Air Force gives ‘ethical’ hackers a second chance to hack its networks

The Air Force has kicked off a second wave of its bug bounty program, dubbed Hack the Air Force, aimed at better protecting the service’s networks.

The program allows pre-approved “ethical” hackers to penetrate certain portions of military websites in search of vulnerabilities for potential cash payouts.

The first Hack the Air Force event was described as the most successful bug bounty to date, opening up participation to international hackers for the first time. The Army and Defense Department have run similar events.

[Now the Air Force wants to get hacked, too]

Previously unannounced, Hack the Air Force 2.0 kicked off Saturday Dec. 9 in New York City, according to a blog post from HackerOne, a bug bounty company partnering with DoD on its various bug bounty efforts. Government and Defense Department leaders have announced earlier iterations of the program.

[DoD entrenches bug bounty program]

[Army announces its own ‘Hack the Pentagon’]

During nine hours of hacking at the Dec. 9 event, 25 civilian hackers from seven countries along with seven airmen reported a total of 55 vulnerabilities with six members of the Defense Media Activity supporting remediation on-site. All told, the Air Force doled out $26,883 for loopholes discovered.

In one instance, a hacker reported a vulnerability in an Air Force website that was used to pivot onto DoD’s unclassified network. Under the supervision of DoD personnel, the hacker was authorized to keep digging to see how far they could go, according to HackerOne.

“We wouldn’t have found this without you,” DMA Public Web Chief of Operations James Garrett, said to the hackers.

At the conclusion of the Dec. 9 event, DoD leaders announced Hack the Air Force 2.0 will continue through Jan. 1, 2018 and will be open to citizens from the United States, Australia, Canada, New Zealand, United Kingdom as well as citizens from NATO countries. U.S. service members are also eligible to participate but are not eligible for bounties.

DoD has resolved over 3,000 vulnerabilities from public facing websites through its various bug bounty programs over the past year, HackerOne said. As a result, hackers have been paid over $300,000 in bounties.

More In IT and Networks

Space Operations Command preps for new shared domain awareness tool

The remaining ATLAS software is slated for delivery in the first quarter of 2025.

New US Space Force jammers aim to disrupt China’s SATCOM signals

The Remote Modular Terminals, which disrupt adversary satellites by "yelling in their ear," as one official put it, are cleared for initial fielding,

Space Force must grow to counter China and Russia, lawmaker says

House Armed Services Chairman Mike Rogers, R-Ala., said the service is not sized to meet increasing threats from China and Russia.

SpaceX launches rapid response GPS mission

The effort, dubbed Rapid Response Trailblazer, was meant to demonstrate the ability to quickly plan and launch a mission in around six months.

Space Command strategy aims to boost commercial role in operations

The updated strategy, approved in November, focuses on SPACECOM’s core tasks and how commercial space capabilities fit within those areas.