Hackers Paid Big Money To Improve Cybersecurity

A new report shows that a growing number hackers are being paid big bounties by companies, organisations, and even the US government to discover bugs and protect the platforms and products that consumers use every day.

The report was released by a San Francisco company called HackerOne which serves as a platform that links hackers with companies and organisations that hope to improve their cybersecurity.

The data came from a survey of some 1,700 people and focused on so called "white hat" or ethical computer hackers who are collecting money or bug bounties to help protect companies instead of exploit their vulnerabilities.

The survey shows those bounties are increasing in number and size.

"The business has grown dramatically in the past year. The government is now a pioneer in this, which is positive...and the top bounties have increased a lot," said Marten Mickos, CEO of HackerOne, who added that the top bounty claimed is $100,000 but some clients offer up to $250,000 for discoveries of critical vulnerabilities.

HackerOne says a wide range of companies across different sectors are now using hackers, including companies such as Starbucks, Google, General Motors, Slack, Uber, Nintendo, Snapchat, Goldman Sachs, Toyota, and the US military.

"The US Air Force is highly secure but it took our hackers only 8 minutes to find the first vulnerability and in total we found something like 200 holes in their systems," said Mickos.

Joel Margolis, 20, is a junior in college and when he looks at his laptop screen, it's often not to play games or shop online. He's already become an accomplished hacker in a short time.

"I've been hacking for probably about 4-5 years," said Margolis, who adds he's already found bugs for major tech companies.

"Uber, Yahoo, Oath, AOL, all these companies. Huge companies. Facebook," Margolis said, "I found a bug on Google a couple months ago and like, anybody would expect that Google has the best security because everyone uses it. But just because it has a lot of use doesn't mean it has great security."

The report also looked at companies on the Forbes Global 2000 and found one common flaw. The report says 93% of those companies had no policy to receive, review, and resolve bug reports from outside their company.

Rebecca Jeschke, a spokeswoman and digital rights analyst with the Electronic Frontier Foundation says companies sometimes turn a blind eye to bugs.

"Lots of companies like to think that if no one knows about the bug then no one will exploit it. But that's not true," said Jeschke.

HackerOne's CEO says even in the tech-savvy Bay Area, there is a need for improvement.

"We have a problem in the world and in the SF Bay area that cyber security and computer science have been seen as two separate practices. They need to be one," said Mickos, "We need to design cybersecurity into the code from the very beginning."

HackerOne says their platform alone draws some 200,000 hackers to pursue bug bounties and they expect the number of these "white hat" hackers will only continue to grow.

KTVU:

You Might Also Read: 

US Air Force Hacked By Teenager:

HBO Offers Hackers $250,000 'bug bounty':

 

« Business Will Benefit From Artificial Intelligence
EU Cybersecurity Act Could Impact Cross-Border Data Flows »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

enSilo

enSilo

enSilo secures customers data on premise or in the cloud. Regardless of the where the threat comes from, enSilo can protect your data.

Pradeo

Pradeo

Pradeo Security offers a complete, automatic and seamless protection to mobile devices and applications, aligned with your organization security policy while preserving business agility.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

achelos

achelos

achelos is an independent software development company providing innovative technical solutions for micro-processor chips / security chips and embedded systems in security-critical application fields.

OutThink

OutThink

OutThink is a web-based platform (SaaS) that has been developed specifically to identify and reduce risky workforce behaviours and build a risk aware culture.

Open Raven

Open Raven

Open Raven is the cloud native data security platform that prevents breaches driven by modern speed and sprawl. Restore full visibility and regain control within minutes, without agents.

Astaara

Astaara

Astaara is an integrated insurance services and risk management advisory business incorporating cyber risk advisory, underwriting and analytics.

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

Pelion IoT

Pelion IoT

Pelion Connected Device Services are the easiest way to securely connect and manage your devices, allowing you to focus on forging your future.

Nuance Communications

Nuance Communications

From revolutionizing the doctor-patient relationship to reinventing the way brands connect with their customers, Nuance technology helps organizations push the boundaries of what’s possible.

Harrison Clarke

Harrison Clarke

Harrison Clarke is a leading staffing and recruiting firm in the Cloud, Cybersecurity, Data & AI space.

Incode

Incode

Incode is the leading provider of world-class identity solutions that is reinventing the way humans authenticate and verify their identities online.

New Relic

New Relic

After inventing application performance monitoring (APM), New Relic stands at the forefront of observability with the most advanced platform for eliminating digital interruptions.

AFINE

AFINE

AFINE is a trusted advisor in the field of cybersecurity and pentesting.

Business Communications Inc (BCI)

Business Communications Inc (BCI)

BCI is a leading technology company known for its exceptional team of experienced engineers with a focus on providing top-notch technology and security products and services.