During five weeks between October 9 and November 15, 2019, the U.S. Army was hacked by a total of 52 hackers. This isn’t as bad as it sounds. A spokesperson at the U.S. Department of Defense Defense Digital Service said the hacking strengthens its security posture. That’s because the 52 hackers were of the ethical variety and participating in the second “Hack the Army” event to have taken place since 2016.
A method in the cyber-madness
You might be forgiven for thinking that inviting hackers to attack your online assets would be a bad thing for any organization, let alone the U.S. Army. Threat actors hardly need an open invitation to cause havoc, after all. Only recently, the U.S. Government warned organizations to upgrade a particular VPN or face continued cyber-attacks, and both a New York airport and the City of New Orleans have fallen victim to ransomware attackers. Yet there is a method in this apparent cyber-madness. Hack the Army 2.0 was a joint venture between the U.S. Department of Defense, the Defense Digital Service and the HackerOne bug bounty platform.
The HackerOne hacker-powered bug bounty platform
HackerOne, you might recall, is a hacker-powered penetration testing and vulnerability discovery platform that has made millionaires of some of its best hackers. One even managed to hack the HackerOne platform itself, such is the tenacity and talent of those who are signed up. The point of the platform, and the reasoning behind Hack the Army, is to uncover flaws and bugs that could leave an organization, in this case the U.S. Army, vulnerable to attack from less principled hackers including nation-state adversaries such as Iran.