Facebook Offers Cash To ‘Bug Bounty Hunters’ At DefCon Hacker Conference


Image by Getty Images via @daylife

At the DefCon hacker conferencethis weekend in Las Vegas, a team from Facebook has been making the rounds and delivering an unusual message: Please hack us. We’ll pay you for it.

The team, led by Facebook’s Chief Security Officer Joe Sullivan, is promoting the company’s new “bug bounty program,” which pays researchers to report security flaws in the social-networking site of more than 750 million active users.

Facebook will pay a minimum of $500 for valuable information so long as the hacker agrees to not disclose the flaw until the company has fixed it. Since the program was announced last week, Facebook has already paid out one bounty of more than $3,000, Sullivan said.

“It mobilizes a lot of great security experts all over the world who are passionate about security,” Sullivan told The Huffington Post. “Hackers like to hack. We’re basically saying, ‘We want you to hack our site and we want you find things and we’re happy to pay you.’”

To get paid, hackers must be the first to report the security flaw and must reside in a country not under U.S. sanctions. They must also adhere to the company’s disclosure policy, which says researchers must make “a good faith effort” to avoid privacy violations, destruction of data and interrupting the site’s service during research to avoid being sued or investigated by law enforcement.

Facebook is not the only company looking to pay hackers for security help. Earlier this week, Microsoft said it would offer up to $200,000 to researchers who design new security technologies. Google also offers from $500 to more than $3,000 to researchers who find security flaws.

Joe Sullivan (left), Facebook’s chief security officer, and Ryan McGeehan, Facebook’s security manager for incident response, at the DefCon hacker conference in Las Vegas

Facebook has been on high alert to potential malware since the discovery more than two years ago of Koobface, a quickly-mutating computer worm that spread across the social networking site. The worm, which was created by criminal hackers, often disguised itself by inviting users to click on an entertaining video.

Sullivan said Facebook has a dedicated engineering team that builds tools to catch spammers on the site.

“It’s a little bit of whack-a-mole, but they’re so effective at it and that’s why the vast majority of Facebook users have much less spam in their Facebook inbox than their email inbox,” Sullivan said.

Earlier this week, Facebook celebrated a legal victory when Sanford Wallace, the self-proclaimed “Spam King,” turned himself in to face charges he compromised about 500,000 Facebook accounts by sending large numbers of spam messages through the company’s servers.

Facebook’s bug bounty program is not the first time the company has asked for help from hackers. In June, the company hired George Hotz, the young hacker who gained notoriety in 2007 for “jailbreaking” Apple’s iPhone, or getting around the phone’s software controls.

Sullivan said DefCon is fertile recruiting ground for Facebook because the company is looking to hire people who live and breathe security.

“We try to only hire people who, when they’re hanging out on Saturday night, are thinking about security,” he said. “That’s the people who are here right now and that’s why we want to be there.”

Source :- http://www.huffingtonpost.com

  • Facebook Offers Cash To ‘Bug Bounty Hunters’ At DefCon Hacker Conference (huffingtonpost.com)
  • Kids and hackers, oh my! DefCon adds kids track (seattletimes.nwsource.com)
  • DefCon: Hacker Conference Exposes Lax Security Of Companies, Other Hackers (huffingtonpost.com)
  • Kids and hackers, oh my! DefCon adds kids track (sfgate.com)
  • Kids and hackers, oh my! DefCon adds kids track (seattlepi.com)
  • DEF CON: The event that scares hackers (cnn.com)

Freelance Web Developer
Tags:Chief security officer, , DEF CON, DefCon, Defcon Hacker, , Facebook Bug Bounty Program, Facebook Defcon, Facebook Joe Sullivan, facebook security, Facebook White Hat Security, George Hotz, , , , , , Joe Sullivan, Koobface, Sanford Wallace
© Social Media Blog