MoD pays ‘ethical hackers’ to find flaws in bid to avoid cyber attacks

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Hackers have been paid by the Ministry of Defence (MoD) to search their computer systems for vulnerabilities before they can be exploited by real cyber threats.

a close up of a street in a dark room: MoD pays hackers to find system flaws in first paid bug bounty program

© PA Wire
MoD pays hackers to find system flaws in first paid bug bounty program

The department’s first bug bounty program saw 26 so-called “ethical hackers” invited to go under the bonnet of its networks for 30 days, in a bid to get ahead of bad actors and improve national security.

Bug bounty programs offer people a financial reward in exchange for reporting technical flaws.

It is a non-traditional approach for the MoD but common practice among the technology industry and has already been adopted by the US Department of Defence to great success.

The program is led by HackerOne, which carries out background checks on its community of hackers.


Load Error

Christine Maxwell, the MoD’s chief information security officer, said the move was an “essential step in reducing cyber risk and improving resilience”.

“Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets,” she explained.

One participant, Trevor Shingles, said he was able to alert the MoD to a flaw he uncovered which would have allowed a bad actor to modify permissions and gain access.

“It’s been proven that a closed and secretive approach to security doesn’t work well,” he said.

“For the MoD to be as open as it has with providing authorised access to their systems is a real testament that they are embracing all the tools at their disposal to really harden and secure their applications.

“This is a great example to set for not only the UK, but for other countries to benchmark their own security practices against.”

Register now for one of the Evening Standard’s newsletters. From a daily news briefing to Homes & Property insights, plus lifestyle, going out, offers and more. For the best stories in your inbox,…