Ethical hackers can now hack DARPA and earn bounty. DARPA FETT Bug Bounty

The Advanced Defense Research Project Agency (DARPA) announced the launch of Finding Exploits to Thwart Tampering (FETT), its first vulnerability rewards program, giving ethical hackers and cybersecurity researchers the opportunity to discover potential flaws in new processors.

DARPA reached an agreement with the Department of Defense’s Digital Defense Service (DDS) and Synack, an emerging security firm driven by crowdfunding. This project will be supported by artificial intelligence and machine learning systems to find potentially exploitable flaws, allowing researchers working on the various DARPA projects to improve their hardware defenses and address any security weaknesses.

To increase the community’s involvement of ethical hacking at FETT, Synack hosted a Capture-the-Flag (CTF) event, with which researchers got a chance to join Synack’s team. Researchers who succeeded in completing the challenges gained access to FETT defenses of security analysis.  

In this regard, Keith Rebello, DARPA program manager and FETT leader, said: “More than 500 researchers signed up for the evaluation at Synack, in the end only 24 qualified for the ‘Quick Pass’ of technical evaluation, which is attributed to the high bar established for qualified participants.” Rebello adds that DARPA is more than satisfied with the level of participation shown in this preliminary event. 

Qualified ethical hackers now have access to FETT Secure Processor instances, which are assigned to systems that will be developed in the early stages of the latest DARPA security programs, including 32-bit and 64-bit processors that are used in new defense deployments. On the other hand, Brett Goldstein, director of the Digital Defense Service, believes that integrating independent researchers into DARPA’s work is a breakthrough: “We need to leverage the best skills available to protect our nation.”

Within FETT, security researchers will analyze and explore secure hardware architectures and approaches developed by research teams from the University of Cambridge, the University of Michigan; Lockheed Martin; and the Massachusetts Institute of Technology (MIT), which have the most advanced systems in the field of cybersecurity. These institutions have developed complex hardware and software for comprehensive analysis of potential security risks, which will facilitate the work of ethical hackers in the near future.