18 Year Old Hacks Pentagon Websites And Receives Appreciation From Government
David Dworken, an 18 year old recent high school graduate from Washington area, appeared at the Pentagon ceremony alongside Cartar and said he worked on finding bugs in spare time.
He has been participating in bug bounty programs since he was in 10th grade and plans to study computer science in college.
Although David has not earned any rewards because he discovered flaws which are already reported by others but he said taking part in this event is not less than rewarding in terms of networking.
He said, “I am just in high school and I have recruiters contacting me for internships over the summer”.
Based on the success of “Hack the Pentagon” program, Carter said his department is working to expand the bug bounty program create a new initiative for it similar to bug bounty program for Facebook, twitter etc. Hack the Pentagon program paid the decent amount of rewards to the white hacker for finding flaws in Pentagon website which ran from 18th April to 12th May. But in this, hacker tried to exploit only 5 public facing websites defence.gov, dodlive.mil, dvidshub.net, myafn.net and dimoc.mil.
The department believes that this concept will be successful if it is applied to many or all of departments of defence.
“Hack the Pentagon” event is the first bug bounty program in the history of federal government and attracted more than 1,400 hackers including students. This event was a cost effective way to supplement and support to our dedicated people.
In this event, hackers were invited for finding the security flaws in 5 Pentagon websites but participants are required to be US citizens and go through the background check before being accepted into the program. As a result of the event, it discovered around 1189 vulnerabilities in 5 Pentagon websites from which 138 of them are legitimate and unique.
Total cost for this event is $150,000, from which half of that is going to the hacker.
In one of the ceremonies at Pentagon, Carter said:
“It's not a small sum, but if we had gone through the normal process of hiring an outside firm to do security audit and vulnerability assessment, which is what we usually do, it would have cost us more than $1 million.”