DHS Announces “Hack DHS” Bug Bounty Program
dhs.govAka : "How to go to jail fast."
I don't care what a contract says, I would never openly try to hack US infrastructure even as an employee of a defense contractor.
Remember those pen testers who landed in jail last year despite being asked to perform a service?
https://www.cnbc.com/2019/11/12/iowa-paid-coalfire-to-pen-te...
https://www.cyberscoop.com/coalfire-security-pros-arrested-f...
Getting onto a watch list is easy, getting off one is impossible. While the authorities ultimately dropped charges after 4 months, both contractors have had their careers negatively impacted.
"The incident has had professional ramifications, too. DeMurcurio, a former U.S. Marine, had applied for a security clearance that suddenly seems to be held up in limbo. Wynn hasn’t been on a physical security assessment since he was arrested, citing concerns about being stopped outside a bank with a prior allegation of burglary against him."
I don't believe for a second that someone who hacks into some critical federal system even under contract will be given a nice payout rather than a comfy lifetime spot on a watch list.