In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. Soon, they had found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter and 95 other companies’ systems.
They called their list the Hack 100.
When they alerted executives of those companies, about a third ignored them. Another third thanked them, curtly, but never fixed the flaws, while the rest raced to solve their issues. Thankfully for the young hackers, no one called the police.
Now the duo, Michiel Prins and Jobert Abma, are among the four co-founders of a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers like them who are looking to solve problems rather than cause them. They hope their outfit, called HackerOne, can persuade other hackers to responsibly report security flaws, rather than exploit them, and connect those “white hats” with companies willing to pay a bounty for their finds.
In the last year, the start-up has persuaded some of the biggest names in tech — including Yahoo, Square and Twitter — and companies you might never expect, like banks and oil companies, to work with their service. They have also convinced venture capitalists that, with billions more devices moving online and flaws inevitable in each, HackerOne has the potential to be very lucrative. HackerOne gets a 20 percent commission on top of each bounty paid through its service.
“Every company is going to do this,” said Bill Gurley, a partner at Benchmark, which invested $9 million in HackerOne. “To not try this is brain-dead.”
The alternative to so-called moderated bug bounty programs is sticking with the current perverse incentive model. Hackers who find new holes in corporate systems can, depending on their severity, expect six-figure sums to sell their discovery to criminals or governments, where those vulnerabilities are stockpiled in cyberarsenals and often never fixed. Alternatively, when they pass the weaknesses to companies to get them fixed, the hackers are often ignored or threatened with jail.
In essence, the people with the skills to fix the Internet’s security problems have more reasons to leave the web wide open to attack.
“We want to make it easy and rewarding for that next group of skilled hackers to have a viable career staying in defense,” said Katie Moussouris, HackerOne’s chief policy officer, who pioneered the bounty program at Microsoft. “Right now, we’re on the fence.”
The Latest on: Hacking
via Google News
The Latest on: Hacking
- Man Offering Hacking Services for Bitcoin Gets 20-Month Jail Sentenceon August 16, 2019 at 6:18 am
A British man has been handed 20 months in jail and ordered to forfeit over £400,000 ($487,000) for offering hacking services and stolen private data in return for cryptocurrency. Nineteen-year-old ...
- Capital One hacking suspect hit dozens more companies, prosecutors sayon August 15, 2019 at 12:47 pm
Prosecutors say the woman accused of hacking Capital One had further victims. They didn't name the 30 organizations she allegedly targeted. Capital One isn't the only company that Paige Thompson ...
- Epoch Times Advertiser Deletes Facebook Page After Hacking Inquirieson August 15, 2019 at 12:24 pm
It’s not clear how the page ended up in the possession of The Epoch Times, an increasingly popular conservative news source in the U.S. Welcome to Pay Dirt—exclusive reporting and research from The ...
- US Cyber Command has publicly posted malware linked to a North Korea hacking groupon August 15, 2019 at 11:07 am
U.S. Cyber Command, the sister division of the National Security Agency focused on offensive hacking and security operations, has released a set of new samples of malware linked to North Korean ...
- Capital One Hacking Suspect Had Data From Other Targets, Officials Sayon August 14, 2019 at 5:07 pm
The software engineer accused of stealing the personal information of more than 100 million people from Capital One also obtained data from over 30 companies and other organizations, according to ...
- More critical Remote Desktop flaws expose Windows systems to hackingon August 14, 2019 at 5:00 pm
Microsoft has identified and patched several vulnerabilities in the Windows Remote Desktop Services (RDS) component -- formerly known as Terminal Services -- which is widely used in corporate ...
- Minnesota team places 2nd in national 'hacking' competitionon August 14, 2019 at 3:22 pm
MINNETONKA, Minn. — The world's largest hacking conference just wrapped in Las Vegas. DefCon, now in its 27th year, brings together thousands of hackers to compete and highlight changing trends in the ...
- Microsoft warns that Russia's APT28 is IoT hacking to access enterprise networkson August 14, 2019 at 6:32 am
Microsoft said it detected Strontium (APT28) targeting VoIP phones, printers, and video decoders.
- Learn the Art of Ethical Hacking with these Beginner-Friendly Courseson August 14, 2019 at 5:03 am
Ethical hackers are cybersecurity experts who are paid to find the weaknesses in software, networks and websites. As cyber crime becomes more dangerous, these skills are in demand. If you would like ...
- Hack in the box: Hacking into companies with “warshipping”on August 13, 2019 at 2:24 pm
LAS VEGAS—Penetration testers have long gone to great lengths to demonstrate the potential chinks in their clients' networks before less friendly attackers exploit them. But in recent tests by ...
via Bing News