Hackers participating in the Pentagon’s latest bug bounty program found 150 unique vulnerabilities in the Marine Corps’ public-facing websites, officials said Wednesday.
The Pentagon paid out $150,000 to ethical hackers as part of the Hack the Marine Corps program to find potential areas of exploitation in the Marine Corps Enterprise Network.
“Hack the Marine Corps was an incredibly valuable experience. When you bring together this level of talent from the ethical hacker community and our Marines we can accomplish a great deal. What we learn from this program assists the Marine Corps in improving our warfighting platform,” Maj. Gen. Matthew Glavy, commander of Marine Corps Forces Cyberspace Command, said in a statement.
The bug bounty program, which is led by HackerOne, began in August at the DEF CON conference in Las Vegas where ethical hackers found 75 vulnerabilities and were awarded over $80,000 in rewards (Defense Daily, August 13).
Hack the Marine Corps concluded on Aug. 26, with hackers discovering 75 additional security flaws in the Marine Corps’ portion of the Department of Defense Information Network.
“It was great having the opportunity to work side-by-side with the Marines to help secure their assets.These are my favorite types of programs to be a part of, because they allow me to have a massive impact on systems critical to national security,” Tanner Emek, a participating hacker, said in a statement.
HackerOne was selected in 2016 to lead the Hack the Pentagon bug bounty initiative alongside the DoD’s Defense Digital Service. The program has resulted in the discovery of over 800 vulnerabilities across the Pentagon and service-specific networks.
The Army’s bug bounty program, launched in December 2016, found 118 network vulnerabilities and paid out $100,000 to hackers. The Air Force held two ethical hacking exercises in 2017, where officials discovered over 300 vulnerabilities between the events.