 2016 @03:32PM (#51623727)

    The financial payoff is likely to be several orders of magnitude higher if you figure out how to hack ANY Department of Defense network and sell it on the black market vs working for the USG and pointing out the same flaws.

    If the USG is serious about such a program, they might want to take this into consideration.

    • The financial payoff is likely to be several orders of magnitude higher if you figure out how to hack ANY Department of Defense network and sell it on the black market vs working for the USG and pointing out the same flaws.

      If the USG is serious about such a program, they might want to take this into consideration.

      So is the risk.

      That's how investment decisions work. Risk v. Reward. For example, if you bluff your way into the New York Fed and steal the gold in the basement, you're gonna be pretty rich. But good luck explaining that one away when they catch you.

      Plus, you know, treason.

      • by arth1 ( 260657 )

        Plus, you know, treason.

        Well, if you're not a citizen, you can't be charged with treason, can you?

        • Well, if you're not a citizen, you can't be charged with treason, can you?

          IANAL, but I think in that case it might be espionage instead.

    • by aliquis ( 678370 )

      Also will they be honoring "previous work" entries if one provide evidence for having already breached their systems by the same method previously? ;D

  • North Korea just announced a Bug Bounty program called, "Hack the Pentagon" too. Except, they're encouraging the hacking of critical systems. "Tell us first, get big reward!" is the slogan for the program. Oh, if I were only an Onion contributor...
  • In other news, the Chinese government projects a massive surge in revenue from "foreign sources." Economists are unclear on the details, but speculate it could lead to increased spending in the second quarter of 2016.
  • The article says, "According to DDS Director Chris Lynch, "Bringing in the best talent, technology and processes from the private sector..." Because the best are just waiting to volunteer to work without clear compensation.
  • What could possibly go wrong? :)

  • by Anonymous Coward

    First price for the "hack the Pentagon" bug bounty program is a one way trip and indefinite accommodations at a tropical island not of your choosing. Stay in a sprawling complex overlooking a beautiful "bay," in one of the most up and coming tourist destinations in the world, Cuba.

  • I don't really need to spell it out, do I?
  • is not to play.

  • the Department of Defense says it's inviting vetted hackers to test the security of its web pages and networks. Vetted hackers will need to pass a background check"

    thats like cops inviting vetted thieves to try and break into a house, after passing a background check yeah.... that will work! LULZ
    • Closer to them asking locksmiths to pick a lock.
      There is a large legal industry of hackers, so getting a large amount of skilled people who can pass a background check and are vetted is expensive but possible.
  • None of the articles I Googled showed numbers. I'm skeptical the public side of the government can compete with the private business sector. Facebook split $900k over 210 people (or a whopping $4,300k per person) for their bug bounty program, and I can't believe that many people put that much effort into cracking top-notch security at Facebook for that little. In contrast, "black market" (I'm pretty sure vulnerability disclosure isn't illegal, yet) prices for an iOS RCE are $1m+, and I bet our government wo
  • For those wanting to add "passed DoD background check" to their resume, this might be an opportunity to do it for free (as in no up-front monetary cost).

  • Screw vetting and permission. If you want results publically announce a target and dispense with terms and conditions bullshit. Otherwise your just wasting everyone's time.

"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming

Working...