Military Embedded Systems

Hack the Air Force 2.0 kicks off with live-hacking event

News

December 20, 2017

Mariana Iriarte

Technology Editor

Military Embedded Systems

Hacker Mathias Karlsson demonstrates a critical vulnerability discovery to Jeremy Morrow, Lance Cleghorn, James Garrett, and Tim Creech from the DMA Public Web team. Image by HackerOne

NEW YORK. Members of the Defense Media Activity (DMA) and Defense Digital Service (DDS) joined forces to hack the U.S. Air Force in a live-hacking event in New York City as a kickoff to Hack the Air Force 2.0.

During the live-hacking event, hackers found vulnerabilities and also demonstrated "how they had leveraged a vulnerability in an Air Force website to pivot onto the U.S. Department of Defense’s (DoD’s) unclassified network," according to HackerOne.

This is the fourth live-hacking event for HackerOne in 2017. It also was used to kickoff Hack the Air Force 2.0 where HackerOne officials stated that "twenty-five civilian hackers, from the U.S., Canada, United Kingdom, Sweden, Netherlands, Belgium and Latvia, and seven U.S. Airmen gathered for nine straight hours of hacking, reporting a total of 55 vulnerabilities. Six members of the DMA team supported remediation on-site."

The Air Force paid out a $26,883 for any vulnerability found and each instance was resolved by the end of the day during the live-hacking event.

Hack the Air Force 2.0 will continue through January 1, 2018. It is open to all citizens or lawful permanent residents of the United States, the United Kingdom, Canada, Australia, New Zealand, Albania, Belgium, Bulgaria, Canada, Croatia, Denmark, Estonia, France, Germany, Iceland, Italy, Latvia, Lithuania, the Netherlands, Norway, Poland, Portugal, Slovenia, Spain, Sweden, or Turkey. You must have a U.S. taxpayer identification number or social security number or an employer identification number, or a valid passport number from the United Kingdom, Canada, Australia, New Zealand, Albania, Belgium, Bulgaria, Canada, Croatia, Denmark, Estonia, France, Germany, Iceland, Italy, Latvia, Lithuania, the Netherlands, Norway, Poland, Portugal, Slovenia, Spain, Sweden, or Turkey.

To read more details on the bug bounty program, visit HackerOne's blog.

Read more on cybersecurity:

Software-defined networking: On-the-fly agility, security

Where did that software come from?

Cyberwarfare: A 'Wild West' of nonkinetic weaponry

 

Featured Companies

U.S. Air Force

1670 Air Force Pentagon
Washington, DC 20330-1670