“During five weeks between October 9 and November 15, 2019, the U.S. Army was hacked by a total of 52 hackers.”
Hack the Army 2.0 was a joint venture between the U.S. Department of Defense, the Defense Digital Service and the HackerOne bug bounty platform.
The HackerOne hacker-powered bug bounty platform
HackerOne, is a hacker-powered penetration testing and vulnerability discovery platform that has made millionaires of some of its best hackers. One even managed to hack the HackerOne platform itself, such is the tenacity and talent of those who are signed up. The point of the platform, and the reasoning behind Hack the Army, is to uncover flaws and bugs that could leave an organization, in this case the U.S. Army, vulnerable to attack from less principled hackers including nation-state adversaries such as Iran.
“146 U.S. Army vulnerabilities found, $275,000 paid“
There were in excess of 60 publicly accessible U.S. Army online assets that could be targeted by the hackers during the five-week challenge window. These included the army.mil and goarmy.com web domains and the Arlington Cemetery website. The 52 hackers, from countries including the U.S., Canada, Germany and Romania, reported a total of 146 validated vulnerabilities in all. “The U.S. Army awarded over $275,000 (£210,500) to hackers for their efforts, with the highest single monetary award or “bounty” being $20,000 (£15,300),”
Close to 10,000 vulnerabilities resolved by joint DoD and HackerOne programs since 2016.The first Hack the Army program concluded December 21, 2016, and uncovered 118 vulnerabilities. One of the most significant being a flaw that enabled a hacker to move from the public-facing goarmy.com website to an internal DoD website that should have needed special credentials to access.
Hacker helps protect millions of people.