• Good idea of the week: Pentagon invites hackers to hack them
    21 replies, posted
[url]http://www.entrepreneur.com/article/273360?utm_campaign=SocialSwap&utm_source=ZDT&utm_medium=Social&utm_content=Articles[/url] [QUOTE]The U.S. Department of Defense is asking the hacker community for help. The Pentagon has launched a bug bounty program, which is a public challenge inviting hackers to find vulnerabilities in its computer systems in exchange for cash rewards. The Department of Defense has set aside $150,000 to pay hackers for any holes in the military’s cyber security system, according to a statement announcing the bug bounty program.[/QUOTE] "what can go wrong?"
I'm surprised they're asking this considering the amount to which the DoD is regularly hacked by the rest of the world on an hourly basis. Though it's amusing that -now- they're asking for help given recent events.
iirc they require you submit your SSN and get approval before attempting to hack them, or else you face criminal charges. Please correct me if I'm thinking of something else
[QUOTE=cody8295;50067168]iirc they require you submit your SSN and get approval before attempting to hack them, or else you face criminal charges. Please correct me if I'm thinking of something else[/QUOTE] Just in case you do exactly what they ask a little too well.
$150,000 is a lot of money. Not even "Most Wanted" FBI/DEA rewards rival close to that figure.
[QUOTE=Starpluck;50067223]$150,000 is a lot of money. Not even "Most Wanted" FBI/DEA rewards rival close to that figure.[/QUOTE] it sounds like its a cash pool of $150,000 to pay hacker([B]s[/B]), not $150,000 per hacker for finding a bug
Why is this a bad idea? It's called penetration testing. Everybody does this but now theyre just asking for a larger pool of applicants. Google does the exact same thing, offering money to anyone who find security flaws or bugs in their services.
Bug bounty programs like these are relatively common nowadays, especially among the big names.
[QUOTE=proboardslol;50067290]Why is this a bad idea? It's called penetration testing. Everybody does this but now theyre just asking for a larger pool of applicants. Google does the exact same thing, offering money to anyone who find security flaws or bugs in their services.[/QUOTE] Nothing wrong with it, the timing is just a bit funny. There was just a massive leak detailing widespread international corruption, and now we want to just go ahead and double-check our vulnerability right quick.
[QUOTE=Big Dumb American;50067332]Nothing wrong with it, the timing is just a bit funny. There was just a massive leak detailing widespread international corruption, and now we want to just go ahead and double-check our vulnerability right quick.[/QUOTE] To be fair, the Pentagon announced this program a little while ago before the Panama Papers.
[QUOTE=cody8295;50067168]iirc they require you submit your SSN and get approval before attempting to hack them, or else you face criminal charges. Please correct me if I'm thinking of something else[/QUOTE] How else do you get hackers to legally bring themselves in but the money isn't worth it. 150k isn't much when spread around a large group of people.
[QUOTE=Starpluck;50067223]$150,000 is a lot of money. Not even "Most Wanted" FBI/DEA rewards rival close to that figure.[/QUOTE] It's a pool, though if they paid 10k for a bug that's still not chump change
[QUOTE=Starpluck;50067223]$150,000 is a lot of money. Not even "Most Wanted" FBI/DEA rewards rival close to that figure.[/QUOTE] Catching one criminal is arguably worth much less than catching a security vulnerability. If the $150,000 is a pooled prize, I dare argue that it's too little.
I have a friend of mine who works in penetration hacking. I should tell him to do it and split the money with me
[QUOTE=Demolitions2;50069419]I have a friend of mine who works in penetration hacking. I should tell him to do it and split the money with me[/QUOTE] That sounds like something you would read in a news paper, a duo of hackers attempting to hack the Pentagon are arrested after incorrectly filling out paper work.
They should've extended an offer like this to Gary McKinnon instead of trying to extradite him.
[QUOTE=Marik Bentusi;50067315]Bug bounty programs like these are relatively common nowadays, especially among the big names.[/QUOTE] You can make a lot of money being a hacker for the FBI. Honestly they want people who know how to do this stuff to work for them because it makes them stronger and more innovative with security
asking people to hack your shit is perfectly fine honestly, you'd be dumb nowadays to not ask people to (in a controlled environment of course) technology is rapidly getting more sophisticated and that's for the good and bad, being on last years security measures won't cut it in this day and age
Security audits performed in this fashion are pretty common, and are an excellent way to scout talent.
[QUOTE=Big Dumb American;50067332]Nothing wrong with it, the timing is just a bit funny. There was just a massive leak detailing widespread international corruption, and now we want to just go ahead and double-check our vulnerability right quick.[/QUOTE] You always find a way to spin whatever the US government does in a bad light.
[QUOTE=Big Dumb American;50067332]Nothing wrong with it, the timing is just a bit funny. There was just a massive leak detailing widespread international corruption, and now we want to just go ahead and double-check our vulnerability right quick.[/QUOTE] This was annouced weeks before.
[QUOTE=Big Dumb American;50067332]Nothing wrong with it, the timing is just a bit funny. There was just a massive leak detailing widespread international corruption, and now we want to just go ahead and double-check our vulnerability right quick.[/QUOTE] Government agencies do stuff like this all the time, dude Also why would the DOD have panama information
Sorry, you need to Log In to post a reply to this thread.