US Cyber Command’s ‘Hack The Proxy’ Program Uncovers Over 30 Vulnerabilities

• Out of the 31 vulnerabilities discovered, 9 were “high severity” vulnerabilities and 1 was found to be a “critical” vulnerability.
• The top bug bounty hunter, who is based in the US, earned a total of $16,000.

What’s the matter?

The U.S. Department of Defense (DoD) and HackerOne have announced that the US Cyber Command’s ‘Hack the Proxy’ bug bounty program has uncovered over 30 vulnerabilities.

This is the Department of Defense’s eighth bug bounty program which is sponsored by the US Cyber Command.

Key highlights

Through the ‘Hack the Proxy’ program, 81 ethical hackers have uncovered a total of 31 vulnerabilities across the Department of Defense proxies, virtual private networks, and virtual desktops.

• Out of the 31 vulnerabilities discovered, 9 were “high severity” vulnerabilities and 1 was found to be a “critical” vulnerability.
• In addition to the high severity and critical vulnerabilities uncovered, 21 “medium” or “low severity” vulnerabilities were also found.

Over the two-week program, which occurred between September 3 to September 18, 2019, hackers from the U.S., India, Turkey, Ukraine, and Canada, were invited to participate in the bug bounty program.

“Hack the Proxy is an important approach that leverages crowd-sourced talent for an outside-in view of our vulnerabilities. At little cost, we identify and mitigate vulnerabilities more effectively, making the Department’s networks more resilient and securing our data from malicious cyber actors,” MSgt Michael Methven, Directorate of Operations at U.S. Cyber Command said, SCMagazine reported.

Worth noting

• The Department of Defense awarded a total of $33,750 to the hackers for their efforts.
• The top bug bounty hunter, who is based in the U.S.-based earned a total of $16,000.

“With each new initiative, the Department of Defense further bolsters its cyber defenses against rogue enemy actors thanks to white hat hackers from across the globe. As our adversaries become more sophisticated in their tactics, we must stay one step ahead to protect our citizens and defense systems. HackerOne’s global community of vetted hackers have helped us discover and remediate vulnerabilities that represent real risk to national security,” Alex Romero, Digital Service Expert at the Department of Defense Defense Digital Service said, Cyberscoop reported.