In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. Soon, they had found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter and 95 other companies’ systems.
They called their list the Hack 100.
When they alerted executives of those companies, about a third ignored them. Another third thanked them, curtly, but never fixed the flaws, while the rest raced to solve their issues. Thankfully for the young hackers, no one called the police.
Now the duo, Michiel Prins and Jobert Abma, are among the four co-founders of a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers like them who are looking to solve problems rather than cause them. They hope their outfit, called HackerOne, can persuade other hackers to responsibly report security flaws, rather than exploit them, and connect those “white hats” with companies willing to pay a bounty for their finds.
In the last year, the start-up has persuaded some of the biggest names in tech — including Yahoo, Square and Twitter — and companies you might never expect, like banks and oil companies, to work with their service. They have also convinced venture capitalists that, with billions more devices moving online and flaws inevitable in each, HackerOne has the potential to be very lucrative. HackerOne gets a 20 percent commission on top of each bounty paid through its service.
“Every company is going to do this,” said Bill Gurley, a partner at Benchmark, which invested $9 million in HackerOne. “To not try this is brain-dead.”
The alternative to so-called moderated bug bounty programs is sticking with the current perverse incentive model. Hackers who find new holes in corporate systems can, depending on their severity, expect six-figure sums to sell their discovery to criminals or governments, where those vulnerabilities are stockpiled in cyberarsenals and often never fixed. Alternatively, when they pass the weaknesses to companies to get them fixed, the hackers are often ignored or threatened with jail.
In essence, the people with the skills to fix the Internet’s security problems have more reasons to leave the web wide open to attack.
“We want to make it easy and rewarding for that next group of skilled hackers to have a viable career staying in defense,” said Katie Moussouris, HackerOne’s chief policy officer, who pioneered the bounty program at Microsoft. “Right now, we’re on the fence.”
The Latest on: Hacking
via Google News
The Latest on: Hacking
- North Korean hacking group Lazarus takes advantage of COVID-19 crisis to increase crypto cybercrimeson May 12, 2020 at 7:49 pm
Lazarus, the hacking group that’s allegedly involved with the North Korean govt, is stepping up its efforts to steal crypto. The group is using the present economic crisis to increase its profits from ...
- Johnny Depp Accuses UK Tabloids of Hacking His Phoneon May 12, 2020 at 5:36 pm
Johnny Depp is accusing tabloids of hacking his phone. The 56-year-old Pirates of the Caribbean actor has begun a legal case against News Group Newspapers, via a letter of claim, according to The ...
- Johnny Depp Accuses UK Tabloids Of Hacking Into His Phoneon May 12, 2020 at 4:36 pm
Depp is accusing the tabloids of "multiple breaches" of his privacy and "misuse of private information, including the illegal interception of his voicemail messages and other unlawful data gathering.
- Israel’s NSO Group Linked to Hacking Tool Pitched To U.S Policeon May 12, 2020 at 2:30 pm
A pitch for cellphone hacking technology sent to the San Diego Police Department in 2016 may add a new wrinkle to a lawsuit between WhatsApp and Israeli spyware manufacturer NSO Group.
- NSO Group Pitched Phone Hacking Tech to American Policeon May 12, 2020 at 8:03 am
A brochure and emails obtained by Motherboard show how Westbridge, the U.S. arm of NSO, wanted U.S. cops to buy a tool called Phantom.
- Hacking group puts millions of Zoosk dating profiles up for saleon May 12, 2020 at 7:03 am
If you have been trying to find love on the Zoosk app I’ve got some bad news for you. Hackers are offering for sale what they claim is the stolen account information of millions of online daters who ...
- Hacking technique makes millions of devices vulnerable, research findson May 11, 2020 at 8:53 am
A hacker left alone with your laptop can gain access to all your data “in under five minutes,” a Dutch researcher has discovered.
- US says Chinese hacking vaccine research: reportson May 11, 2020 at 7:39 am
The US Federal Bureau of Investigation and cybersecurity experts believe Chinese hackers are trying to steal research on developing a vaccine against coronavirus, two newspapers reported Monday. US ...
- Coronavirus Update: U.S. to Accuse China of Hacking, New Cluster in Wuhanon May 11, 2020 at 4:56 am
The U.S. plans to accuse China of attempting to steal information from coronavirus vaccine researchers, Elon Musk says he will move Tesla’s headquarters out of California, and China and South Korea ...
- Thunderbolt Flaws Expose Millions of PCs to Hands-On Hackingon May 10, 2020 at 6:00 pm
The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019.
via Bing News