White Hat Hacking: Hack the Pentagon?

Hack the Pentagon?

White Hat Hacking: Hack the Pentagon?

The Null Byte community is all about learning white hat hacking skills. In part, this is because I believe that hacking skills will become the most valuable and important skill set of the 21st century.

This week, The U.S. Department of Defense confirmed my belief by announcing the start of their own hacking bounty program. This program is for white hat hackers (our kind here at Null Byte), and the idea is that the Pentagon will pay white hats to find vulnerabilities in their systems and software.

Although many large software companies such as Google and Microsoft have similar programs, this is the first time the Pentagon—or for that matter, any U.S. federal agency—has invited hackers to attempt to break their systems.

Image by David B. Gleason/Wikimedia Commons

Secretary of Defense Ash Carter has made cyber security and cyber warfare (another vocation for white hat hackers) a priority. In the spring of 2015, he gave a speech emphasizing the Department of Defense's need for cyber warriors to a high school in the Washington, D.C. area. There he encouraged students to study white hat hacking and even encouraged their parents to do the same.

Now, he is taking the next step to secure the Department of Defense by offering bug bounties to hackers who can find vulnerabilities in DoD systems. He hasn't yet fleshed out the details, but we know that hackers will need to pass a background check before they will be invited to hack into these systems that may contain highly confidential information.

This is likely to be just the beginning, as other government agencies will soon also offer similar bug bounties. It is now becoming a very real possibility that hacking the U.S. government systems can become a legitimate and high-paying career!

Despite spending millions of high-priced security experts and contractors, U.S. agencies and departments have been repeatedly hacked in recent years. Among the largest was the hack by presumably Chinese hackers of the Office of Personnel Management where personnel and background check records of over 80 millions current and former U.S. government employees were lost. In addition, just last month the IRS revealed that some of their records were lost to hackers.

The overall idea behind the "Hack the Pentagon" program and other bug bounty programs is that if you provide an incentive to white hat hackers, like us, we will find the vulnerabilities before the black hat hackers. In that way, the company or department can patch the vulnerability before the bad guys, foreign governments, or cyber criminals are able to hack the system.

The overall message, I believe, is that if you stay here at Null Byte, study diligently, and get a few certifications, you will have mastered the most valuable and important skill set of the 21st century!

14 Comments

I feel like I'm on a watchlist for reading this, haha. +1

I don't trust them.

you will become a target.

"Linux Rulez", is a Windows window. Good choice for that picture OTW, the irony is strong in that one! :D

Anyway, back to the topic: I don't really trust this bug bounty program of the DoD. I'm not from the US so I shouldn't really be concerned, but I am still sceptical about it. Why would the DoD allow hackers, no matter the type, to legally attempt to break into their systems, and running the risk of getting their secrets leaked.

I mean, it wouldn't be the first time a white hat went rogue after discovering some "sensitive" information. Let us not forget that Edward Snowden was a white hat himself before he exposed the NSA scandal!

So things don't add up for me: why would the Pentagon take the risk of having smart people (if they manage to get into the Pentagon somehow, they surely are smart) break into their systems?

A white hat could participate in this bounty with the best intentions, but if he manages to root one of the Pentagon's boxes and stumbles upon sensitive information, I highly doubt he will not expose those secrets. So why is the Pentagon taking this risk?

I think me and Dark Knight follow the same philosophy in this case.

Just a random thought I had while reading your article, OTW. I'd be happy to hear your opinion about it.

-Phoenix750

from what I read the program plans that can be hacked only a specific part of their systems disconnected from those critics

"Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system. Other networks, including the department's critical, mission-facing systems will not be part of the bug bounty pilot program."

In this way it makes more sense

OTW:

please when will another recognition of excellence nullbyte fellows start. I want to participate in the next one ?

Dark Net:

I will be starting a new Tutorial Recognition of Excellence contest in the very near future.

Intersesting.. read about it the other day, and in my personal point of view we can call it a progresses, but it's not good enough..

I mean that guys with security clearances are just the tip of the iceberg when it comes to skilled Hackers, when there are tons of VERY talented individuals who do this stuff on the "Gray Area" and can contribute a heck of alot more!

Very interesting. I'm not sure what to think. But I do feel that this is a good step for the US government, trying to get ahead of cyber warfare before they get caught with their pants down.

-Defalt

I'm fairly sure under the current rules, aswell as undergoing some sort of background check, you need to be a US citizen to participate. If anyone does go through with this, it would be interesting to hear about their experiences.

That's correct.

-Phoenix750

Hello occupytheweb! I want to download Kali linux but i don't know if it will effect my Windows 8.1 files or programs and when i try and hit the install button on Kali linux it just shows a black screen. Thank you! :)

if they want us to hack them i'm all for it but i have friends that are under 18 yet some of the smartest people i know if that want to do this they should have a server with all their security but with none of their secrets on there give us the ip and let all of us have a go at. also i see the point with only u.s. citizens but if you want the best experience allow everyone.

As a former employee of the Government, I can tell you their security measures are not the best. If not the equipment, then the training that the actually employees receive.

Alot of folks have a very skeptical view of our Gov right now, and I get that for sure. However, I feel compelled to say that, I have seen the worst this world has to offer, and by in large, our government has good intentions. I guess the old "1 bad apple rule" applies.

When I enrolled into the Cuber Security program here where I am, there was only 100 or so folks in the program, now there are a couple thousand. Cyber Security, Data Assurance, or whatever you want to call it is one of the fastest growing fields out there. There is no shortage of people that want to do harm with little the smallest amount of investment possible.

I will try it. And, @airassault, you are right. Being in a ring of hackers, we have a ring of informants and contacts in the Gov.

Share Your Thoughts

  • Hot
  • Latest