Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Pentagon Paid Out $290,000 for Vulnerabilities in Air Force Data Center

The Pentagon’s latest bug bounty challenge, Hack the Air Force 4.0, has resulted in the discovery of over 400 vulnerabilities and rewards totaling more than $290,000.

The Pentagon’s latest bug bounty challenge, Hack the Air Force 4.0, has resulted in the discovery of over 400 vulnerabilities and rewards totaling more than $290,000.

Hack the Air Force 4.0, conducted by the U.S. Department of Defense in collaboration with the Defense Digital Service and bug bounty platform HackerOne, was the Pentagon’s tenth bug bounty program.

As part of the fourth Hack the Air Force program, which ran between October 23 and November 20, 2019, participants were invited to find vulnerabilities in a pool of cloud servers and systems called the Air Force Virtual Data Center.

According to HackerOne, 60 vetted white hat hackers identified over 460 security holes. Hack the Air Force 4.0 also included a live hacking event that took place in Los Angeles on November 7, 2019, and which also targeted some systems of the UK Ministry of Defence.

“We’re thrilled to partner once again with the U.S. Air Force and HackerOne for this next iteration of ‘Hack The Air Force’,” commented Anil Dewan of the Defense Digital Service. “This Challenge allowed us to not only expand our relationships with U.S. Air Force and HackerOne, but also expand the program to new U.S. Air Force assets to further bolster cyber defenses against our adversaries.”

The first Hack the Air Force initiative took place in 2017 and earned participants over $130,000, while the second resulted in payouts totaling more than $100,000. Hack the Air Force 3.0 also earned researchers roughly $130,000.

Earlier this year, HackerOne announced that the second Hack the Army program resulted in the discovery of 146 valid flaws and rewards totaling over $275,000.

The Pentagon’s first bug bounty program was announced in 2016 and the initiatives launched since have resulted in the patching of more than 12,000 vulnerabilities and millions of dollars being paid out.

Related: Pentagon Hacked in New U.S. Air Force Bug Bounty Program

Related: Tens of Vulnerabilities Found in Pentagon Travel Management System

Related: Expert Hacks Internal DoD Network via Army Website

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.