HOME

TheInfoList



Click Here for Items Related To - Bug Poaching
OR:
Bug Poaching on:   [Wikipedia]   [Google]   [Amazon]

Bug poaching is a cyberextortion tactic in which a
hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
breaks into a
corporate A corporation is an organization—usually a group of people or a company—authorized by the state to act as a single entity (a legal entity recognized by private and public law "born out of statute"; a legal person in legal context) and re ...
network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...
and creates an analysis of the network’s private information and
vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
. The hacker will then contact the corporation with evidence of the breach and demand
ransom Ransom is the practice of holding a prisoner or item to extort money or property to secure their release, or the sum of money involved in such a practice. When ransom means "payment", the word comes via Old French ''rançon'' from Latin ''red ...
.


Operation

Unlike a typical
ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...
attack, once information is stolen, a bug poacher will extort the company with information on how their system was breached, rather than the stolen data itself. IBM Security has found that a bug poaching campaign has targeted approximately 30 companies in 2015 which don’t have bug bounty programs.


Recovery of Files

Bug poachers have demanded up to $30,000 to share how they breached the system. Poachers do not immediately destroy or release stolen data. Some may choose not to pay bug poachers since they do not typically release the stolen data. However, you will need to hope that the data is not leaked.


A Grey Hat Technique?

Ethical hacking is often described as
white hat White hat, white hats, or white-hat may refer to: Art, entertainment, and media * White hat, a way of thinking in Edward de Bono's book ''Six Thinking Hats'' * White hat, part of black and white hat symbolism in film Other uses * White hat (compu ...
while the alternative is often termed
black hat Black hat, blackhats, or black-hat refers to: Arts, entertainment, and media * Black hat (computer security), a hacker who violates computer security for little reason beyond maliciousness or for personal gain * Black hat, part of black and white ...
. Bug poaching uses unethical behavior in requesting a ransom however uses the technique of alerting the company which is often used by ethical hackers. It therefore has a few attributes of each hat fitting at least one definition of grey-hat.


References

{{Reflist Cyberwarfare Hacking (computer security)