Hack the Marine Corps Nets Over $151,000 in Awards

The results of the ‘Hack the Marine Corps’ bug bounty challenge have been announced; over 150 valid vulnerabilities have been uncovered, netting more than $151,000 in awards.

It was in August that the U.S Department of Defence announced the launch of the bug bounty program. A press release dated August 13, 2018 reads, “The U.S. Department of Defense (DoD) and HackerOne, the leading hacker-powered security platform, today announced the launch of the Departments sixth bug bounty program, Hack the Marine Corps. The bug bounty challenge will focus on Marine Corps public-facing websites and services in order to harden the defenses of the Marine Corps Enterprise Network (MCEN). The bug bounty program will conclude on August 26, 2018.”

The ethical hackers who took part in the bug bounty program have uncovered more than 150 valid vulnerabilities, thereby netting over $151,000 in awards during the fortnight-long challenge.

In a Medium post dated October 3, 2018, Major General Matthew Glavy, Commander, U.S. Marine Corps Forces Cyberspace Command said, “Hack the Marine Corps was an incredibly valuable experience. When you bring together this level of talent from the ethical hacker community and our Marines we can accomplish a great deal. What we learn from this program assists the Marine Corps in improving our warfighting platform. Our cyber team of Marines demonstrated tremendous efficiency and discipline, and the hacker community provided critical, diverse perspectives. The tremendous effort from all of the talented men and women who participated in the program makes us more combat ready and minimizes future vulnerabilities ”
In the bug bounty program, which is part of the Hack the Pentagon challenge (launched in May 2016), hackers uncovered many critical security flaws, including one that allowed hackers to access certain important records related to Marine Corps personnel.
Hack the Marine Corps bug bounty program was kicked off on August 12, 2018. A press release from HackerOne reads, “Hack the Marine Corps kicked off with a live hacking event in Las Vegas, NV. on August 12, 2018 during DEF CON 26. During the event, expert security researchers were shoulder-to-shoulder with the Marines from MARFORCYBER. Hackers filed 75 unique valid security vulnerability reports during the event and were initially awarded over $80,000 for helping further secure the MCEN, the Marine Corps’ portion of the DoD Information Network (DoDIN).”

After the 10-hour launch session, the program continued through Aug. 26. Such bug bounty programs are of great use for the DOD since they help identify vulnerabilities and also incur relatively low costs.