A 17-year-old high school kid has emerged as the winner in the "Hack the Air Force" bug bounty jadwal organised by the US Department of Defence (DoD), pocketing $130,000.
Jack Cable made it to the top by hacking and identifying about 30 critical vulnerabilities in the Air Force cyber infrastructure which was attended by some 272 hackers from "The Five Eyes" (FVEY) intelligence alliance. The participants came from the US, UK, Canada, New Zealand and Australia..
Also read: Privacy Group says Hotspot VPN threatens users' Privacy, Snoop and Monetizes Web Traffic
"Two participants in the jadwal were active duty military personnel and 33 participants came from outside the U.S. Top participating hackers were under 20 years old, including a 17-year-old who submitted 30 valid reports and earned the largest bounty sum during the challenge windows," a statement from the Air Force read.
In an interview conducted by marketplace, cable said that he found an XML external vulnerability. "I found that i could give it a URl and the application would make a request to that website. And i was able to escalate that after working on it for a few hours into a remote code execution. So that would allow me basically to do whatever i wanted. So i could access all the user data on the website and i could change anything that i wanted to."
The "Hack the Air Force" jadwal was launched by the US Department of Defence, encouraging hackers to hack the Air Force so as to discover and patch any vulnerabilities in ts cyber infrastructure. This way the hacker would earn money and the Pentagon would also patch any flaw found during the hack.
0 comments:
Post a Comment