The U.S. Marine Corps Resolves Nearly 150 Vulnerabilities Thanks to Hackers

“I think we found something good,” said hackers @sumlac, @teknogeek, and @johnny said to a member of the MARFORCYBER team at the kickoff live hacking event on August 12, 2018 in Las Vegas for Hack the Marine Corps. The Marine peered over his shoulder as @sumlac and his fellow hackers split one of the largest HackerOne government bounties to-date: $10,000.
 
To this, Maj. Gen. Glavy, the highest ranking officer on site, replied, “We’ve got work to do.”
 
Hack the Marine Corps, the U.S. Department of Defense’s (DoD) sixth public bug bounty challenge, officially concluded and the results are in! Over 100 ethical hackers tested public-facing Marine Corps websites and services in an effort to harden the defenses of the Marine Corps Enterprise Network (MCEN). Over the 20 days of the hacking challenge, hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER) team and were awarded over $150,000 for their findings.
 
“I will never forget having a two-star General looking over the shoulder of hackers while they dug deeper into a Marine Corps site with permission and oversight from the Marine Corps team. Experiences like these are incredibly valuable to the organizations, and for the hackers who rarely get that type of opportunity to dive deeper,” said Luke Tucker, Sr. Director of Community at HackerOne.

^{From left to right: @johnny, @teknogeek, a member of the MARFORCYBER team and @sumlac discuss findings}

“It was great having the opportunity to work side-by-side with the Marines to help secure their assets,” said Tanner Emek, one of the participating hackers. “These are my favorite types of programs to be a part of, because they allow me to have a massive impact on systems critical to national security.”

“Hack the Marine Corps was an incredibly valuable experience. When you bring together this level of talent from the ethical hacker community and our Marines we can accomplish a great deal. What we learn from this program assists the Marine Corps in improving our warfighting platform. Our cyber team of Marines demonstrated tremendous efficiency and discipline, and the hacker community provided critical, diverse perspectives. The tremendous effort from all of the talented men and women who participated in the program makes us more combat ready and minimizes future vulnerabilities,” said Major General Matthew Glavy, Commander, U.S. Marine Corps Forces Cyberspace Command.

^{From left to right: @cache-money and @meals talk through a report with a member of the MARFORCYBER team}

Hack the Marine Corps is the sixth public U.S. government bug bounty program to-date and part of the DoD’s Hack the Pentagon crowd-sourced security initiative with HackerOne and the Defense Digital Service, which launched in 2016. More than 5,000 valid vulnerabilities have been reported in government systems through its ongoing vulnerability disclosure program, as well as Hack the Army, Hack the Air Force, Hack the Air Force 2.0 and Hack the Defense Travel System, and now Hack the Marine Corps bug bounty challenges, which have led to more than 800 valid vulnerabilities reported and paid out over $500,000 cumulatively.
 
Incredible work from hackers from all over the globe. Thank you!
 

^{Participating hackers, U.S. Marines, and Defense Digital Services staff, pose at the Hack the Marines kickoff event}