Government Bounties for All: White Hat Hacking Is Big Business | Motherboard

With government bounties, white hat hacking is big business

Shares

BY MEGHAN NEAL

In today's world, public enemy number one isn't likely to be the tough, tatted thug on a wanted poster. More and more, it'll be the brainy hacker in front of a computer screen, silently crafting cyberattacks from his workspace. And so are the good guys.

Governments need white hat hackers to sniff out security holes and bugs in computer systems before the wrong person finds them first—and they're willing to pay. Countries shell out hundreds of thousands of dollars to companies like ReVuln, the security firm profiled Sunday by the New York Times.

ReVuln's customers—which include Russia, North Korea, and, you guessed it, the NSA—are looking for flaws in their own networks so they can fix them, and in enemy networks, so they can exploit them. A simple error in code can give the buyer full access into software, reported the Times. The hackers are there to sniff it out.

The practice of paying "bug bounties" for hackers that hunt out security flaws has been around for ages. Microsoft, Google, and Facebook have all spent thousands to find and fix bugs in their own products. Though making sure your Chrome browser is working properly is a worthy endeavor, the stakes with governmental systems can be much higher. Considering how much work is effectively outsourced via boutnies, it's a pretty crazy thought to think that a relatively small group of private citizens are an important line of defense against cyberespionage and worse.

That's not to mention the threats at home. White hats from the security firm iSEC uncovered a security flaw that sent a shiver down consumers' spines last week. They discovered they could hack into a Verizon device used to amplify wi-fi signals and turn it into a spy machine that could listen in on the cellphone conversations of any nearby Verizon customers.

The signal-boosting device, known as a femtocell, has been something of an Achilles' heel for cybersecurity. Since it's essentially a tiny cellphone tower, it can pick up all the phone signals nearby. When it’s breached, the hacker can listen in on the calls of any Verizon customer nearby.

Read the full story on Motherboard

Photo via US Navy