Are YOU able to deconstruct world-leading military security technology? Here’s your chance to try, courtesy the US DoD’s new invitational.
Announced on 26 April, the ‘bug bounty programme’ is the third of its kind to have been launched. Following in the ‘Hack the Pentagon’ and ‘Hack the Army’ campaigns’ footsteps, ‘Hack the Air Force’ will very soon be underway. Alongside the US Defense Department, bug bounty platform HackerOne is this programme’s co-stager.
Both ‘ethical hackers’ (so-called ‘white-hat hackers’) and security researchers are invited to search for weaknesses in key USAF websites.
Hack the Pentagon was restricted to US residents only. Hack the Air Force is open to a wider applicant base, specifically people from Australia, Canada, the UK and New Zealand. These are the five nations (United States included) that together make up the ‘Five Eyes’ security alliance.
Hack The Air Force Registration
"This is the first time the Air Force has opened up our networks to such a broad scrutiny”, commented USAF Chief Information Security Office Peter Kim. "We have malicious hackers trying to get into our systems every day. It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture.
"The additional participation from our partner nations greatly widens the variety of experience available to find additional unique vulnerabilities."
Potential Hack the Air Force participants are asked to sign-up via HackerOne’s website when registration opens on 15 May.
The actual campaign launches on 30 May and runs until 23 June.
Air Force Website Vulnerabilities
Hack the Pentagon had its launch in April 2016, while Hack the Army was activated last November. Some 1,400 ‘hackers’ got involved in the first campaign, security flaws were rapidly identified and overall bounty payments totalled $75,000. Initial Hack the Army reports indicate submission of the first vulnerability report occurring mere minutes post-launch, 118 reports being received in all and approximately $100,000 being paid out. It’s not yet known how much will be awarded this time around.
“We do cyber exercises”, Air Force Chief of Staff, General David Goldfein, said during 26 April’s Hack the Air Force announcement event. “We ‘Red Team’ our public facing and critical websites, but even with the amazing talent we have within the Air Force, the outside expertise will assist with identifying and resolving security vulnerabilities within Air Force websites, making our cybersecurity stronger.”
Images copyright USAF – courtesy Wikimedia Commons