back to article Pentagon: We'll pay you if you can find a way to hack us

The US Department of Defense has created a broad but short bug bounty program for reports of vulnerabilities in public-facing systems and applications. The Hack US program kicked off on Independence Day and is scheduled to run though July 11, with reward totals reflected by the severity of the flaws. The DoD has allocated up …

  1. jake Silver badge

    Do I look like a ground-nut farmer?

    I don't work for peanuts.

    1. Dinanziame Silver badge
      Angel

      Re: Do I look like a ground-nut farmer?

      Hey, at least they won't have you jailed/extradited/renditioned for treason/espionage... Probably.

      1. Jellied Eel Silver badge

        Re: Do I look like a ground-nut farmer?

        Hey, at least they won't have you jailed/extradited/renditioned for treason/espionage... Probably.

        Well, did you complete form DOD:1236-6349-10943104 in triplicate, and have it approved prior to your attempt to hack the DoD?

        I'm kinda wondering how this will work. DoD already invites hackers by virtue of it's existence. So how will it determine if hacking attempts are people trying to win the bug bounties, or more nefarious attacks? And could you use the bug hunt as a defence if you're caught hacking DoD?

        I also doubt it's retrospective and could be used as a defence by Assange and Manning, but I guess Assange may try..

        1. sanmigueelbeer Silver badge

          Re: Do I look like a ground-nut farmer?

          It is a all-season-pass for the NK, Iranians, Chinese and Russian players, who have been hacking the US for decades.

          And when they do get through, like EternalBlue, the "reward" is endless.

      2. Anonymous Coward
        Anonymous Coward

        Re: Do I look like a ground-nut farmer?

        But you do get a free orange jumpsuit and a free vacation to collect your bounty, in person, from the Bank of Gitmo.

        Remember, you can check out anytime, but you can never leave...

    2. chivo243 Silver badge

      Re: Do I look like a ground-nut farmer?

      I don't work for peanuts.

      Neither does Eddie Valiant, but Dumbo does...

  2. elDog

    Anyone else thinking that these "security research firms" are getting a bit too prolific?

    Every article I read seems to include 5 or 10 new company names that are "leading experts in the fields of ...." Haven't we run out of venture capitalists and new company names yet?

    How to know who to trust? Used to be we just had a few stalwarts: Norton, IBM, Deloitte, PWC. Of course most of them have been hacked or exposed as being venal servants of their own paymasters.

  3. sreynolds Silver badge

    What sort of payment?

    Incarceration at one of the Fed's super maxes, somewhere in Colorado? Pass.

    1. NeilPost Silver badge

      Re: What sort of payment?

      I noted no mention of decriminalising (Ethical) Hacking of The Pentagon

  4. Peter Prof Fox

    What about a name for the prize?

    Gary McKinnon Prize.

    Or Lori Love award.

    Comes with FREE extradition and DECADES in the slammer.

    1. Roland6 Silver badge

      Re: What about a name for the prize?

      I wonder whether they have engaged the services of:

      Ryan Cleary,

      Lauri Love,

      Mason Sheppard,

      Corey De Rose

      et al.

      in return for dropping all charges and wiping the record...

  5. jmch Silver badge
    WTF?

    Cheap!!

    "The DoD has allocated up to $110,000 for the exploit hunt"

    A few $k for finding a major exploit in military network security??? When being able to exfiltrate data or corrupt systems would (a) cost far more to the military and (b) entities antagonistic to US would be prepared to pay far more for such exploits.

    Just as a reminder, the Pentagon's budget is approx $750 billion/yr, and that's just the part that's public.

    1. Yet Another Anonymous coward Silver badge

      Re: Cheap!!

      It is a multi $M project, it's just that after everyone got a promotion and a new office, and then the defence contractors were paid and managed by the lobbyists, selected by the management consultants, and everyone went to Hawaii to see a computer installed there - there was only $100K left in the budget (and that was just because they didn't pay the interns)

  6. Pascal Monett Silver badge

    "cybersecurity is a fundamentally human problem"

    Indeed.

    And I have the feeling that a good step would be a national campaign to tell people to not open attachments from people they don't know.

    Apparently, that would cut hacker success by 90%.

    1. Anonymous Coward
      Anonymous Coward

      Re: "cybersecurity is a fundamentally human problem"

      The DoD have a much better system. 10 year old desktops that take an hour to boot and connect to the network, along with a requirement that they are shutdown when you aren't at your desk.

      Layers of antivirus, with more layers added every time there is an exploit.

      On current trends by 2025 we will have zero exploits as a result of nobody actualy being able to use their computer during a work day.

  7. fpx
    Pirate

    Small Change

    Crypto (-currencies, -exchanges) come with much bigger bug bounty programs. Find a bug, write an exploit, loot the vault and walk away.

  8. amanfromMars 1 Silver badge

    There's more than just simple and complex hacking to be really concerned about ...

    The US Department of Defense is extremely vulnerable to dissent and growing discontent, even from within its own ranks, as increasing volumes of sensitive and disturbing information become ever more widely available for free viewing and further sharing on ubiquitous, easily accessible and indispensable media devices.

    And to imagine that keeping both new recruits and experienced service personnel in the perpetual dark and wilfully ignorant of the greater masterplans of their ultimate private sector leaderships, in ages in which access and exercise of expanded intelligence is well practised and vital in order to survive and prosper, is problematical to a suicidal extent.

    Fortunately they are clearly enough forewarned and advised of such a systemic opportunity/vulnerability/difficulty/nightmare ........

    amanfromMars 1 Wed 6 Jul 09:42 [2207060942] ...... airing an expanding existential threat on https://www.nationaldefensemagazine.org/articles/2022/7/6/congress-alarmed-over-innovation-funding

    [Thank you. Your comment will be displayed soon after reviewing.]

    Sean, Hi,

    Here's some unpleasant reading with things needed to be said, said nice and early before they become too widespread to be contained and controlled by traditional and conventional and current existing and embattled forces and sources active in multiple theatres of chaotic operation and conflict.

    The rapidly emerging and overwhelmingly almighty existential threat to any and all New World Order type organisations/administrations and their Defense Departments and Warring Machines, is the open source, free sharing of sensitive information that in the past would have been labelled proprietary, need to know intelligence, secured and protected behind a firewall and ones signing of various Official Secrets Acts allowing access to myriad classified 'Secret-- NOFORN' designations, but which now can all too easily and swiftly render the ubiquitous defense and pan-national use of the result of such sensitive information, a known unacceptable inequitable travesty and blatant incitement to grand riot and global revolution in support of international security entertaining human rights .... as defending the indefensible and doing vain-glorious battle against future sources of greater intelligence will surely deliver and provision.

    Engagement and mutually beneficial, positively reinforcing, multi-party agreement in such a fundamental elementary field of enlightened proprietary intellectual property employment and enjoyment/deployment and exercise, is no less than absolutely vital if present means and memes of universal governance and information and intelligence supply are to survive without the experience of a totally avoidable Catastrophic SCADA Systems Collapse.

    What modern facilities are there out there, in these days of 0days enjoying their work in such a most vital of fields ‽ .

    Any more than zero ‽ .

    However, all is not necessarily unmitigated doom and thoroughly depressing gloom for the answer remedying that monumental deficit and colossal vulnerability is well enough known and already shared here on this article, "Budget Matters: Congress Alarmed over Innovation Funding", being commented on ...... "Attracting the world’s best and brightest, getting them here, and unleashing their talent for decades"

    And now they know you all know of the dilemma and conundrum, and vice versa, you all know that they know and have been advised to fix it before it is far too late for them to be helped and saved.

  9. Anonymous Coward
    Anonymous Coward

    Benefits galour

    Pay isn't guaranteed but you can count on a certain amount of fame. If you win you get a decent cheque. Then a visit from the FBI or Homeland Security for hacking government servers. Then an offer to make it all go away if you agree to work for cheap...

    Makes sense as a kind of recruitment program.

    I'd want to see a "hold harmless" agreement that's ironclad before I'd attack a government website, even when invited to do so.

    On the face of it this looks a bit like a time-limited invitation to hack the gov't: if you succeed you win. If you get caught, you claim you were responding to the invitation, & you're covered.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022