Subscribe
subscribe customer help contact us faq advertise with us

Migration

18-year-old hacker honored at Pentagon

By
Stars and Stripes
Secretary of Defense Ash Carter on Friday, June 17, 2016, congratulates 18-year-old David Dworken, left, and Craig Arendt, 35, for finding six vulnerabilities in DODs websites during the department's "Hack the Pentagon" competition.

Secretary of Defense Ash Carter on Friday, June 17, 2016, congratulates 18-year-old David Dworken, left, and Craig Arendt, 35, for finding six vulnerabilities in DODs websites during the department's "Hack the Pentagon" competition. (Tara Copp/Stars and Stripes)

WASHINGTON — On Monday, 18-year-old David Dworken graduated from high school. By Friday, he was honored by Secretary of Defense Ash Carter at the Pentagon.

Dworken was one of two private citizens presented with a challenge coin from Carter on Friday for their roles in “Hack the Pentagon,” a program designed for computer hackers to compete against one another in searching for technical vulnerabilities within the DOD’s public websites. Dworken and Craig Arendt, 35, were two of the 1,410 hackers who responded to the competition.

All told, the hackers found 138 ways that the department’s public websites allowed malicious attacks where personal information could be stolen, or where hackers could hijack the website to force it to post unauthorized content.

Dworken was still in class at the Maret School in Washington, D.C., when the competition launched April 18. He was finishing advanced placement courses that would allow him to get college credits that he will apply later this year at Northeastern University in Boston.

“So it was pretty busy for me,” he said Friday.

But Dworken would open up his laptop computer between classes “and remote into various servers that I own at home, or rent in a facility” and start prodding the sites. He worked at it for about 15 hours.

The DOD’s competition ended May 12.

The competition came with prize money for each hacker who was first to report a vulnerability. In all, the program, which cost $150,000 to run, paid out about $75,000 to individual hackers, Carter said. Arendt found 22 bugs and won about $2,000, Carter said. Dworken found six, but did not win any cash because he wasn’t the first to find any of the vulnerabilities that he reported.

But he still found it rewarding and he said he would “absolutely” come back to try and hack the Pentagon again.

Carter said Friday that he is directing the program be expanded, and move from the DOD’s public websites to eventually test the department’s more sensitive non-public databases. During the last few years, DOD systems have been repeatedly hacked – from the hijacking of U.S. Central Command last year by an Islamic State-affiliated group called the “cyber caliphate” to the hacking of the Office of Personnel Management, which exposed the background check data of millions of DOD personnel.

“The more friendly eyes we have on some of our systems and websites, the more gaps we can find,” Carter said.

copp.tara@stripes.com Twitter:@TaraCopp

Migrated

Sign Up for Daily Headlines

Sign up to receive a daily email of today's top military news stories from Stars and Stripes and top news outlets from around the world.

Sign Up Now