Tuesday, 2 January 2018

Hackers and Bugs and Bounties, oh my!

It's 2018, and what have we here? Looks like Mindef is getting (even more) serious about cyber-security!

Following what could only be described as an alarming breach of the Defence Ministry's I-Net system almost a year ago, it was announced just last month that a white hat exercise would be conducted. This exercise would be called...

...The Mindef Bug Bounty Programme


What's happening here is that roughly two weeks from now, 300 selected security experts are going to try hacking into the Defence Ministry's Internet-facing systems. 300, eh? Why does that sound so familiar? Are they, by any chance, planning to dine in hell? (heh heh)


This event is being facilitated by HackerOne, a bug bounty company.

So what's a Bug Bounty Programme?

This is an event where white hat hackers and security specialists are invited to probe a given site for security vulnerabilities. Rewards are offered to participants for each vulnerability found. Yep, it's as simple as that.

What's the catch?

A few points come to mind.

Firstly, there's no guarantee that none of these 300 security experts won't turn over the findings to someone else other than Mindef. The prize money ranges from SGD 150 to 20,000. I could be wrong, but wouldn't a serious security flaw be worth much more to some other parties?

Secondly, and again I could be off-base here, but real security experts wouldn't be known publicly, would they? No, I imagine they'd be holed up somewhere, their identities kept top secret and their activities all but untraceable. I mean, the pasty-faced, bloodshot-eyed fellas with criminal intent - those are the crème de la crème, right?

Still, in all fairness, this is pretty consistent with Ong Ye Kung's report last year on the Cyber Defence Team to be set up, and the declaration that the SAF is seeing the cyber domain as the next possible battleground. They're... hardly wrong on that score, though they seem a little late to the party. Still, we all have to start somewhere and maybe this is it.

Also, hey, the US Department of Defense did the same thing two years ago. Can't go wrong following their lead, can we?

Have a bountiful 2018,
T___T

No comments:

Post a Comment