20 February 2017

Hack the Pentagon II finds vulnerability in secure DoD systems


by Tony Ware

The Department of Defense has been alerted to critical vulnerabilities in a secure file transfer system it uses after a group of 80 security researchers vetted and recruited by application security company Synack Inc. participated in a sanctioned Hack-the-Pentagon exercise from Jan. 11-Feb. 7.

Founded by two former National Security Agency analysts, Synack was commissioned in spring 2016 to carry out bug bounties on public web applications and most recently to gather adversarial intelligence through a concentrated attack on sensitive DoD mechanisms replicated within a digital laboratory.

Synack’s team of ethical hackers used proprietary vulnerability intelligence technologies to identify ways to bypass network barriers, exfiltrate data and take control of the file-transfer tool, which is used to move mission-critical emails, documents and images within the Pentagon and in the field.

DoD employees are reportedly fixing the gaps and are considering further projects to test and secure cracks in command and control and human resources systems.

Read the original announcement, which contains a link to a more detailed Bloomberg report on the internal systems breach tests.

No comments: