31 Mar 16. ‘Hack the Pentagon’ Pilot Program Opens for Registration. Interested participants may now register to compete in the “Hack the Pentagon” pilot program, Pentagon Press Secretary Peter Cook said today.
In a statement announcing the opening of registration, Cook said the pilot program — designed to identify and resolve security vulnerabilities within Defense Department websites through crowdsourcing — is the first “bug bounty” program in the history of the federal government.
DoD is partnering with HackerOne, a reputable bug-bounty-as-a-service firm based out of California’s Silicon Valley to run the Hack the Pentagon pilot program over the next several weeks, the press secretary said.
The Hack the Pentagon bug bounty pilot will start April 18 and end by May 12, Cook said, and HackerOne will issue qualifying bounties no later than June 10.
No Critical, Mission-Facing Systems Involved
“The program will target several DoD public websites which will be identified to the participants as the beginning of the challenge approaches,” Cook said. “Critical, mission-facing computer systems will not be involved in the program.”
HackerOne has set up a registration site for eligible participants at https://hackerone.com/hackthepentagon. Eligible participants must be a U.S. person, and must not be on the U.S. Treasury Department’s Specially Designated Nationals list of people and organizations engaged in terrorism, drug trafficking and other crimes. U.S. citizens and companies are prohibited from doing business with listed entities.
In addition, the press secretary said, successful participants who submit qualifying vulnerability reports will undergo a basic criminal background screening to ensure taxpayer dollars are spent wisely. Screening details will be communicated to participants in advance, he added, and participants will be able to opt out of any screening. Those who opt out of the screening will forgo bounty compensation, he said.
Modeled After Similar Industry Challenges
The Hack the Pentagon pilot program is modeled after similar challenges conducted by some of the nation’s biggest companies to improve the security and delivery of networks, products and digital services, Cook noted. By providing a legal avenue for the responsible disclosure of security vulnerabilities, he added, bug bounties engage the hacker community to contribute to the security of the Internet.
Individual bounty payments will depend on a number of factors, he said, but will come from the $150,000 in funding for the program.
“This initiative will put the department’s cybersecurity to the test in an innovative, but responsible way,” Defense Secretary Ash Carter said of the program. “I encourage hackers who want to bolster our digital defenses to join the competition and take their best shot.” (Source: US DoD)
DoD’s Defense Digital Service, which Carter launched in November, is leading the initiative. “The DDS, an arm of the White House’s dynamic cadre of technology experts at the U.S. Digital Service, includes a small team of engineers and data experts meant to improve the department’s technological agility,” Cook said.
30 Mar 16. Germany’s BND Intelligence Agency Is Cutting Cooperation With The NSA. German intelligence has drastically reduced its cooperation with the US National Security Agency in response to a growing fall-out over their alleged joint surveillance of European officials and companies, according to media reports.
The BND, Germany’s foreign intelligence agency, ceased the online surveillance it is believed to have been carrying out on behalf of the NSA at its satellite listening station in Bad Aibling, Bavaria, at the start of the week, pending an investigation into the scandal. The end of the operation was reported by the national daily newspaper Süddeutsche Zeitung and other German media, citing sources close to a German parliamentary inquiry into the allegations.
Fax and phone intercepts were still being passed o