The Defence Department’s Defence Digital Service spokesperson has admitted that the US Army suffered attacks from 52 hackers from Canada, Germany, and Romania, who bombarded it between 9 October and 15 November 2019, exploiting 146 bugs and vulnerabilities in the process. Fortunately for the Pentagon, though, no Russian hackers were involved this time and the 52 people who attacked its networks were actually participants in the "Hack the Army" hackathon challenge, which has been conducted by the American military since 2016.
The US military organises such challenges in order to regularly detect and close numerous breaches in its cyber defences that could be utilised by potential attackers with malign intent, unlike the hackers-turned-cybersecurity experts participating in "Hack the Army". The latter is a part of a larger US military programme, which also includes similar hackathons – "Hack the Pentagon" and "Hack the Air Force".
"Participation from hackers is key in helping the Department of Defence boost its security practices beyond basic compliance checklists to get to real security", Alex Romero from the DoD's Defence Digital Service said.
Hacking the US Army has also turned out to be a profitable business. The hackers who took part in the latest "Hack the Army" event received a total of $275,000 in bounties for identifying the network's vulnerabilities, according to the Business Wire media outlet. The biggest single bounty reportedly amounted to $20,000. While the Defence Digital Service didn't elaborate on how critical the vulnerabilities detected in the 2019 were, it's known that in one such hackathon a participant managed to sneak into the internal DoD network via a loophole in a publicly available military website.
The report comes as the Pentagon has repeatedly accused North Korea, Iran, and Russia of conducting cyber operations against the US. Moscow, in turn, has also reported that the US is one of the main sources of cyberattacks on targets in Russia. The Kremlin has on numerous occasions reminded Washington of Russia’s initiative to establish global rules for operations in cyberspace; however, the US has so far ignored these proposals.