Hackers find security gaps in Pentagon websites
Published 18/06/2016 | 00:56
Hackers brought in by the Pentagon to breach Defence Department websites have found 138 different security gaps, defence secretary Ash Carter said.
The so-called white-hat hackers were turned loose on five public Pentagon internet pages and were offered various bounties if they could find unique vulnerabilities.
The Pentagon said 1,410 hackers participated in the challenge and the first gap was identified 13 minutes after the hunt began.
Overall, they found 1,189 vulnerabilities, but a review by the Pentagon determined that only 138 were valid and unique.
The experiment cost 150,000 dollars (£100,000). Of that, about half was paid to the hackers as bounties, including one who received the maximum prize of 15,000 dollars (£10,000) for submitting a number of security gaps.
"These are ones we weren't aware of, and now we have the opportunity to fix them. And again, it's a lot better than either hiring somebody to do that for you, or finding out the hard way," said Mr Carter.
The Pentagon said this was the first time the federal government had undertaken a programme with outsiders attempting to breach the networks. Large companies have done similar things.
Called Hack the Pentagon, the programme will be followed by a series of initiatives, including a process that will allow anyone who finds a security gap in Defence Department systems to report it without fear of prosecution. The department will also expand the bounty programme to the military services and encourage contractors to allow similar scrutiny.