Perhaps in light of the fact that hackers were recently able to steal $81 million from the account of the Bangladesh central bankheld at the New York Fed, or as a result of the Fed admitting several data breaches over the past few years, the Pentagon decided to finally get around to testing the security of its network.
The program, called “Hack the Pentagon” invited hackers to identify vulnerabilities on five public Pentagon internet pages in exchange for cash for each security gap exposed. As a result, the 1,410 hackers that participated found 1,189 vulnerabilities, and the first gap was found just 13 minutes after the event began. Out of the 1,189 vulnerabilities, the Pentagon determined that only 138 were valid and unique – “These are ones we weren’t aware of, and now we have the opportunity to fix them. And again, it’s a lot better than either hiring somebody to do that for you, or finding out the hard way.” Defense Secretary Ash Carter said.
The Pentagon said this was the first time the federal government has undertaken a program with outside hackers attempting to breach the networks, and the total cost was $150,000. Roughly half of the $150k was paid directly to the hackers as bounties, with a range of $100 to the maximum prize of $15,000 for submitting a pair of security gaps.