A man arrested by the FBI today for his alleged connection to the 2015 hack of CIA Director John Brennan also may have participated in an official US government program designed to test the cybersecurity of the Pentagon.
Justin Liverman, who goes by the handle "D3F4ULT," according to a press release by the US Attorneys Office for the Eastern District of Virginia, states on his LinkedIn page that he participated in the HackThePentagon program.
HackThePentagon was a so-called "bug bounty," a program by which hackers are paid, often by a third party, to find cybersecurity flaws in a company or organization. The company HackerOne administered this particular bounty; according to a blog post, the company accepted 1,400 hackers into the program, and they found 138 "valid bugs."
"No organization is so powerful that it does not need outside help identifying security issues, and this includes the Pentagon," wrote HackerOne CEO Mårten Mickos at the conclusion of the program, which ran from April to May 2016.
HackerOne would not confirm or deny whether Liverman participated in its HackThePentagon program. However, requirements for gaining clearance to submit to the bounty were lax. To qualify, hackers had to be US persons and couldn’t appear on the US Treasury Department's Specially Designated Nationals list of people and organizations engaged in terrorism, drug trafficking and other crimes, according to a Department of Defense press release.
According to the government statement released today, Liverman is alleged to be part of the so-called "Crackas with Attitude" hacker collective that over the past year "used 'social engineering' hacking techniques, including victim impersonation, to gain unlawful access to the personal online accounts of senior U.S. government officials, their families, and several U.S. government computer systems."
Among those government officials was CIA Director John Brennan, whose personal email account was hacked. That attack, reported in October 2015, came seven months before Liverman, according to his LinkedIn post, was accepted into the government-authorized program to hack the Department of Defense. That program was conceived by the Defense Digital Service, the Defense wing of the White House's Digital Service.