Hackers Paid Big Money To Improve Cybersecurity

A new report shows that a growing number hackers are being paid big bounties by companies, organisations, and even the US government to discover bugs and protect the platforms and products that consumers use every day.

The report was released by a San Francisco company called HackerOne which serves as a platform that links hackers with companies and organisations that hope to improve their cybersecurity.

The data came from a survey of some 1,700 people and focused on so called "white hat" or ethical computer hackers who are collecting money or bug bounties to help protect companies instead of exploit their vulnerabilities.

The survey shows those bounties are increasing in number and size.

"The business has grown dramatically in the past year. The government is now a pioneer in this, which is positive...and the top bounties have increased a lot," said Marten Mickos, CEO of HackerOne, who added that the top bounty claimed is $100,000 but some clients offer up to $250,000 for discoveries of critical vulnerabilities.

HackerOne says a wide range of companies across different sectors are now using hackers, including companies such as Starbucks, Google, General Motors, Slack, Uber, Nintendo, Snapchat, Goldman Sachs, Toyota, and the US military.

"The US Air Force is highly secure but it took our hackers only 8 minutes to find the first vulnerability and in total we found something like 200 holes in their systems," said Mickos.

Joel Margolis, 20, is a junior in college and when he looks at his laptop screen, it's often not to play games or shop online. He's already become an accomplished hacker in a short time.

"I've been hacking for probably about 4-5 years," said Margolis, who adds he's already found bugs for major tech companies.

"Uber, Yahoo, Oath, AOL, all these companies. Huge companies. Facebook," Margolis said, "I found a bug on Google a couple months ago and like, anybody would expect that Google has the best security because everyone uses it. But just because it has a lot of use doesn't mean it has great security."

The report also looked at companies on the Forbes Global 2000 and found one common flaw. The report says 93% of those companies had no policy to receive, review, and resolve bug reports from outside their company.

Rebecca Jeschke, a spokeswoman and digital rights analyst with the Electronic Frontier Foundation says companies sometimes turn a blind eye to bugs.

"Lots of companies like to think that if no one knows about the bug then no one will exploit it. But that's not true," said Jeschke.

HackerOne's CEO says even in the tech-savvy Bay Area, there is a need for improvement.

"We have a problem in the world and in the SF Bay area that cyber security and computer science have been seen as two separate practices. They need to be one," said Mickos, "We need to design cybersecurity into the code from the very beginning."

HackerOne says their platform alone draws some 200,000 hackers to pursue bug bounties and they expect the number of these "white hat" hackers will only continue to grow.

KTVU:

You Might Also Read: 

US Air Force Hacked By Teenager:

HBO Offers Hackers $250,000 'bug bounty':

 

« Business Will Benefit From Artificial Intelligence
EU Cybersecurity Act Could Impact Cross-Border Data Flows »

Directory of Suppliers

Darktrace

Darktrace

Darktrace’s Enterprise Immune System is capable of detecting and responding to emerging cyber-threats, from within the network.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

Intelligence-sec

Intelligence-sec

Intelligence-Sec is a fully integrated Conferences and Exhibitions Company managing and producing topical events for the security industry.

ShoreTel

ShoreTel

ShoreTel is a leading provider of unified communications (UC) solutions including secure mobile and BYOD solutions.

Microsemi Corporation

Microsemi Corporation

Microsemi's portfolio of semiconductor and system solutions includes data protection and security for the data center.

Enforcive Systems Ltd

Enforcive Systems Ltd

Enforcive is a leader in the development of data security software and network security audit solutions for multiple platforms.

Digital DNA

Digital DNA

Computer forensics and cyber security investigation services

Peach

Peach

Protect your hardware and software systems with the world’s most advanced, effective, and cost-efficient security testing solutions.

CIRT.GY

CIRT.GY

CIRT-GY is the national Computer Incident Response Team for Guyana.

Digital Identity Solutions Europe (DISE)

Digital Identity Solutions Europe (DISE)

DISE provides intelligent solutions for digital identity management and identity-based services.

Centre for the Protection of National Infrastructure (CPNI)

Centre for the Protection of National Infrastructure (CPNI)

CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter cyber threats.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Guardian Analytics

Guardian Analytics

Guardian Analytics provides behavior-based anomaly detection solutions to proactively prevent online and mobile banking fraud.

VerifyMe

VerifyMe

VerifyMe has the ability to verify the authenticity and provenance of any material good and the identity of any person.

SaltDNA

SaltDNA

SaltDNA provides a solution for encrypted communications between mobile devices with full, centralized control for the enterprise.