Security research and ethical hacking company HackerOne hosted an event at which hackers found 106 vulnerabilities in the US Air Force’s cybersecurity systems and were awarded $103,883 for their efforts.
The Hack the Air Force bounty bug challenge – the second such event following the success of the first run, which paid out over $130,000 to hackers in 2017 – invited hackers from 26 countries to hack into USAF systems to expose and fix security weaknesses. A spokesperson at HackerOne commented that ‘the total vulnerabilities for [Hack the Air Force] 2.0 are all new – not vulnerabilities that had surfaced before.’
The challenge began on 9 December 2017 with a live-hacking event, where 24 hackers worked with DoD and Air Force personnel to find 55 vulnerabilities within nine hours.
“Hacker-powered security is emerging as the most potent cure to the sorry state of software security,” said HackerOne CEO Marten Mickos. “The vulnerabilities that go unnoticed by scanners and other expensive security products are more quickly and more cost-effectively found by ethical hackers.”
HackerOne has worked with companies such as GM and Starbucks since 2016, and their hackers have been paid over $25 million by companies in return for their help in identifying cybersecurity risks. The group currently has over 100,000 members and plans to continue expanding.
The challenge is part of the US Department of Defense’s (DoD) Hack the Pentagon security scheme, which offers cash prizes to hackers who are able to penetrate the defences of the Pentagon, and the US Army, during specified timeframes. Since the scheme started in 2016, over 3,000 vulnerabilities have been resolved in US government systems, and hackers have been awarded over $330,000 for their work.
“We continue to harden our attack surfaces based on findings of the previous challenge and will add lessons learned from this round,” said Air Force CISO Peter Kim.
“This reinforces the work the Air Force is already doing to strengthen cyber defences and has created meaningful relationships with skilled researchers that will last for years to come.”