Hackers expose 54 vulnerabilities within the Air Force cloud

Airmen with the 68th Network Warfare Squadron monitor Air Force communications to analyze disclosures of critical information and perform data loss prevention at Joint Base San Antonio-Lackland, Texas, Oct. 25, 2018. (U.S. Air Force photo by J.M. Eddins Jr.)

The US Air Force’s cloud network has been strengthened, thanks to hackers willing to expose over 54 vulnerabilities within.

Known as Cloud One, the online commercial portal was a sanctioned battleground for white-hat hackers, who found multiple ways to maliciously take on the system.

Both the Air Force and the Defense Department’s Defense Digital Service offered up to $130,000 to coders who could find ways into the Air Force’s commercial cloud environment.

Lasting from March to June, the top award earned one hacker over $20,000.

“The challenge was unique in a number of different ways,” said James Thomas of the Defense Digital Service’s Hack the Air Force portfolio. “The first phase was source code analysis, the second was [Amazon Web Services[ environment testing, third was [Microsoft Azure] testing, four was a black box network authentication assessment, five was social engineering and six was the Air Force portal.”

According to the Federal News Network, the hackers took over some developer configuration vulnerabilities that, while easy for developers to use and tweak programs, also provided a shady back door for those wishing to take over.

Thomas lauded the bug bounty hunt, claiming it offers fresh perspective and talent to tackle tough problems.

“We have our internal cyber protection teams, we have our internal intrusion detection systems and devices, we have network scanners and they work to the extent of what they work at, but we really are seeing a different shift in mentality,” Thomas said. “We are able to procure a crowdsource security model that really brings a huge surface area of knowledge that sometimes our internal teams don’t have because researchers are exposed to every type of industry imaginable.”

© 2019 Bright Mountain Media, Inc. All rights reserved.

The content of this webpage may not be reproduced or used in any manner whatsoever without the express written consent of Bright Mountain Media, Inc. which may be contacted at info@brightmountainmedia.com, ticker BMTM.