White Hat Teen Hacks Pentagon Websites

Pentagon hack

A high-school student and hacker spent nearly 10-15 hours between classes hacking U.S. Department of Defense (DOD) websites, between classes. He got thanked and praised for it by the Pentagon.

An 18-year old student who graduated this week was among two individuals praised at the Pentagon by Secretary of Defense Ash Carter. David Dworken, a graduate from the Washington, D.C., area, turned in several vulnerabilities that he discovered after the announcement of the Pentagon cybersecurity initiative. The bug bounty program was the first ever program of its kind to be issued by the federal government.

Hacked reported on the aptly named “Hack the Pentagon” initiative, put together by the DOD’s Defense Digital Service (DDS), the new arm of the US Digital Service launched in November 2015.

Launched on April 18, the bug bounty program ran until May 12.

Secretary of Defense Ash Carter spoke about the massive response garnered form the white-hat hacker community toward the program.

In a press release, he stated:

We know that state-sponsored hackers and black-hat hackers want to challenge and exploit our networks. What we didn’t fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference- hackers who want to help keep our people and nation safer.

Although none of the Department’s critical websites were open for picking vulnerabilities, five public-facing websites including defense.gov, were fair game.

Over 1,400 eligible hackers completed the registration and were invited to participate in the event. Over 250 hackers submitted at least one vulnerability report. In all, 138 were determined to be legitimate and were eligible for a bounty reward. Each one of these vulnerabilities were duly patched by the department. The entire cost of the pilot – $150,000.

High-schooler David Dworken stated:

It was a great experience. I just started doing more and more of these bug bounty programs and found it rewarding.

He further added:

Both the monetary part of it and doing something that is good and beneficial to protect data online in general.

Dworken also said that he had been approached by recruiters already about potential internships.

Featured image from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.