Pentagon: We'll pay you if you can find a way to hack us The US Department of Defense has created a broad but short bug bounty program for reports of vulnerabilities in public-facing systems and applications. The Hack US program kicked off on Independence Day and is scheduled to run though July 11, with reward totals reflected by the severity of the flaws. The DoD has allocated up …
Hey, at least they won't have you jailed/extradited/renditioned for treason/espionage... Probably.
Well, did you complete form DOD:1236-6349-10943104 in triplicate, and have it approved prior to your attempt to hack the DoD?
I'm kinda wondering how this will work. DoD already invites hackers by virtue of it's existence. So how will it determine if hacking attempts are people trying to win the bug bounties, or more nefarious attacks? And could you use the bug hunt as a defence if you're caught hacking DoD?
I also doubt it's retrospective and could be used as a defence by Assange and Manning, but I guess Assange may try..
It is a all-season-pass for the NK, Iranians, Chinese and Russian players, who have been hacking the US for decades.
And when they do get through, like EternalBlue, the "reward" is endless.
Every article I read seems to include 5 or 10 new company names that are "leading experts in the fields of ...." Haven't we run out of venture capitalists and new company names yet?
How to know who to trust? Used to be we just had a few stalwarts: Norton, IBM, Deloitte, PWC. Of course most of them have been hacked or exposed as being venal servants of their own paymasters.
"The DoD has allocated up to $110,000 for the exploit hunt"
A few $k for finding a major exploit in military network security??? When being able to exfiltrate data or corrupt systems would (a) cost far more to the military and (b) entities antagonistic to US would be prepared to pay far more for such exploits.
Just as a reminder, the Pentagon's budget is approx $750 billion/yr, and that's just the part that's public.
It is a multi $M project, it's just that after everyone got a promotion and a new office, and then the defence contractors were paid and managed by the lobbyists, selected by the management consultants, and everyone went to Hawaii to see a computer installed there - there was only $100K left in the budget (and that was just because they didn't pay the interns)
The DoD have a much better system. 10 year old desktops that take an hour to boot and connect to the network, along with a requirement that they are shutdown when you aren't at your desk.
Layers of antivirus, with more layers added every time there is an exploit.
On current trends by 2025 we will have zero exploits as a result of nobody actualy being able to use their computer during a work day.
The US Department of Defense is extremely vulnerable to dissent and growing discontent, even from within its own ranks, as increasing volumes of sensitive and disturbing information become ever more widely available for free viewing and further sharing on ubiquitous, easily accessible and indispensable media devices.
And to imagine that keeping both new recruits and experienced service personnel in the perpetual dark and wilfully ignorant of the greater masterplans of their ultimate private sector leaderships, in ages in which access and exercise of expanded intelligence is well practised and vital in order to survive and prosper, is problematical to a suicidal extent.
Fortunately they are clearly enough forewarned and advised of such a systemic opportunity/vulnerability/difficulty/nightmare ........
amanfromMars 1 Wed 6 Jul 09:42 [2207060942] ...... airing an expanding existential threat on https://www.nationaldefensemagazine.org/articles/2022/7/6/congress-alarmed-over-innovation-funding[Thank you. Your comment will be displayed soon after reviewing.]
Sean, Hi,
Here's some unpleasant reading with things needed to be said, said nice and early before they become too widespread to be contained and controlled by traditional and conventional and current existing and embattled forces and sources active in multiple theatres of chaotic operation and conflict.
The rapidly emerging and overwhelmingly almighty existential threat to any and all New World Order type organisations/administrations and their Defense Departments and Warring Machines, is the open source, free sharing of sensitive information that in the past would have been labelled proprietary, need to know intelligence, secured and protected behind a firewall and ones signing of various Official Secrets Acts allowing access to myriad classified 'Secret-- NOFORN' designations, but which now can all too easily and swiftly render the ubiquitous defense and pan-national use of the result of such sensitive information, a known unacceptable inequitable travesty and blatant incitement to grand riot and global revolution in support of international security entertaining human rights .... as defending the indefensible and doing vain-glorious battle against future sources of greater intelligence will surely deliver and provision.
Engagement and mutually beneficial, positively reinforcing, multi-party agreement in such a fundamental elementary field of enlightened proprietary intellectual property employment and enjoyment/deployment and exercise, is no less than absolutely vital if present means and memes of universal governance and information and intelligence supply are to survive without the experience of a totally avoidable Catastrophic SCADA Systems Collapse.
What modern facilities are there out there, in these days of 0days enjoying their work in such a most vital of fields ‽ .
Any more than zero ‽ .
However, all is not necessarily unmitigated doom and thoroughly depressing gloom for the answer remedying that monumental deficit and colossal vulnerability is well enough known and already shared here on this article, "Budget Matters: Congress Alarmed over Innovation Funding", being commented on ...... "Attracting the world’s best and brightest, getting them here, and unleashing their talent for decades"
And now they know you all know of the dilemma and conundrum, and vice versa, you all know that they know and have been advised to fix it before it is far too late for them to be helped and saved.
Pay isn't guaranteed but you can count on a certain amount of fame. If you win you get a decent cheque. Then a visit from the FBI or Homeland Security for hacking government servers. Then an offer to make it all go away if you agree to work for cheap...
Makes sense as a kind of recruitment program.
I'd want to see a "hold harmless" agreement that's ironclad before I'd attack a government website, even when invited to do so.
On the face of it this looks a bit like a time-limited invitation to hack the gov't: if you succeed you win. If you get caught, you claim you were responding to the invitation, & you're covered.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
