Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

Ukraine Ethical Hackers Bewildered as HackerOne Bug Bounty Platform Said To Halt Their Payouts (gadgets360.com) 28

Amid the ongoing disruption from Russia, some ethical hackers in Ukraine are feeling lost as bug bounty platform HackerOne has allegedly withheld their payouts. From a report: The loss due to the sudden halt is said to have mounted to hundreds and thousands of dollars. A few of the affected ethical hackers -- also known as cybersecurity researchers -- have taken the issue to social media. Some of them have also written to the platform to get clarity on why exactly it has disabled their payments in the middle of the humanitarian catastrophe in the country. Ethical hackers normally earn payouts ranging from tens and hundreds to over millions of dollars in the form of rewards through bug bounty platforms for reporting flaws in various Internet-based solutions. However, HackerOne is said to have suddenly stopped payouts for some Ukrainian hackers.

Earlier this month, HackerOne CEO Marten Mickos had announced, "[A]s we work to comply with the new sanctions, we'll withdraw all programmes for customers based in Russia, Belarus, and the occupied areas of Ukraine." On Monday, he clarified that the restrictions were for sanctioned regions - Russia and Belarus, not mentioning any clear details about the status of Ukraine. "That's a really weird situation," said independent security researcher Bob Diachenko, who has been associated with the San Francisco, California-based platform for the last two-three years now. The security researcher tweeted on Sunday that HackerOne stopped paying bounties worth around $3,000 for the flaws he reported. Alongside stopping payouts, HackerOne has removed its 'Clear' status from all Ukraine accounts. The status essentially allows ethical hackers to participate in private programmes run by various companies to earn a minimum of $2,000 for a high-severity vulnerability or $5,000 for a critical one. It requires background-check for researchers to participate in the listed programmes.

This discussion has been archived. No new comments can be posted.

Ukraine Ethical Hackers Bewildered as HackerOne Bug Bounty Platform Said To Halt Their Payouts

Comments Filter:
  • Declaring the entire territory of Ukraine as "occupied" is premature, I think. Perhaps they read Russian news about Ukraine and took it at face value?

    • Crimea is pretty clearly occupied "enough" that it should be included in the sanctions though?

      If you sanction Crimea in the name of sanctioning Russia without stating "occupied portions of Ukraine," you are implicitly granting that Crimea is part of Russia rather than an occupied region of Ukraine.

      The whole gradual, violent transfer of power creates many sticky situations. Even the military aid that we provide to Ukraine - one must concede a fairly high risk it will end up in Russia's hands.

      • by Fallon ( 33975 )

        Ya, pretty sure this is a case of trying to thread a needle on doing what's right, what's required by international sanctions & not knowing how to define things. More literal fog of war vs malicious intent or lack of support for Ukraine.

      • If Ukraine falls into Russian hands, there will be great danger for the world no matter what you do before hand. Russia will never be satisfied with Ukraine, and the resources they gain would make them much more formidable. At least you have a chance to avoid great danger if you help Ukraine give Russia a black eye so they'll think twice before trying to invade their neighbours. A nation that so liberally uses force will only understand the language of force. Have we really lost the lessons of history?

  • This is WAR. Is war a humanitarian Catastrophe?
  • Or hacking mercenaries for hire? IMO the payouts shouldn't be a big issue for these people unless they're like the endless list of military industrial complex leeches trying to make a dime from conflict zones.
    • by pjt33 ( 739471 )

      Would you prefer "people who participate in bug bounty programmes"?

    • > IMO the payouts shouldn't be a big issue for these people

      Why, exactly, do you think their paychecks shouldn't matter to them? You figure anyone Ukrainian should just fucking starve to death?

      > unless they're like the endless list of military industrial complex leeches trying to make a dime from conflict zones.

      They didn't ask for Russia to invade their country and kill their families.

      Wow you are one dumb fucker.

      • Come to think of it, let me make this more clear to you and take it a step further. You're calling the victims of an invasion "leeches trying to make a dime from conflict zones" because they want to get their paycheck from an American company they worked for.

        You really should never open your mouth again. You're clearly too stupid to ever have an intelligent thought of any kind.

  • labor laws / contract laws? Or just F* gig workers!

  • What's the problem? Facebook does this every day to "Researchers and Ethicial Hackers" who aren't under a security company. Withheld bounty for a CSRF I submitted and never paid, but fixed the bug. I posted it here, but BeauHD removed it like he always removes everything I post and why I'm going to sue Slashdot soon. Don't work for companies for free and find bugs for them when they can just screw you on payment. Find Exploits and Sell them. That is the only way you're guranteed the money...
  • What do you think is going to happen when companies start screwing over hackers? I mean if companies are going to mess with hackers, what do you think they're going to do back? I guess HackerOne is going to become a real target now. Find Exploits and Sell them, don't submit SHIT!
  • https://knowyourmeme.com/photo... [knowyourmeme.com]
    But not if you are cancelled out by the West though...

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...