‘Hack The Army’ and get paid, as part of the U.S. Military Bug Bounty program. You might find it odd, as usually it is those huge tech companies which organize these kinds of events where cash rewards are offered to hackers who are able to find vulnerabilities in their software. Several tech giants like Microsoft, Yahoo, Google, Facebook and Twitter have had their respective successful Bug Bounty programs.
The Pentagon had their first this year, with their very own ‘Hack the Pentagon’, and now the Army hopes to join in too, by expanding the government’s defense within its systems with its ‘Hack the Army’ kicking off this month.
“We’re not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense,”
He also said in a press conference that
“We’re looking for new ways of doing business.”
It makes sense to keep the stakes relatively low at the start, by focusing on the digital services involved in recruitment rather than dealing with artillery or radar navigation.
The risk of running to hackers taking advantage of this opportunity to compromise the army’s hidden agendas is, however, one of the major concerns, as this kind of programs are usually considered unorthodox for agencies like the Army that hold institutionalized secrecy at their core.
Fanning added on this by saying how important it is to understand that the hackers that will participate in this bounty program are
“people we might normally have avoided, and much of the Department [of Defense] still does.”
This major risk can be tackled and reduced by having a systematic planning with agencies to adjust by accommodating whilst gradually adding and expanding bug bounty programs.
One such agency is the security consulting firm, HackerOne, which was responsible for facilitating the first ‘Hack The Pentagon’. The firm is also currently partnering up to facilitate ‘Hack The Army’.
Alex Rice, the CEO of HackerOne, hopes these bug bounty programs will expand across the military and it is a hope that is likely to prospect, since HackerOne’s contract with the Department of Defense gives liberty to any affiliated agency with the Defense to get a bug bounty going.
“You absolutely start seeing this effect when people witness the benefits of collaboration toward security goals. They start to look for even more creative ways to apply it.”
The firm further backed on this initiative to be an effective strategy by saying
“Working with the hacker community is an effective way to uncover vulnerabilities in even the most powerful organisations… Inviting the hacker community to find unknown security vulnerabilities will supplement the great work the army’s talented cybersecurity personnel are doing already.”
Who Can Join?
If you can hack your toaster or your friend’s Facebook account, why not hack the U.S. army right?
Well, I’m sorry to say, that this program isn’t open to everyone. You have to get invited, (invite-only) as the hackers chosen must be carefully cross-examined thoroughly. Although that is not the case, if you are a military and government personnel who wishes to participate, as you will be granted an automatic entry.