Hackers Paid Big Money To Improve Cybersecurity

A new report shows that a growing number hackers are being paid big bounties by companies, organisations, and even the US government to discover bugs and protect the platforms and products that consumers use every day.

The report was released by a San Francisco company called HackerOne which serves as a platform that links hackers with companies and organisations that hope to improve their cybersecurity.

The data came from a survey of some 1,700 people and focused on so called "white hat" or ethical computer hackers who are collecting money or bug bounties to help protect companies instead of exploit their vulnerabilities.

The survey shows those bounties are increasing in number and size.

"The business has grown dramatically in the past year. The government is now a pioneer in this, which is positive...and the top bounties have increased a lot," said Marten Mickos, CEO of HackerOne, who added that the top bounty claimed is $100,000 but some clients offer up to $250,000 for discoveries of critical vulnerabilities.

HackerOne says a wide range of companies across different sectors are now using hackers, including companies such as Starbucks, Google, General Motors, Slack, Uber, Nintendo, Snapchat, Goldman Sachs, Toyota, and the US military.

"The US Air Force is highly secure but it took our hackers only 8 minutes to find the first vulnerability and in total we found something like 200 holes in their systems," said Mickos.

Joel Margolis, 20, is a junior in college and when he looks at his laptop screen, it's often not to play games or shop online. He's already become an accomplished hacker in a short time.

"I've been hacking for probably about 4-5 years," said Margolis, who adds he's already found bugs for major tech companies.

"Uber, Yahoo, Oath, AOL, all these companies. Huge companies. Facebook," Margolis said, "I found a bug on Google a couple months ago and like, anybody would expect that Google has the best security because everyone uses it. But just because it has a lot of use doesn't mean it has great security."

The report also looked at companies on the Forbes Global 2000 and found one common flaw. The report says 93% of those companies had no policy to receive, review, and resolve bug reports from outside their company.

Rebecca Jeschke, a spokeswoman and digital rights analyst with the Electronic Frontier Foundation says companies sometimes turn a blind eye to bugs.

"Lots of companies like to think that if no one knows about the bug then no one will exploit it. But that's not true," said Jeschke.

HackerOne's CEO says even in the tech-savvy Bay Area, there is a need for improvement.

"We have a problem in the world and in the SF Bay area that cyber security and computer science have been seen as two separate practices. They need to be one," said Mickos, "We need to design cybersecurity into the code from the very beginning."

HackerOne says their platform alone draws some 200,000 hackers to pursue bug bounties and they expect the number of these "white hat" hackers will only continue to grow.

KTVU:

You Might Also Read: 

US Air Force Hacked By Teenager:

HBO Offers Hackers $250,000 'bug bounty':

 

« Business Will Benefit From Artificial Intelligence
EU Cybersecurity Act Could Impact Cross-Border Data Flows »

Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

WEBINAR: How To Build A Detection And Response Strategy For Insider Threats

WEBINAR: How To Build A Detection And Response Strategy For Insider Threats

Thursday, 19 August, 2021 - In this webinar, SANS and AWS Marketplace will overview building a detection and threat hunting workflow, focusing on preventing insider activity.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

Infiltrate

Infiltrate

INFILTRATE is a deep technical conference that focuses entirely on offensive security issues.

Lorega

Lorega

Lorega is an independent insurance claims company. We offer a range of products that are available through UK insurance brokers, including providing assistance to businesses following a cyber attack.

Beame.io

Beame.io

Beame.io is an information security company that distributes open source authentication infrastructure based on encryption.

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

SWEDAC is the national accreditation body for Sweden. The directory of members provides details of organisations offering certification services for ISO 27001.

Liquid Intelligent Technologies

Liquid Intelligent Technologies

Liquid Intelligent Technologies is a leading communications solutions provider across Africa, providing reliable connectivity, hosting, co-location, and digital services including cyber security.

DECODE

DECODE

DECODE is the premier cyber security conference in the Philippines hosted by Trend Micro.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.