Collaborate Disseminate
The collaboration unfolded at the cybersecurity conference in Las Vegas where more than 1,700 attendees attempted to outsmart DOD technology.
The post Pentagon put microgrid technology to the test at DEF CON, drawing on hackers’ ingenuity appeared first on CyberScoop.
The Pentagon is letting outside hackers go after more Department of Defense targets than ever before, in an effort to find DOD’s vulnerabilities before foreign hackers do, DOD announced Wednesday. The program, “Hack the Pentagon,” is expanding the number of DOD targets that ethical hackers can go after to try to ferret out vulnerabilities, according to the announcement. The program, which launched in 2016, previously allowed cybersecurity professionals to test DOD systems when it involved public-facing websites and applications. Now interested hackers may go after all publicly-accessible DOD information systems, including publicly-accessible networks, Internet of Things devices and industrial control systems, according to DOD. “This expansion is a testament to transforming the government’s approach to security and leapfrogging the current state of technology within DOD,” said Brett Goldstein, the director of the Defense Digital Service (DDS). The DOD Cyber Crime Center, which oversees the program, said the expansion was always […]
The post DOD expands vulnerability disclosure program, giving hackers more approved targets appeared first on CyberScoop.
Continue reading DOD expands vulnerability disclosure program, giving hackers more approved targets
175 million IP addresses owned by the U.S. Defense Department have “appeared” on the public internet.
The post U.S. DoD has World’s Largest Honeypot: 6% of Internet Space appeared first on Security Boulevard.
Continue reading U.S. DoD has World’s Largest Honeypot: 6% of Internet Space
Six months ago, as professional sports were postponed indefinitely, schools were shuttering, Tom Hanks was the poster boy for COVID-19, and President Donald Trump addressed a nervous nation, people at the highest levels of the U.S. government became laser-focused on one idea: Coronavirus vaccine research needed to be defended from hacking attempts. Soon after the World Health Organization declared a pandemic, the Pentagon’s Defense Digital Service and the National Security Agency got to work on a behind-the-scenes protection mission for “Operation Warp Speed,” the U.S. government program responsible for producing 300 million coronavirus vaccine doses by January 2021. Known as the Security and Assurance portion of Operation Warp Speed, the mission is no small effort. Consisting of people from DDS, NSA, FBI, the Department of Homeland Security and the Department of Health and Human Services, it has been running behind the scenes for months, and is being detailed here for the first time. […]
The post How the government is keeping hackers from disrupting coronavirus vaccine research appeared first on CyberScoop.
Continue reading How the government is keeping hackers from disrupting coronavirus vaccine research
Next time your GPS app functions without interruption, or a credit card transaction is approved on the first try, consider thanking a hacker. Both of those everyday activities, along with many others, are made possible in part because of satellites, those orbiting chunks of metal that only a fraction of the population thinks about on a regular basis. Now, though, security-minded officials in the Pentagon’s Defense Digital Service (DDS), the Air Force and New York-based vendor Red Balloon Security are trying to improve satellite security by sending computer researchers the technology they would need to hack them. It’s part of an effort to ensure that those big satellites orbiting the Earth remain reliable, and keep the GPS navigation running. One research challenge, called Nyan-Sat, is broken up into three parts. Hackers are building their own satellite tracking antennae, exploiting a ground station modem, and then participating in a live-streamed ground station event. […]
The post DEF CON’s aerospace village looks to satellite hacking to improve security in space appeared first on CyberScoop.
Continue reading DEF CON’s aerospace village looks to satellite hacking to improve security in space
The first-ever aviation “village” at the DEF CON security conference has an F-35 fighter jet simulator among its hacking targets, but that’s not the only reason the Defense Digital Service’s newly minted chief, Brett Goldstein, is hanging around this corner of the convention hall in Las Vegas. The agency sees it as a recruiting opportunity, too. “In this room and throughout the convention is some of the best security talent in the world,” Goldstein tells CyberScoop. “This is a win for me if I can spark the imagination of this community, get them to understand we want to collaborate with them, that the problem space is fascinating, and this is something they should think about.” Right now the DDS, which ran its first bug bounty program in 2016, has approximately 70 employees, some of which are civilians and some of which are active-duty military. But they rotate in and out approximately […]
The post At DEF CON’s aviation village, the military is interested in more than just the hacks appeared first on CyberScoop.
The Department of Defense’s latest bug bounty program exposed more than 100 security vulnerabilities worth $80,000 to the hackers who looked through the department’s travel booking system, officials said. HackerOne, a company that has supported bug bounty programs for the Air Force, Army and the Pentagon at large, ran Hack the DTS (Defense Travel System), which lasted 29 days and concluded April 29, 2018. DTS is used by millions of Pentagon employees around the world making it one of the wide-reaching pieces of enterprise software in the U.S. government. “Securing sensitive information for millions of government employees and contractors is no easy task,” Reina Staley, Chief of Staff and Hack the Pentagon program manager at Defense Digital Service, said in a statement. “No system is infallible, and this assessment was the first time we employed a crowd-sourced approach to improve the security aspect of DTS.” Just 19 vetted hackers took part in the program. They found 65 unique vulnerabilities including 28 ranking high […]
The post Pentagon’s latest bug bounty program pays out $80,000 appeared first on Cyberscoop.
Continue reading Pentagon’s latest bug bounty program pays out $80,000
The Department of Defense’s attraction to bug bounty programs continues with a contest to find security flaws in its travel booking system. The Pentagon is again pairing with HackerOne, a private company that has run similar programs for the Air Force, Army and the DoD at large, with hackers reporting hundreds of valid vulnerabilities and the Pentagon paying out hundreds of thousands of dollars. The latest program is focused on the Defense Travel System (DTS), an enterprise system that DoD personnel use to book things like airline and hotel reservations when they travel for DoD business. Because DTS is used by millions of people and maintains sensitive information, hardening its security is a priority for DoD, said Reina Staley, the chief of staff for the Defense Digital Service (DDS), which oversees the military’s bug bounty contests under the “Hack the Pentagon” program. “The quick, positive reception of the [Hack the Pentagon] program has been a major win; inviting hackers to uncover vulnerabilities in […]
The post The Pentagon’s latest bug bounty target is its travel booking system appeared first on Cyberscoop.
Continue reading The Pentagon’s latest bug bounty target is its travel booking system
This article first appeared on FedScoop. The Pentagon’s cybersecurity swat team has hosted highly-publicized challenges to find flaws in department and military branch websites, but it also recently orchestrated a more secret, complex project. The Defense Digital Service wanted to hire outside researchers to root out vulnerabilities in systems carrying sensitive department data — but without worrying about compromising the […]
The post Pentagon hackers-for-hire take just 4 hours to find critical vulnerability in sensitive system appeared first on Cyberscoop.