'Hack The Army'

‘Hack The Army’ and get paid, as part of the U.S. Military Bug Bounty program.  You might find it odd, as usually it is those huge tech companies which organize these kinds of events where cash rewards are offered to hackers who are able to find vulnerabilities in their software. Several tech giants like Microsoft, Yahoo, Google, Facebook and Twitter have had their respective successful Bug Bounty programs.

The Pentagon had their first this year, with their very own ‘Hack the Pentagon’, and now the Army hopes to join in too, by expanding the government’s defense within its systems with its ‘Hack the Army’ kicking off this month.

If you want to know how extreme it is, well, take a look at how a team of young Chinese hackers manage to hack a Google Pixel in 60 seconds and win $120000 as cash prize.

Why ‘Hack the Army’?

'Hack The Army'

Eric Fanning, Outgoing Secretary of the U.S. Army, explained that the program asks hackers to critically examine and find flaws in the Army’s digital recruiting infrastructure.

‘Hack the Pentagon’ was more to asking hackers to assess static websites

If you don’t know what static websites are, take a look at what is the difference between Static Websites and Dynamic Websites?

‘Hack the Army’, on the other hand, will be focusing more towards recruitment sites and databases of personal information about both new applicants and existing army personnel.

One of several websites, which will be given focus, is the application site for joining the U.S. army.

Fanning added

“We’re not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense,”

He also said in a press conference that

“We’re looking for new ways of doing business.”

It makes sense to keep the stakes relatively low at the start, by focusing on the digital services involved in recruitment rather than dealing with artillery or radar navigation.

'Hack The Army'
Officers of the 36th Electronic Warfare Squadron monitor a simulated test of cyberwarfare in the Central Control Facility at Eglin Air Force Base in Florida, 19 April 2008

The risk of running to hackers taking advantage of this opportunity to compromise the army’s hidden agendas is, however,  one of the major concerns, as this kind of programs are usually considered unorthodox for agencies like the Army that hold institutionalized secrecy at their core.

Fanning added on this by saying how important it is to understand that the hackers that will participate in this bounty program are

“people we might normally have avoided, and much of the Department [of Defense] still does.”

 This major risk can be tackled and reduced by having a systematic planning with agencies to adjust by accommodating whilst gradually adding and expanding bug bounty programs.

One such agency is the security consulting firm, HackerOne, which was responsible for facilitating the first ‘Hack The Pentagon’. The firm is also currently partnering up to facilitate ‘Hack The Army’.
Alex Rice, the CEO of HackerOne, hopes these bug bounty programs will expand across the military and it is a hope that is likely to prospect, since HackerOne’s contract with the Department of Defense gives liberty to any affiliated agency with the Defense to get a bug bounty going.

“You absolutely start seeing this effect when people witness the benefits of collaboration toward security goals. They start to look for even more creative ways to apply it.”

The firm further backed on this initiative to be an effective strategy by saying

“Working with the hacker community is an effective way to uncover vulnerabilities in even the most powerful organisations… Inviting the hacker community to find unknown security vulnerabilities will supplement the great work the army’s talented cybersecurity personnel are doing already.”

Who Can Join?

'Hack The Army'

If you can hack your toaster or your friend’s Facebook account, why not hack the U.S. army right?

Well, I’m sorry to say, that this program isn’t open to everyone. You have to get invited, (invite-only) as the hackers chosen must be carefully cross-examined thoroughly. Although that is not the case, if you are a military and government personnel who wishes to participate, as you will be granted an automatic entry.


What about Trump?

'Hack The Army'

With Donald Trump being elected as the new President, some questions arise whether this bug bounty will still be held by Trump’s administration.

The good news is yes, because the Army’s bug bounty program and HackerOne’s contract with the Department of Defense, is still currently undergoing.

But the bad news is that future bug bounty programs might be something undecided for now, and might be overlooked by the new appointed military. This is due to the fact a change in military policy under the new Trump administration might force big changes in the setup of the U.S. military system and this can lead to a stricter regime.

All in all, if ‘Hack the Army’ can prove its effectiveness with recruitment sites and databases, hackers may get the chance to take on more exciting military systems in the future.


Follow me on Snapchat, and I’ll keep you updated with what’s going on every now and then. 🙂