Code and Dagger

View Original

Can You Hack a Pentagon Refrigerator? 'Hack the Pentagon' Expands

(U.S. Air Force Airman 1st Class Victoria Nowak patches a computer to the network to give it connectivity at Joint Base Langley-Eustis, Virginia, Feb. 24, 2020. Credit: DVIDS)

The U.S. Defense Department announced today the expansion of its bug bounty program, now calling on hackers to break into just about any public-facing Pentagon tech, from communications to Internet of Things (IoT) objects to infrastructure.

The original “Hack the Pentagon” program, launched in 2016, encouraged anyone to break into public-facing websites and applications and then disclose them to the Pentagon so they could be patched up. The military, like many major tech companies before it, had realized one way to defend against malicious hackers was to work with good ones who could alert them to security holes.

RELATED: Military Wants an AI to Watch You Work, Correct Your Mistakes

And hackers found them — about 20,000-worth of vulnerability reports so far, the Pentagon said. Some of the hackers have been publicly praised on the DOD Cyber Crime Center’s Twitter feed. (Looking at you, fiveguyslover…).

See this content in the original post

But, as DOD Cyber Crime Center Director Kristopher Johnson said, DOD websites and applications were “only the beginning, as they account for a fraction of our overall attack surface.”

“The expansion announced today allows for research and reporting of vulnerabilities related to all DOD publicly-accessible networks, frequency-based communications, Internet of Things, industrial control systems, and more,” the Defense Department announcement says.

“The expansion is a testament to transforming the government’s approach to security and leapfrogging the current state of technology within the DOD,” Brett Goldstein, the director of the Defense Digital Service, said.

RELATED: State Department ‘Data at Risk’ as Embassy Cyber Officers Lag Behind

Cybersecurity experts have for years been raising concerns for consumers over the general vulnerability of some of the new research areas — from IoT devices like smart fridges or light bulbs, to industrial control systems like the ones that regulate water systems around the country. Apparently the Defense Department shares some of those concerns. No word on how many smart fridges they have.

[Do you have a tip or question for Code and Dagger? Send it along at CodeAndDagger@protonmail.com. Also, consider contributing to Code and Dagger on Patreon at Patreon.com/CodeAndDagger.]