Tech

US Air Force asks hackers to do their worst

The military unit has joined the bug bounty movement following the success of the "Hack the Pentagon" competition.

Written by Charlie Osborne, Contributing Writer April 26, 2017 at 12:30 p.m. PT

The US Air Force is asking hackers to do their best to break key public websites.

On Wednesday, the US Air Force said that established security professionals from across the US and trusted partner nations would be invited to the scheme, which opens up the unit's cybersecurity practices to the scrutiny of hackers.

The initiative, part of the Cyber Secure campaign sponsored by the Air Force's Chief Information Office, is "a measure to further operationalize the domain and leverage talent from both within and outside the Department of Defense (DoD), according to the US Air Force.

Hosted by bug bounty platform HackerOne, the project is not yet available to everyone for credit or financial rewards, but is rather a short-term contest to give the military a chance to see just how strong -- or weak -- their front-facing domains are. Registration will open on 30 May and the competition will run until 23 June 2017. However, members of the military and government are not allowed to enter without prior approval.

The "Hack the Air Force" event builds on the success of Hack the Pentagon, a program which ran last year on the same platform. As a result of the competition, over 100 vulnerabilities were discovered in a matter of weeks, netting participating researchers over $75,000 in rewards. The bug bounty program was later expanded to continue to ferret out more bugs before attackers did.

Now, hackers from the UK, Canada, Australia and New Zealand also have the chance to legally hack a US military department.

"This is the first time the AF has opened up our networks to such a broad scrutiny," said Air Force Chief Information Security Officer Peter Kim. "We have malicious hackers trying to get into our systems every day. It will be nice to have friendly hackers taking a shot and, most importantly, showing us how to improve our cybersecurity and defense posture."

"The additional participation from our partner nations greatly widens the variety of experience available to find additional unique vulnerabilities," Kim added.

The US military is competing against more and more companies that are also turning to bug bounty programs to leverage external talent to find security flaws. In March, Intel and Microsoft launched new bug bounty schemes which offer thousands of dollars for the worst bugs discovered.