The U.S. Department of Defense (DoD) awarded prizes of
over $30,000 to hackers in a bug bounty program aiming to strengthen the
network infrastructure for proxies, VPNs and VDIs (virtual desktops.)
The U.S. government, through its DoD Cyber Command arm,
organized a bounty program named Hack the Proxy with HackerOne. The goal of
such programs is to weed out vulnerabilities, exploits and other issues that
could be leveraged against essential network infrastructure by state actors.
Over the course of two weeks, around 80 white hat hackers
from the U.S., India, Turkey, Ukraine, and Canada tried to find problems with government
proxy servers. One US-based hacker snatched half of the available bounties,
earning $16,000. One of the issues found was deemed critical, and nine
classified as high severity.
DoD’s Hack the Proxy Challenge program is organized in
collaboration with HackerOne, a bug bounty platform that mostly connects
businesses with cybersecurity researchers. With its help, the U.S. government identified
and fixed more than 10,000 vulnerabilities spread across its public and
military infrastructure.
“With each new initiative, the Department of Defense
further bolsters its cyber defenses against rogue enemy actors thanks to white
hat hackers from across the globe,” explained Alex
Romero, Digital Service Expert at the Department of Defense Defense Digital
Service. “As our adversaries become more sophisticated in their tactics, we
must stay one step ahead to protect our citizens and defense systems.”
Bug bounty programs are essential for governments in
finding weaknesses that could be used in attacks from various cyber actors.
Sometimes, outsiders are needed to identify these types of problems, and white
hackers are the only ones who can work from within the system and with the
blessing of the government.