© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

US is crowd-sourcing security

A hacker, once a villain, is now becoming the government’s best friend. The US is asking hackers for help to outsmart cybercriminals.

Hack U.S. program puts ethical hackers under a spotlight – good faith researchers seem to have become an essential source of intelligence, helping the US to up its security game.

It was launched by the Chief Digital and Artificial Intelligence Office (CDAO), Directorate for Digital Services (DDS), DoD Cyber Crime Center (DC3), and HackerOne, on July 4 for hackers worldwide to earn monetary rewards for reporting critical and high vulnerabilities.

A seven-day challenge brought together 267 hackers, who were awarded a total of $75,000 in bug bounties.

“In just seven days, Hack U.S. ethical hackers submitted 648 reports, including numerous reports which could have been critical had they not been identified and remediated during this bug bounty challenge,” Melissa Vice, Vulnerability Disclosure Program (VDP) director at DC3, said.

“We knew from years of a successful VDP that professional hackers are a critical extension of our team. This bounty challenge shows the extra value we can earn by leveraging their subject matter expertise in an incentivized matter.”

Paying out monetary rewards helps to harden defenses in “a very impactful way.”

“We have to make sure we stay two steps ahead of any malicious actor. This crowd-sourced security approach is a key step to identifying and closing potential gaps in our attack surface,” Katie Savage from DDS said.

The most common vulnerability found by hackers is categorized as information disclosure, followed by improper access control and SQL injection.

“With the identification of vulnerability trends, we can seek out patterns of detection and ultimately create new processes and system checks to ensure we address the root cause and develop further mitigations against malicious actors who might try to exploit our systems,” Vice said.

Savage added that every hacker report helps lowering collective cyber risk and safeguard the nation.

“Over the years, the partnership between ethical hackers and the US government has yielded thousands of security insights and created lasting partnerships with security experts around the world,” Savage said.

In May, the Department of Justice (DOJ) announced the revision of its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA), saying it would no longer prosecute good-faith researchers.

A few weeks ago, the US army officially invited people to join “the battlefields of the 21st century” – the cyber arena. Cyber warriors will be trained to recognize adware, ransomware, and spyware aimed at key government facilities and financial centers, as well as locate international hacker networks and disrupt the schemes of domestic cybercriminals.

More from Cybernews:

App breaches on the rise as people experience security fatigue, experts say

TikTok could face $30 million fine for unlawfully processing data of children

Apple's 30% fee on NFT sales might not be draconian after all, expert says

Data ‘flea markets’ a treasure trove for ransom gangs, study finds

Walmart enters metaverse via Roblox

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked