The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Hack the Marine Corps Results Are In!
Hackers work alongside Marines to discover and disclose nearly 150 vulnerabilities
We know that adversaries are continually working to exploit our networks and cripple critical operations. They don’t hold back — and in order to fight and win in all domains, neither can we. That’s why last month we launched Hack the Marine Corps, the Defense Department’s sixth public bug bounty challenge. We partnered with private-sector security firm HackerOne and the U.S. Marine Corps Cyberspace Command (MARFORCYBER) to deploy over one-hundred of the world’s top ethical hackers on the U.S. Marine Corps public-facing websites and services.
The challenge kicked off last month in Las Vegas — coinciding with the world’s largest hacker and security conferences, Black Hat USA, DEF CON and BSides — as leading security researchers and Marines convened for ten hours of live-hacking. The hackers and Marines had one shared goal: better securing U.S. Marine Corps digital assets. Once the launch event concluded, participants were able to continue to hack away over the next twenty days while U.S. Marine personnel worked diligently to rapidly respond to and remediate bugs.
And, the results are in!
Hack the Marine Corps by the Numbers
“It was an honor to work on the Marine Corps program. This opportunity to help improve the security of the armed forces was not only fun, but it made me feel proud to give back. Working alongside the Marine Corps in-person felt like we were all on the same team.” — Nathanial Lattimer, ethical hacker participant & security engineer at Dropbox
Like other Defense Department bug bounties, the range of reported vulnerabilities identified through Hack the Marine Corps have varying degrees of potential impact. For instance, they can include inadvertent system-related information disclosure, improper access to personally identifiable information, the ability to access or edit public-facing sites without proper permissions, or security gaps that could allow malicious attacks.
One of the most interesting findings during the Hack the Marine Corps challenge was when a group of three hackers were able to access certain records related to Marine Corps personnel. The three hackers split one of the single largest payouts of the event: $10,000.
“During Hack the Marine Force, security researchers from all around the world effectively worked together to help secure the U.S. Department of Defense. — Inti de Ceukelaire, ethical hacker participant & creative developer, Belgium
“Hack the Marine Corps was an incredibly valuable experience. When you bring together this level of talent from the ethical hacker community and our Marines we can accomplish a great deal. What we learn from this program assists the Marine Corps in improving our warfighting platform. Our cyber team of Marines demonstrated tremendous efficiency and discipline, and the hacker community provided critical, diverse perspectives. The tremendous effort from all of the talented men and women who participated in the program makes us more combat ready and minimizes future vulnerabilities,” — Major General Matthew Glavy, Commander, U.S. Marine Corps Forces Cyberspace Command.
At the Defense Department, people are our greatest asset. It is our responsibility to ensure they are continually safeguarded and supported. Challenges like Hack the Marine Corps help the Department to identify and fix bugs before they can be exploited, and to minimize future vulnerabilities.
Hack the Pentagon
Hack the Marine Corps is part of our Hack the Pentagon crowd-sourced security initiative. Recognizing many of the nation’s biggest companies use bug bounties to improve the security and delivery of digital services, the Defense Digital Service launched the federal government’s first bug bounty challenge in 2016, proving hackers and hoodies have an important role to play in supporting national defense.
Since the launch of Hack the Pentagon, we’ve led bug bounties to hack the Army, the Air Force — twice, the Defense Travel System, and other internal DoD systems. Other public bug bounty challenges include:
As part of Hack the Pentagon, the Defense Department launched its Vulnerability Disclosure Policy in 2016 to provide a legal avenue for security researchers to find and disclose vulnerabilities in any DoD public-facing systems. After the close of bug bounty challenges, hackers who become aware of vulnerabilities can disclose them to the DoD through its ongoing vulnerability disclosure program. Thousands of valid vulnerabilities have since been reported through our Hack the Pentagon crowdsourced security initiative.
Turning to the global ethical hacker community allows us to tap into new perspectives and ways of thinking to boost national security and hunt for vulnerabilities. We’re excited to see Hack the Pentagon continue to build momentum and bring together ethical hackers who want to make a difference and help protect our nation. Thank you to the U.S. Marine Corps and the hackers who joined us from all over the globe!
Stay tuned as we continue working to bring in the best talent, technology, and approaches from the private sector to help transform government IT and better protect our country.
“It was great having the opportunity to work side by side with the Marines to help secure their assets. These are my favorite types of programs to be a part of, because they allow me to have a massive impact on systems critical to national security.” — Tanner Emek, ethical hacker participant & full time bug bounty hunter
[this post has been migrated from an outdated Defense Digital Service Medium page]