'Hack the Air Force' bug hunting challenge uncovers 120 flaws in websites and services

Over $130,000 paid out to hackers for spotting flaws in Air Force IT systems.

How one hacked laptop can compromise your entire network One worker clicking on the wrong link at the wrong time resulted in a major security breach.

A bug bounty challenge which asked hackers to 'Hack the Air Force' has resulted in 120 vulnerabilities being found and fixed and $130,000 being paid out to participants.

The programme, organised by the US Department of Defense (DoD) and bug-bounty company HackerOne, focused on public-facing Air Force websites and services from October 19 to November 22 this year. Nearly 30 participating hackers submitted over 120 valid vulnerabilities throughout the month-long programme, and the US Air Force awarded them over $130,000 for their efforts.

It was the seventh bug bounty program run by the DoD, and the third involving the air force. The idea is that programmes like this allow the military to find unknown security vulnerabilities with help from friendly hackers before they are found by anyone else.

"It's critical to allow these researchers to uncover vulnerabilities in Air Force websites and systems, which ultimately strengthens our cybersecurity posture and decreases our vulnerability surface area," explained Capt James "JT" Thomas, Air Force Digital Service.

The DoD's first ever bug bounty challenge was 'Hack the Pentagon,' which launched in 2016. Since then, more than 5,000 bugs have been reported in government systems through HackerOne, with over $500,000 paid out to hackers who have reported valid flaws in the department public-facing systems.

PREVIOUS AND RELATED COVERAGE

Governments and nation states are now officially training for cyberwarfare: An inside look

Europe, Canada, USA, Australia, and others are now running training exercises to prepare for the outbreak of cyberwar. Locked Shields is the largest simulation and TechRepublic takes you inside.

Devastating attacks to public infrastructure 'a matter of when' in the US

Cybercriminals are focusing on public infrastructure to disrupt services and cause mayhem as new targets are emerging and expanding throughout the world.

Understanding the military buildup of offensive cyber weapons

Over the past few years, offensive cyberweapons have risen in prominence as a part of international military efforts. The full impact of these weapons remains to be seen, however.

3 ways to kick-start your organization's cybersecurity training (TechRepublic)

Only 45% of organizations offer mandatory cybersecurity training, according to a Mimecast report. Here's how to boost your employees' security education.

Cybercrime Inc: How hacking gangs are modeling themselves on big business

Over the past few years, offensive cyberweapons have risen in prominence as a part of international military efforts. The full impact of these weapons remains to be seen, however.

Why ransomware is exploding, and how your company can protect itself

Ransomware attacks on businesses grew exponentially in the past year. Here's what you need to know and how you can prepare.