Wiz-Kid teen hacks Pentagon website, gets thanked for finding security flaws
Image: Youtube/Tech Talk
Hack Pentagon during AP Chem? No Biggie.
So it's pretty much common knowledge that if you attempt to hack the web database of the most powerful and heavily scrutinized department of defense in the world, you get into a SHIT load of trouble. Not that it's an easy task to accomplish in the first place. Given that the Pentagon and its affiliated U.S Defense Department websites are used to having foreign espionage missions poking around its bushes on a daily basis, it's hard to envision a sub-urb dwelling college-programmer breaking through the Pentagon's websites outside the realms of Tom Cruise/Bruce Willis blockbusters. Reality check. It happens. And the mastermind hadn't even attended Senior-prom yet.
Teen breaches the iron-fortress of Pentagon/Image: Unilad
According to Reuters, Washington D.C. High school student David Dworken successfully managed to hack into the Pentagon's websites and singled out six separate cases of security vulnerabilities that were present within its database. Time elapsed? 10 hours, fully accomplished in between classes. Tools used? No Iron-Man holographic displays, no matrix-infused coding monstrosities, not even a standard issue double-screen monitor that bankers and gamers use on a daily basis. Just a laptop.
So we get that he's good. So is he currently detained in a secret correctional facility under Area 51 pods? Quite the opposite. Though the U.S. Defense Department isn't too keen on hackers trying to access its sensitive information, let alone point out any signs of internal weakness, the 18 year-old who graduated this week was one of two hackers personally praised by Secretary of Defense Ash Carter for finding bugs before any U.S adversary did. Wait, what?
Dworken, thanked by Pentagon/Image: Facebook
Carter said at a ceremony held in the Pentagon, "We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks...what we didn't fully appreciate before this pilot was how many white hat hackers there are who want to make a difference." Apparently Dworken, who had immediately reported his discovered bugs to the Pentagon, was part of a pilot project initiative launched by the Defense Department this year which invited 1,400 hackers to test the cyber security of its websites. Dworken, along with security consultant Craig Arendt, was congratulated last Friday by Carter and his staff.
The bugs Dworken found would have allowed external players to display whatever they want on the websites and steal valuable account information. Think penis photos on the pentagon home page and covert agents' identities unveiled. A total of 138 vulnerabilities were found during the project, the Pentagon said.
The Pentagon has been reported to have paid a total of $75,000 to successful hackers, in amounts ranging from $100 to $15,000 depending on the magnitude of the findings. Our Wiz-Kid Dworken, whose acumen and attention transcends his peers' stereotypical SNS, relationship and self-esteem driven problems, has confessed that he was approached by recruiters about potential internships. Perhaps of the can't-tell-you-where-I-work-or-I-have-to-kill-you industry.
Carter invites hackers to probe/Image: CNBC
Apparently such "bug bounties" are part of an initiative created by the Pentagon to bypass expensive security audits and vulnerability assessments in exchange for a more open-contest structured model. Never underestimate the power of a stay-at-home hacker that is challenged to breach the networks of an organization that is synonymous with 'the man'. So the 'man's man', Ash Carter, has willingly invited hackers to freely probe the Pentagon's networks under the premise that they will report weaknesses detected.
The Pentagon reported that it had limited the hacker-accessible areas to public domains and other "insensitive" areas, but who knows. The ones who stepped out of line might have been quietly "thanked" for their services in another manner. In any case, Dworken, who will study computer science at Northeastern University come fall, is legitimately awarded black-bagging-free bragging rights for successfully hacking the Pentagon. Not the climactic Hollywood resolution, but nonetheless a great win for prospective coders everywhere.
