Hackers filed more than 100 security vulnerability reports during the 29-day Hack the DTS (Defense Travel System) bug bounty initiative and amassed nearly $80,000 for their efforts.
“DTS is relied on by DoD travelers. More than 9,500 sites operate worldwide, and the security of these systems is mission-critical,” Jack Messer, project lead at Defense Manpower Data Center (DMDC), said in a release. “The ‘Hack the DTS’ challenge helped uncover vulnerabilities we wouldn’t have found otherwise, complementing the great work DMDC is already doing to protect critical enterprise systems and the people those systems serve.”
The DTS challenge, which allowed the use of social engineering, is part of the Defense Department’s Hack the Pentagon bug bounty program on the HackerOne platform. The initiative saw 19 hackers report vulnerabilities – 28 of which had critical or high severity ratings. The highest bounty awarded was $5,000, with eight individual hackers reaping that pay out.