Hacking into the Pentagon usually leads to dire consequences, but the 80 tech experts who tried to do so this past month weren’t just encouraged to do so—they were paid. As Bloomberg reports, the pilot project was part of an investigation from the Pentagon’s Defense Digital Service (DDS) into the safety of their internal systems.
Given the importance of the undertaking, the Pentagon took every precaution possible. The “file transfer mechanism” the hackers were given permission to access wasn’t the real system, but a convincing simulation. The real version is what the department uses to send sensitive and sometimes classified emails, documents, and images to different networks. They also secured each hacker’s laptop to prevent unauthorized users from entering the simulation that way.
When the initiative launched on January 11, DDS “bureaucracy hacker” Lisa Wiswell expected at least a week to pass before the team found any vulnerabilities. She told Bloomberg that it only took a few hours for a hacker to identify the first gap in the system.
The Pentagon first invited tech experts to test their cybersecurity last year when they announced the Hack the Pentagon program. For that initiative, any U.S. citizen could apply for authorization to dig for weaknesses in the Department of Defense’s public websites. More than 1400 hackers took part in that “bug bounty” contest, with 138 of them reporting legitimate vulnerabilities.
This latest project differs in a major way: Instead of sifting through public websites, anonymous hackers looked for flaws in one of the Pentagon’s internal systems. The anonymous hackers are prohibited from revealing any details about their findings, but the DDS says they’re currently resolving any problems that were discovered.
[h/t Bloomberg]
February 13, 2017 – 1:30pm