U.S. Air Force Successfully Hacked By ‘Battalion’ Of 60 Hackers
During four weeks towards the end of 2019, a total of 60 hackers managed to hack the U.S. Air Force.
Between October 23 and November 20, what was described as "a battalion of hackers" by Dr. Michael Parker, CIO, and deputy chief of U.S. Air Force staff for manpower, personnel and services, took aim at the Air Force Virtual Data Center.
This really is not as bad as it first seems. The hackers were of the white hat variety and taking part in the fourth Hack the Air Force challenge. A challenge, operated in partnership between the U.S. Department of Defense and the HackerOne hacking platform, designed to strengthen security posture rather than weaken it.
Hack The Air Force 4.0
Hack the Air Force 4.0 was, as the name suggests, the fourth hacker-powered challenge to probe the cybersecurity of U.S. Air Force assets. However, it is the tenth challenge in all that has been completed since the first Hack the Pentagon project was launched back in 2016 and led to the Department of Defense establishing a vulnerability disclosure policy.
A Hack the Army challenge first ran at the end of 2016, while the first Hack the Air Force one started in May 2017. Hack the Army 2.0 took place between October 9 and November 15, 2019. As I reported at the time, 52 hackers were able to find 146 security vulnerabilities and were rewarded with bounties totaling $275,000 (£220,000) for their efforts.
460 vulnerabilities revealed, $290,000 rewarded
During Hack the Air Force 4.0, the 60 hackers taking part managed to uncover 460 vulnerabilities and earned $290,000 (£232,000) in bounties. The vulnerabilities were found within the pool of cloud-based servers and systems known as the U.S. Air Force Virtual Data Center. "It is the U.S. Air Force’s goal to be leaders, innovators and warriors in air, space and cyberspace," Dr. Michael Parker said, "partnering with HackerOne will allow us to take the necessary risks to harden our defenses with the assurance of a battalion of hackers on our side."
12,000 vulnerabilities resolved by joint DoD and HackerOne programs
Since that first Hack the Army program, which found a total of 118 vulnerabilities, things have gone from strength to strength as far as these elite hackers are concerned. Thanks to the efforts of all the ethical hackers concerned down the years, the U.S. Department of Defense has managed to fix more than 12,000 vulnerabilities.
That is 12,000 vulnerabilities that might never have been found by the good guys and so potentially left open to be exploited by enemies of the United States instead. "The U.S. Air Force provides an example of the proven impact of collaborating with hackers to bolster security," Jon Bottarini, the federal technical program manager lead at HackerOne, said.
Photo: U.S. Air Force was hacked by 60 hackers over a four week period - GETTY