‘Hack the Air Force’: US invites foreign techies for ‘bug bounty’ challenge
The Air Force challenge will be open to hackers based in the so-called Five Eyes countries – an intelligence alliance comprising Australia, Canada, New Zealand, the UK and the US – according to HackerOne, the company which will oversee the bug bounty initiative.
“This is the first time the [US]AF has opened up our networks to such broad scrutiny,” said Air Force chief information security officer Peter Kim.
“We have malicious hackers trying to get into our systems every day. It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture. The additional participation from our partner nations greatly widens the variety of experience available to find additional vulnerabilities.”
HackerOne, a vulnerability coordination and bug bounty start-up funded by the CEOs of Dropbox, Yelp, and Salesforce, was chosen last year to run a similar competition called Hack the Pentagon. Registration for Hack the Air Force is set to begin on May 15, via the HackerOne website, and will run from May 30 to June 23.
On Thursday, the Air Force encouraged hackers to take part in the challenge through a Facebook livestream.
“These are probably people out there, around the world, who particularly aren’t friendly with the Department of Defense,” Kim said on the livestream. “And they generally don’t tell us what’s wrong with our systems until we find out that something’s been hacked. I know we have vulnerabilities, and I want to know where those are in the United States Air Force.”
‘Bug bounties’ have originated from the corporate sector, but gained popularity among government agencies due to the work of the Defense Digital Service, a Pentagon-affiliated agency which hires highly-qualified tech specialists for what is known as ‘tours of duty.’
Last year, around $75,000 was awarded by the US government in the Hack the Pentagon bug bounty. More than 1,400 people registered for the program, revealing 138 vulnerabilities in government websites.
Hack the Army, another US government-run program, attracted 371 hackers who generated 118 valid reports and received more than US$100,000 in bounties.