|
Teen hacks Pentagon websites, gets
thanked for finding 'bugs'
Send a link to a friend
 [June 18, 2016]
By Idrees Ali
WASHINGTON (Reuters) - High school student
David Dworken spent 10 to 15 hours between classes on his laptop,
hacking U.S. Defense Department websites.
Instead of getting into trouble, the 18-year-old who graduated
this week was one of two people praised by Secretary of Defense Ash
Carter at the Pentagon on Friday for finding vulnerabilities before
U.S. adversaries did.
"We know that state-sponsored actors and black-hat hackers want to
challenge and exploit our networks ... what we didn't fully
appreciate before this pilot was how many white hat hackers there
are who want to make a difference," Carter said at a ceremony where
he also thanked Craig Arendt, a security consultant at Stratum
Security.
More than 1,400 participants took part in a pilot project launched
this year, and found 138 valid reports of vulnerabilities, the
Pentagon said. The project invited hackers to test the cyber
security of some public Defense Department websites.
The pilot project was limited to public websites and the hackers did
not have access to highly sensitive areas.
The U.S. government has pointed the finger at China and Russia,
saying they have tried to access government systems in the past.
 The Pentagon said it paid a total of about $75,000 to the successful
hackers, in amounts ranging from $100 to $15,000.
Dworken, who graduated on Monday from Maret high school in
Washington, D.C., said he reported six vulnerabilities, but received
no reward because they had already been reported.
However, Dworken said he had already been approached by recruiters
about potential internships.
He said some of the bugs he found would have allowed others to
display whatever they wanted on the websites and steal account
information.
[to top of second column] |
An illustration picture shows a projection of binary code on a man
holding a laptop computer, in an office in Warsaw June 24, 2013.
REUTERS/Kacper Pempel
Dworken, who will study computer science at Northeastern University,
said his first experience with finding vulnerabilities was in 10th
grade when he found bugs on his school website.
"Hack the Pentagon" is modeled after similar competitions known as
"bug bounties" conducted by U.S. companies to discover network
security gaps.
The Pentagon said the pilot project cost $150,000, including the
reward money, and several follow up initiatives were planned. This
included creating a process so others could report vulnerabilities
without fear of prosecution.
"It's not a small sum, but if we had gone through the normal process
of hiring an outside firm to do a security audit and vulnerability
assessment, which is what we usually do, it would have cost us more
than $1 million," Carter said.
(Reporting by Idrees Ali; Editing by David Gregorio)
[© 2016 Thomson Reuters. All rights
reserved.]
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
