25 of the top-ranking hackers worldwide take part in Hack the Air Force 2.0

December 23 White hat hackers and the U.S. military network experts co-organized a 9-hour hacker marathon bug bounty – the latest Air Force hacking program H1-212. Twenty-five top hackers from the United States, Canada, the United Kingdom, Sweden, the Netherlands, Belgium and Latvia, together with several military network experts, once again infiltrated the United States Air Force’s key networks to explore various online platforms that could potentially give the U.S. military more than 300 branches Operate a security breach that poses a risk.

By USAF [Public domain], via Wikimedia Commons

HackerOne, a network security platform, is in charge of this event and will pick out 50 of the world’s top 50 participants from the world.

H1-212 Bounty Program Outcome

Contestants discovered two security breaches within the first 30 seconds of the race and 55 security breaches in the following 9 hours, for a total amount of $26,883. One of the high-risk security holes gave two hacker discoverers a direct $ 10,650 bonus – the largest single solo bounty ever issued by the U.S. government. In the weeks following the bounty program, several more participants reported successively related security holes that were not discovered during the H1-212 campaign.

Peter Gold, the chief information security officer of the U.S. Air Force, said in a statement: “This brouhaha has given the U.S. military an eye-opener and the cooperation of the U.S. Air Force and the human resource defense and defense system of partner countries has brought extremely invaluable costs benefit.”

“In the first round of the bounty program, all the tasks are done online and it can take a few hours or even days to get the Air Force’s response, and in H1-212 the response from the staff is even keener, and because of the direct contact with these workers, participants are also more motivated to find clues about the Bug.”

U.S. Air Force First Bug Bounty Program

The Air Force’s first Hack reward program, Hack the Air Force, is scheduled to end in June 2017. At that time, the Department of Defense invited security researchers, military personnel, “The Five Eyes” (the United States, Britain, Canada, Australia and New Zealand) Intelligence Alliance white hat hackers “invaded” the Air Force network.272 white hat hackers found 207 valid bugs in the Air Force network, more than the Defense Ministry and the U.S. Army.

• The Department of Defense’s Hack the Pentagon program found a total of 138 vulnerabilities.
• The U.S. Army “Hack the Army” found a total of 118 holes.

US Army Bug Bounty Program Achievements

The so-called Bug Bounty program refers to recruiting “ethical hackers (cybersecurity experts who actually simulate hacking”) or white hat hackers looking for security holes in the computer networks of the relevant organizations. The specific nature of security vulnerabilities is not required and can, therefore, cover a wide range of risks, ranging from low-risk vulnerabilities to high-risk risks that could lead to the overall network being paralyzed and even sensitive information being leaked.

HackerOne Organizer

Alex Rice, chief technology officer of HackerOne, said: “This joint event organized by the U.S. Department of Defense and HackerOne, through the Bug Bounty Challenge and the subsequent Security Vulnerabilities Discovery Program, addresses a total of more than 3,000 Security breach Hackers received more than $ 300,000 in prize money for their contribution, a measure not only exceeding participants’ expectations but also saving millions of dollars in security funding for the U.S. Department of Defense.

To date, HackerOne has been responsible for organizing four rounds of government bug-bounty packages, including Hack the Air Force 2.0 (soon to be launched), another larger bug bounty program.

HackerOne chief executive Martin – McCarthy said in an interview, he believes that white hat network experts, part of the “talent system” has great potential applications. The Bug Bounty program provides a new look for organizations that fail to spot their own vulnerabilities in time. By focusing on software solutions from a potential criminal’s perspective, participants will be able to quickly find the security flaw they are most likely to exploit. In the past, people secretly sought security programs in small groups. Now we are trying to prove that, in order to further enhance the level of security, we must invite the forces from the outside world as reinforcements. ”

Larger Bug bounty program is about to start

The H1-212 incident also opened the curtain on a larger Bug Hack program, Hack the Air Force 2.0.

Hack the Air Force 2.0 will be officially launched on January 1, 2018. Unlike the original Air Force Bug Bounty program, version 2.0 will be open to Citizens of Five Alliance countries – specifically Australia, Canada, New Zealand, the United Kingdom and the United States, plus NATO countries and Sweden. This makes the 2.0 program the most open bug rewards program ever made.

Reference: infosecurity-magazine