Posted on Jan 29, 2017
Preliminary results indicate Hack the Army was a success
981
14
8
6
6
0
One of the main firms associated with the Hack the Army effort released the results of the service’s first bug bounty program.
In a blog post published Jan. 19, HackerOne said from Nov. 30 to Dec. 21:
•371 eligible participants registered.
•416 total reports were received.
•118 total valid reports were received
•It took five minutes to receive the first vulnerability report.
HackerOne touted the preliminary results posted on their website as a success. Twenty-five of the 371 eligible and invited were government employees including 17 military personnel — a difference in the original Hack the Pentagon initiative.
An estimated $100,000 in bounties was paid to hackers.
HackerOne said the most significant vulnerability discovered was a series of chained vulnerabilities in which a researcher could move from the public-facing goarmy.com to an internal Department of Defense website requiring special credentials.
HackerOne also promised more to come from this effort.
Like the Defense Digital Service — a Silicon Valley-modeled node within the Pentagon focused on difficult problems, such as Hack the Pentagon — the Army and Air Force have stood up their own iteration.
In a blog post published Jan. 19, HackerOne said from Nov. 30 to Dec. 21:
•371 eligible participants registered.
•416 total reports were received.
•118 total valid reports were received
•It took five minutes to receive the first vulnerability report.
HackerOne touted the preliminary results posted on their website as a success. Twenty-five of the 371 eligible and invited were government employees including 17 military personnel — a difference in the original Hack the Pentagon initiative.
An estimated $100,000 in bounties was paid to hackers.
HackerOne said the most significant vulnerability discovered was a series of chained vulnerabilities in which a researcher could move from the public-facing goarmy.com to an internal Department of Defense website requiring special credentials.
HackerOne also promised more to come from this effort.
Like the Defense Digital Service — a Silicon Valley-modeled node within the Pentagon focused on difficult problems, such as Hack the Pentagon — the Army and Air Force have stood up their own iteration.
Preliminary results indicate Hack the Army was a success
Posted from c4isrnet.comPosted in these groups: 
Hacking
Hacking
Posted 7 y ago
Responses: 6
3
3
0
The AF did this a few years back- don't think they advertised it. They sent it to ANG full-timers and had a huge response and revealed the need for OPSEC and IT training. Most people will open anything sent to them. Great information SFC Joe S. Davis Jr., MSM, DSL
(3)
(0)
Maj Marty Hogan
Honestly think the test garnered like a 90% "success" rate for hacking.... If I recall in my particular unit less than a handful of us reported it. I was my FM office FSA and was running around the office telling people not to open it. Out of 10 I think 6 or 7 had already opened it and clicked the prompt. Scary....
(0)
(0)
SPC Kevin Ford
Maj Marty Hogan - Our company sends out such test emails to our people all the time. If I were currently in a security section in the military I'd do the same and be constantly sending out such test emails combined with training so people are always on alert for them.
Training, drills and tightening procedures as result of tests are the way to go. Like all military exercises, we want to get proficient and learn from our mistakes before it really counts.
The fact that there were vulnerabilities, not so good. The fact that we are doing this now to find and lock them down, excellent.
Training, drills and tightening procedures as result of tests are the way to go. Like all military exercises, we want to get proficient and learn from our mistakes before it really counts.
The fact that there were vulnerabilities, not so good. The fact that we are doing this now to find and lock them down, excellent.
(1)
(0)
2
2
0
0
0
0
Thanks for sharing the kind of strange news that Hack the Army effort was successful SFC Joe S. Davis Jr., MSM, DSL. In hindsight I suppose this was a good thing:-)
(0)
(0)
Read This Next
Continue with Facebook 
Continue with Google