Short Bytes: A teen from Washington hacked the websites of US Department of Defence. But, instead of going to prison, he was thanked by the Pentagon for the work he did. This is because he was a participant of a bug bounty program titled Hack The Pentagon.
This bug bounty project is organised by the newly formed Defence Digital Service (DDS) division of the US Department of Defense. Dworken was one among the two people who were thanked at the Pentagon by Ash Carter, Secretary of Defense.
Being the first of its kind by any federal organisation, the vulnerabilities pointed out in it will help the Department of Defence to make their websites safer.
“We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks … what we didn’t fully appreciate before this pilot was how many white hat hackers there are who want to make a difference,” – Ash Carter said at the Pentagon ceremony where he congratulated Dworken.
The pilot ran from April 18, 2016, to May 12, 2016. This is the very first iteration of the project run by DDS in which 1,410 participants were able to report 138 unique valid vulnerabilities. Successful hackers were paid a total cash of $75,000 (amount varying individually) and the cost of the project was $150,000.
“It’s not a small sum, but if we had gone through the normal process of hiring an outside firm to do a security audit and vulnerability assessment, which is what we usually do, it would have cost us more than $1 million,” – said Carter.
Washington-based Dworken has completed his high school last week. He will get enrolled in the Northeastern University for higher education in the field of computer science. David has been a bug hunter since he was in 10th grade where he found vulnerabilities in his school website.