As much as 150 vulnerabilities were discovered by white hat hackers in US Marine Corp websites and related services. For the findings which happened during a three-week bug bounty program, the ethical hackers were rewarded nearly $150,000 in cash rewards.
More about the Hack the Marine Corps Bug Bounty Program
The vulnerabilities were uncovered during a bug bounty program called “Hack the Marine Corps”, organized by the US Department of Defense and HackerOne. More than 100 ethical hackers attended the event.
Over 100 ethical hackers tested public-facing Marine Corps websites and services in an effort to harden the defenses of the Marine Corps Enterprise Network (MCEN). Over the 20 days of the hacking challenge, hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER) team and were awarded over $150,000 for their findings, HackerOne wrote.
Hack The Marine Corps witnessed security researchers and white hat hackers working alongside the US Marine Corps Cyberspace Command team.
“I will never forget having a two-star General looking over the shoulder of hackers while they dug deeper into a Marine Corps site with permission and oversight from the Marine Corps team. Experiences like these are incredibly valuable to the organizations, and for the hackers who rarely get that type of opportunity to dive deeper,” stated Luke Tucker, Sr. Director of Community at HackerOne.
“What we learn from this program assists the Marine Corps in improving our warfighting platform. Our cyber team of Marines demonstrated tremendous efficiency and discipline, and the hacker community provided critical diverse perspectives,” added Major General Matthew Glavy, Commander of U.S. Marine Corps Forces Cyberspace Command.
The first edition of this bug bounty took place in 2016 and was Pentagon-themed. Later edition of the hacking event include Hack the Army, Hack the Air Force, and Hack the Defense Travel System, and now – Hack the Marine Corps.
All in all, these events have led to the disclosure of more than 5,000 vulnerabilities in US government systems. White hats who discover newer vulnerabilities can disclose via the DoD’s ongoing vulnerability disclosure program with HackerOne at any other time.