18-year-old hacker honored at Pentagon
By TARA COPP | STARS AND STRIPES Published: June 17, 2016
WASHINGTON — On Monday, 18-year-old David Dworken graduated from high school. By Friday, he was honored by Secretary of Defense Ash Carter at the Pentagon.
Dworken was one of two private citizens presented with a challenge coin from Carter on Friday for their roles in “Hack the Pentagon,” a program designed for computer hackers to compete against one another in searching for technical vulnerabilities within the DOD’s public websites. Dworken and Craig Arendt, 35, were two of the 1,410 hackers who responded to the competition.
All told, the hackers found 138 ways that the department’s public websites allowed malicious attacks where personal information could be stolen, or where hackers could hijack the website to force it to post unauthorized content.
Dworken was still in class at the Maret School in Washington, D.C., when the competition launched April 18. He was finishing advanced placement courses that would allow him to get college credits that he will apply later this year at Northeastern University in Boston.
“So it was pretty busy for me,” he said Friday.
But Dworken would open up his laptop computer between classes “and remote into various servers that I own at home, or rent in a facility” and start prodding the sites. He worked at it for about 15 hours.
The DOD’s competition ended May 12.
The competition came with prize money for each hacker who was first to report a vulnerability. In all, the program, which cost $150,000 to run, paid out about $75,000 to individual hackers, Carter said. Arendt found 22 bugs and won about $2,000, Carter said. Dworken found six, but did not win any cash because he wasn’t the first to find any of the vulnerabilities that he reported.
But he still found it rewarding and he said he would “absolutely” come back to try and hack the Pentagon again.
Carter said Friday that he is directing the program be expanded, and move from the DOD’s public websites to eventually test the department’s more sensitive non-public databases. During the last few years, DOD systems have been repeatedly hacked – from the hijacking of U.S. Central Command last year by an Islamic State-affiliated group called the “cyber caliphate” to the hacking of the Office of Personnel Management, which exposed the background check data of millions of DOD personnel.
“The more friendly eyes we have on some of our systems and websites, the more gaps we can find,” Carter said.