Teen Hacks Pentagon’s Websites, United States Government Praises Him For Finding ‘Bugs’
Ash Carter, Secretary of Defense at the Pentagon has thanked David Dworken from Washington, D.C. for finding vulnerabilities in the U.S. Defense Department websites.
The 18-year-old high school student had participated in a bug bounty competition known as ‘Hack the Pentagon’ organised by the newly formed Defence Digital Service (DDS) division of the U.S. Department of Defense. The project invited hackers to test the cyber security of some public Defense Department websites.
More than 1,400 participants had taken part in Hack the Pentagon project that launched this year. The participants found 1,189 vulnerabilities, of which 138 valid reports of vulnerabilities, the Pentagon said. Dworken had reported six vulnerabilities. The pilot project was restricted to public websites and the hackers did not have access to highly sensitive areas. The pilot ran from April 18, 2016, to May 12, 2016.
“We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks … what we didn’t fully appreciate before this pilot was how many white hat hackers there are who want to make a difference,” Carter said at a ceremony where he also thanked Craig Arendt, a security consultant at Stratum Security.
David used to spend 10 to 15 hours between classes on his laptop to crack down the US defence websites. He was able to determine many vulnerabilities that could allow any hacker to take control of those websites and steal account information.
David stated, “It was a great experience. I just started doing more and more of these bug bounty programs and found it rewarding.”
He further added, “Both the monetary part of it and doing something that is good and beneficial to protect data online in general.”
David, who graduated on Monday from Maret high school in Washington, D.C., said he reported six vulnerabilities, but received no reward because they had already been reported. However, he stated that he had been approached by recruiters already about potential internships.
He further plans to do his higher studies in computer science at Northeastern University. Talking about his bug hunting, David said that his first experience with finding vulnerabilities was in 10th grade when he found bugs in his school website.
The Pentagon said that the pilot project cost was $150,000. It has paid a total of about $75,000 to the successful hackers with amounts ranging from $100 to $15,000. The project also included creating a process so that others could report bugs without fear of trial.
“It’s not a small sum, but if we had gone through the normal process of hiring an outside firm to do a security audit and vulnerability assessment, which is what we usually do, it would have cost us more than $1 million,” said Carter.