Bug bounty scheme uncovers 150 vulnerabilities in US Marine Corps websites

Ethical hackers paid over $150,000 for finding and disclosing bugs.
Written by Danny Palmer, Senior Writer

Nearly 150 security vulnerabilities have been discovered in US Marine Corps websites and related services during a bug bounty challenge that saw ethical hackers awarded over $150,000.

Hack The Marine Corps is the sixth public bounty program by the US Department of Defense (DoD) and bug bounty platform HackerOne. More than 100 ethical hackers took part in the scheme over a three-week period, and found nearly 150 unique vulnerabilities for the U.S. Marine Corps Cyberspace Command team.

"What we learn from this program assists the Marine Corps in improving our warfighting platform. Our cyber team of Marines demonstrated tremendous efficiency and discipline, and the hacker community provided critical, diverse perspectives," said Major General Matthew Glavy, commander of U.S. Marine Corps Forces Cyberspace Command.

"The tremendous effort from all of the talented men and women who participated in the program makes us more combat ready and minimizes future vulnerabilities," he added.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

Hack the Marine Corps started with a live event at DEF CON 26 in Las Vegas, Nevada, with security researchers working in the presence of personnel from U.S. Marine Corps Cyberspace Command.

During this first 24-hour period alone, researchers filed 75 unique vulnerability reports and were awarded over $80,000 for helping further secure the MCEN, the Marine Corps' portion of the DoD Information Network (DoDIN).

While the challenge itself is over, any ethical hackers who discover vulnerabilities in any public-facing Department of Defense assets can disclose them through the DoD's ongoing vulnerability disclosure program with HackerOne.

The Department of Defense and HackerOne bug bounty scheme was launched in 2016 with Hack the Pentagon. That challenge has since been followed by others, including Hack the Army, Hack the Air Force and now Hack the Marine Corps. Since the program started, more than 800 vulnerabilities have been reported in exchange for bug bounties.

HackerOne believes that ethical hackers across all sectors have the potential to earn over $100m via bug bounty platforms by 2020.


Editorial standards