Bug poaching

From Wikipedia, the free encyclopedia
  (Redirected from Bug Poaching)
Jump to navigation Jump to search

Bug poaching is a cyberextortion tactic in which a hacker breaks into a corporate network and creates an analysis of the network’s private information and vulnerabilities. The hacker will then contact the corporation with evidence of the breach and demand ransom.[1]

Operation[edit]

Unlike a typical ransomware attack, once information is stolen, a bug poacher will extort the company with information on how their system was breached, rather than the stolen data itself. [2] IBM Security has found that a bug poaching campaign has targeted approximately 30 companies over the last year (June 2016) which don’t have bug bounty programs.

Recovery of Files[edit]

Bug poachers have demanded up to $30,000 to share how they breached the system. Poachers do not immediately destroy or release stolen data. Some may choose not to pay bug poachers since they do not typically release the stolen data. However, you will need to hope that the data is not leaked.[3]

A Grey Hat Technique?[edit]

Ethical hacking is often described as white hat while the alternative is often termed black hat. Bug poaching uses unethical behavior in requesting a ransom however uses the technique of alerting the company which is often used by ethical hackers. It therefore has a few attributes of each hat fitting at least one definition of grey-hat.[4]

References[edit]

  1. ^ Szebeni, Larry. "This Cyberextortion Tactic Is Even Scarier Than Ransomware". Apex Technology Services. Retrieved 23 June 2016.
  2. ^ Wysopal, Chris. "'Bug Poachers:' A New Breed of Cybercriminal". Dark Reading. InformationWeek. Retrieved 23 June 2016.
  3. ^ Thomson, Iain. "IBM warns of 'bug poachers' who exploit holes, steal info, demand big bucks". The Register. The Register. Retrieved 23 June 2016.
  4. ^ "Fake white hats turn to bug poaching". TechCentral.ie. TechCentral.ie. Retrieved 23 June 2016.