Pakistan Today

Pentagon honors teen hacker for exposing department’s flaws

FILE: Ashton Carter Expected To Be Nominated For U.S. Defense Secretary...FILE - DECEMBER 2, 2014: According to reports, former Deputy Secretary of Defense Ashton Carter is expected to be nominated by President Obama for the position of Secretary of Defense December 2, 2014. WASHINGTON, DC - MAY 19: Defense Undersecretary for Acquisition, Technology, and Logistics Ashton Carter testifies during a hearing before the Senate Armed Services Committee May 19, 2011 on Capitol Hill in Washington, DC. The hearing was held to examine the F-35 joint strike fighter program in review of the defense authorization request for FY2012 and the future years defense program. (Photo by Alex Wong/Getty Images)

An 18-year-old recent high school graduate was one of two people singled out by the Pentagon for hacking into its website and Defense Secretary Ashton Carter said he was thankful — to the hackers.

Carter met with the teen, David Dworken, and another hacker, Craig Arendt, the two who identified the highest number of potential vulnerabilities in several Defense Department websites, including its main one, www.defense.gov.

The hackers were participating in the Pentagon’s first “bug bounty,” where it asked those with computer hacking capabilities to investigate five public websites and identify potential lapses in security where a nefarious hacker could do damage. If those participating identify a legitimate security breach, they earn a bounty.

“We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks,” Carter said. “What we didn’t fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference — hackers who want to help keep our people and nation safer.”

More than 1,400 eligible hackers registered for the federal government’s first “bug bounty” and identified 138 different potential security lapses.

The Pentagon said hiring a private firm to evaluate and fix potential security risks could have cost taxpayers more than $1 million, but by crowd-sourcing the work, it spent only $150,000 in bounty money, and to fix the security lapses combined.

Exit mobile version