I don’t know about you, but when I was a teenager reading a lot of science fiction, I thought that the life of a hacker must be pretty glamorous. There was something adventurous and rebellious about the idea of navigating cyberspace. While SFF still makes some great metaphors for hacking, most of the hackers you see in the news are the ones causing problems. The exception? The hackers of the Department of Defense Hack the Pentagon program—some of whom weren’t even college students yet, let alone professionals.
If you’re headed into a computer science major and want to test your own skills against the Department of Defense, here’s what you need to know about the Hack the Pentagon initiative.
White hat hackers
The Department of Defense is accustomed to hacking attempts, mostly from other government agents or “black-hat hackers” looking to cause trouble and chaos. “What we didn’t fully appreciate before this pilot was how many white hat hackers there are who want to make a difference,” Secretary of Defense Ash Carter explained about the new program in “Teen hacks Pentagon websites, gets thanked for finding ‘bugs,’” by Idrees Ali in MSN News, June 18, 2016. A white hat hacker, like high school senior David Dworkin, one of two people thanked by Carter for their work on Hack the Pentagon, is a hacker who is looking not to exploit vulnerabilities, but to find them so that companies—or governments—can make their defenses more secure.
The Hack the Pentagon program opened to white hat hackers this year, and 1,400 participants responded. They limited the pilot program to public websites rather than secure areas with sensitive information. The program offers bounties for finding bugs, and the Department of Defense has paid out $75,000 to successful hackers. Though the bugs Dworkin reported had already been found, Dworkin’s efforts opened him up to recruitment for potential internships. It certainly gives him a lead on other college students heading into computer science—he’ll be starting toward a computer science major from Northeastern University in the fall.
How many security bugs did hackers manage to track down? According to reports, they ended up at 138 unique bugs that hackers were paid bounties on. The largest bounty any one person received was $15,000—not a bad sum for work that had to be done between April and May of 2016!
Want to hack the Pentagon?
While my computer skills never got far enough along to be competitive in a bug bounty program, there are plenty of current college students—some computer science majors and others just really good at code—who could take advantage of the upcoming Hack the Pentagon expansion. The Department of Defense was pleased enough with the pilot program, which concluded in May with results posted in June 2016, that it would be developing it into a permanent program. The initial program was run through Hacker One, with whom they also worked to patch up the reported bugs, and while the registration is closed, it’s likely the new program will run through a similar program.
While there are jobs in computer science at consulting firms dedicated to solving this type of problem, the Department of Defense saw outsourcing this work to citizen hackers as a cost-effective solution. And it’s also a great opportunity for college students! Dworkin told reporters he found the bugs he spotted between classes at high school. Just imagine what you could accomplish over a rainy weekend in your dorm!