Tanto quanto 150 vulnerabilidades foram descobertas por hackers de chapéu branco em sites US Marine Corp e serviços relacionados. Para os resultados que aconteceram durante um programa bug recompensa de três semanas, os hackers éticos foram recompensados quase $150,000 in cash rewards.
More about the Hack the Marine Corps Bug Bounty Program
The vulnerabilities were uncovered during a bug bounty program called “Hack the Marine Corps”, organized by the US Department of Defense and HackerOne. Mais que 100 ethical hackers attended the event.
Sobre 100 ethical hackers tested public-facing Marine Corps websites and services in an effort to harden the defenses of the Marine Corps Enterprise Network (MCEN). Over the 20 days of the hacking challenge, hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER) team and were awarded over $150,000 for their findings, HackerOne wrote.
Hack The Marine Corps witnessed security researchers and white hat hackers working alongside the US Marine Corps Cyberspace Command team.
“I will never forget having a two-star General looking over the shoulder of hackers while they dug deeper into a Marine Corps site with permission and oversight from the Marine Corps team. Experiences like these are incredibly valuable to the organizations, and for the hackers who rarely get that type of opportunity to dive deeper,” stated Luke Tucker, Sr. Director of Community at HackerOne.
“What we learn from this program assists the Marine Corps in improving our warfighting platform. Our cyber team of Marines demonstrated tremendous efficiency and discipline, and the hacker community provided critical diverse perspectives,” adicionado Major General Matthew Glavy, Commander of U.S. Marine Corps Forces Cyberspace Command.
The first edition of this bug bounty took place in 2016 and was Pentagon-themed. Later edition of the hacking event include Hack the Army, Hack the Air Force, and Hack the Defense Travel System, and now – Hack the Marine Corps.
Contudo, these events have led to the disclosure of more than 5,000 vulnerabilities in US government systems. White hats who discover newer vulnerabilities can disclose via the DoD’s ongoing vulnerability disclosure program with HackerOne at any other time.