The U.S. Department of Defense (DoD) awarded prizes of over $30,000 to hackers in a bug bounty program aiming to strengthen the network infrastructure for proxies, VPNs and VDIs (virtual desktops.)
The U.S. government, through its DoD Cyber Command arm, organized a bounty program named Hack the Proxy with HackerOne. The goal of such programs is to weed out vulnerabilities, exploits and other issues that could be leveraged against essential network infrastructure by state actors.
Over the course of two weeks, around 80 white hat hackers from the U.S., India, Turkey, Ukraine, and Canada tried to find problems with government proxy servers. One US-based hacker snatched half of the available bounties, earning $16,000. One of the issues found was deemed critical, and nine classified as high severity.
DoD’s Hack the Proxy Challenge program is organized in collaboration with HackerOne, a bug bounty platform that mostly connects businesses with cybersecurity researchers. With its help, the U.S. government identified and fixed more than 10,000 vulnerabilities spread across its public and military infrastructure.
“With each new initiative, the Department of Defense further bolsters its cyber defenses against rogue enemy actors thanks to white hat hackers from across the globe,” explained Alex Romero, Digital Service Expert at the Department of Defense Defense Digital Service. “As our adversaries become more sophisticated in their tactics, we must stay one step ahead to protect our citizens and defense systems.”
Bug bounty programs are essential for governments in finding weaknesses that could be used in attacks from various cyber actors. Sometimes, outsiders are needed to identify these types of problems, and white hackers are the only ones who can work from within the system and with the blessing of the government.