The Air Force has kicked off a second wave of its bug bounty program, dubbed Hack the Air Force, aimed at better protecting the service’s networks.

The program allows pre-approved “ethical” hackers to penetrate certain portions of military websites in search of vulnerabilities for potential cash payouts.

The first Hack the Air Force event was described as the most successful bug bounty to date, opening up participation to international hackers for the first time. The Army and Defense Department have run similar events.

[Now the Air Force wants to get hacked, too]

Previously unannounced, Hack the Air Force 2.0 kicked off Saturday Dec. 9 in New York City, according to a blog post from HackerOne, a bug bounty company partnering with DoD on its various bug bounty efforts. Government and Defense Department leaders have announced earlier iterations of the program.

[DoD entrenches bug bounty program]

[Army announces its own ‘Hack the Pentagon’]

During nine hours of hacking at the Dec. 9 event, 25 civilian hackers from seven countries along with seven airmen reported a total of 55 vulnerabilities with six members of the Defense Media Activity supporting remediation on-site. All told, the Air Force doled out $26,883 for loopholes discovered.

In one instance, a hacker reported a vulnerability in an Air Force website that was used to pivot onto DoD’s unclassified network. Under the supervision of DoD personnel, the hacker was authorized to keep digging to see how far they could go, according to HackerOne.

“We wouldn’t have found this without you,” DMA Public Web Chief of Operations James Garrett, said to the hackers.

At the conclusion of the Dec. 9 event, DoD leaders announced Hack the Air Force 2.0 will continue through Jan. 1, 2018 and will be open to citizens from the United States, Australia, Canada, New Zealand, United Kingdom as well as citizens from NATO countries. U.S. service members are also eligible to participate but are not eligible for bounties.

DoD has resolved over 3,000 vulnerabilities from public facing websites through its various bug bounty programs over the past year, HackerOne said. As a result, hackers have been paid over $300,000 in bounties.

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

Share:
More In IT and Networks
US must prepare for proliferation of cyber warfare
To build cyber resilience in this heightened threat environment, agencies must work closely with both international counterparts and industry to align on a proactive, global approach to all cyber threats –– not just state-sponsored attacks.