The U.S. government launched Hack the Army 3.0, the third edition of its bug bounty program, in collaboration with the HackerOne platform.
The second Hack the Army bug bounty program ran between October 9 and November 15, 2019. The bug bounty program operated by the Defense Digital Service, along with the U.S. Department of Defense (DoD) paid more than $275,000 in rewards and a total of 146 valid vulnerabilities were reported.
The previous edition of the bug bounty program saw the participation of the 52 white hat hackers. US army asked participants to test more than 60 publicly accessible web assets, including *.army.mil, *.goarmy.mil, and the Arlington Cemetery website.
Now the US government announced that Hack the Army 3.0 that takes place between January 6 and February 17.
“Bug bounty programs are a unique and effective ‘force multiplier’ for safeguarding critical Army networks, systems and data, and build on the efforts of our Army and DoD security professionals,” said Brig. Gen. Adam C. Volant, U.S. Army Cyber Command Director of Operations. “By ‘crowdsourcing’ solutions with the help of the world’s best military and civilian ethical hackers, we complement our existing security measures and provide an additional means to identify and fix vulnerabilities. Hack the Army 3.0 builds upon the successes and lessons of our prior bug bounty programs.”
“We are proud of our continued partnership with the Army to challenge the status quo in strengthening the security of military systems and shifting government culture by engaging ethical hackers to address vulnerabilities” says Brett Goldstein, Director, Defense Digital Service. “We’re calling on civilian and military hackers to show us what they’ve got in this bug bounty and to help train the future force.”
The initiative continues to be operated by the Defense Digital Service (DDS) that will invite a selected number of military and civilian white hat hackers.
According to the program policy, only civilian participants are eligible for bug bounties.
National security is literally at stake across a wide range of critical areas: 1) intelligence 2) infrastructure 3)military 4) bureaucratic operations.
To us at BLAKFX, the era of perimeter data security tools has long been over. When data security firms themselves are being used to compromise your data then a new way is needed.
Our Motto: In Math We Trust
The bottom-line is that the federal government is relying an outdated approach that still dominates data security products i.e. that we must build a perimeter to defend against data theft. This is old thinking and as demonstrated, hackers can breach just about any perimeter and now can use those same products to compromise their clients. American National Security cannot depend on outdated data security.
What is needed is a better approach to data security. Perimeter products that try to keep hackers out will all eventually be breached. Fanaticism on identification through bio-metrics, password managers or 2FA are only as secure as the person entrusted to follow the protocol. As we all have learned, the human error component can always be breached. In the near future, when quantum computing becomes more mainstream, products that rely on TLS-based encryption will be instantly obsolete.
The only solution is for data security products that actually protect the data itself.
BLAKFX has delivered. The Helix22 data security SDK protects all data at rest, in use and in transit. Review Helix22 API, examples and documentation on our GIT
BLAKFX Military advisor, Major General (Ret) Stephen T Sargeant
CEO of Marvin Test Solutions
BLAKFX delivers all this security assurance very confidently due to our genius engineering team spearheaded by Robert Statica and Alex Maslov who have invented a new model for data security that required an innovative look at the problem. As mentioned, the approach we took was to protect the data itself. Almost all other data security products try to build a perimeter or being fanatic on user identification. However, once the product is breached or a password is stolen, your firm/nations data is in the clear.
You see, our cryptography is embedded with the data itself through our inventive and patented process of DNA BindingTM. Therefore, even if a breach were to occur the data cannot be exfiltrated. This means that all your firm/nations data is 100% protected regardless of the type of attack. Further, Helix22 protects data at rest, in use and in transit. No other data security can make that claim. Artificial Intelligence and Machine Learning experimentation runs and generates incalculable amounts of data. All is protected at its inception.
Our patented DNA BindingTM cryptography is what enables our low, low latency. As the encryption is with the data, there is no need to create the large packets required in RSA.
We can make this claim as the tech engineers at BLAKFX invented and patented a genuine user2user (U2U) encryption. We manage data security transmission through the truly brilliant and also patented universal Helix22 key service. The encryption originates on your network or device, not just when the app is opened. This means, that when data arrives to our key server, it is already encrypted so all it needs to do is issue another key. Signal and Telegram cannot claim this level of security. This key will then only work with the intended device, which generates a matching key required to open the data. In this protocol, we are truly a “zero-knowledge” server so your communications and transmissions remain completely top secret. Even in the event that BLAKFX were subpoenaed, we can honor the request by just handing over the encrypted content…as that is literally all we have. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user-to-user encryption (U2U) world, there is no opportunity at all for any data leak.
This same protocol just described, can be the same with all your 3rd party vendors and suppliers. It does not matter in the least what platform they are running or what device they are using or even the type of data, it is all 100% protected. We do however, strongly advise that all firms involved be utilizing Helix22 due to the nature of the data content. Helix22 can ensure that whatever data they are generating is protected as well.
Let’s take it a step further. Even if your organization were a victim of an internal attack or a victim of malicious open source downloads, there is no reason for concern. Any data that has been forwarded, downloaded, copied or saved cannot be exfiltrated. Period. We have the technology industries foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstand penetration testing from MI5 and quantum computing attacks.
One final practical genius of DNA BindingTM is in that it is immediately compatible with whichever system or software you are utilizing. Therefore, any organization can forward information to another and then discuss it and there is immediate privacy.
BLAKFX is Based on Proven Success
Our founders, Robert Statica PhD and Kara Coppa, also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. The Helix22 data security SDK is several generations enhanced since then. Dr. Statica also delivered the encryption for the world’s most secure phone, Katim.
Founder – Robert Statica PhD Founder – Kara Coppa Founder – Alex Maslov MS, MBA
Co-Founders of Wickr KatimTM Ultra Secure Smartphone
Finally, our encryption is quantum computing ready so no need to redo all your data security methodologies in a couple of years when everything else becomes obsolete.
We like to refer to BLAKFX as “22nd Century Data Security.”