For three weeks between December and January, the Government’s systems were under continuous attack by an army of over 400 hackers, looking for ways to slip past security systems.
But the hackers weren’t criminals. Instead, they’re “white hat” (or ethical) hackers, using their skills to test online security under a hacking challenge named the Government Bug Bounty Programme.
The programme, run by the Government Technology Agency (GovTech) and Cyber Security Agency (CSA), recruited both local and overseas hackers to find vulnerabilities in five government systems that could be accessed over the Internet.
Singapore’s Ministry of Defence previously ran a similar programme.
To participate, the white hat hackers had to be registered and have their credentials checked by HackerOne, a US-based bug bounty company appointed to manage the programme.
They also had to sign an agreement not to leak information about any vulnerabilities they found, The Straits Times reported.
According to a joint statement from GovTech, CSA and HackerOne, a quarter of the hackers that signed up were from Singapore.
Seven of the top 10 hackers in the programme were also from Singapore, it added.
In total, 26 bugs were discovered after three weeks, the statement said. Of these, seven were considered “low” severity, 18 were “medium” severity, and one was of “high” severity.
A total of US$11,750 (S$15,927) had been paid out to the hackers who found the 26 bugs, with rewards ranging from US$250 to US$10,000, depending on the bug’s severity.
Senior Minister of State for Communications and Information Janil Puthucheary said at the the Committee of Supply Debate on Monday (Mar 4) that he was “happy” at the level of participation from the local cybersecurity community in the programme.
“I hope some of the participants have applied for jobs here at CSA,” he added.
The joint statement added that the Government plans to expand the programme to include more systems and websites.