Ukraine Ethical Hackers Bewildered as HackerOne Bug Bounty Platform Said To Halt Their Payouts (gadgets360.com) 28
Amid the ongoing disruption from Russia, some ethical hackers in Ukraine are feeling lost as bug bounty platform HackerOne has allegedly withheld their payouts. From a report: The loss due to the sudden halt is said to have mounted to hundreds and thousands of dollars. A few of the affected ethical hackers -- also known as cybersecurity researchers -- have taken the issue to social media. Some of them have also written to the platform to get clarity on why exactly it has disabled their payments in the middle of the humanitarian catastrophe in the country. Ethical hackers normally earn payouts ranging from tens and hundreds to over millions of dollars in the form of rewards through bug bounty platforms for reporting flaws in various Internet-based solutions. However, HackerOne is said to have suddenly stopped payouts for some Ukrainian hackers.
Earlier this month, HackerOne CEO Marten Mickos had announced, "[A]s we work to comply with the new sanctions, we'll withdraw all programmes for customers based in Russia, Belarus, and the occupied areas of Ukraine." On Monday, he clarified that the restrictions were for sanctioned regions - Russia and Belarus, not mentioning any clear details about the status of Ukraine. "That's a really weird situation," said independent security researcher Bob Diachenko, who has been associated with the San Francisco, California-based platform for the last two-three years now. The security researcher tweeted on Sunday that HackerOne stopped paying bounties worth around $3,000 for the flaws he reported. Alongside stopping payouts, HackerOne has removed its 'Clear' status from all Ukraine accounts. The status essentially allows ethical hackers to participate in private programmes run by various companies to earn a minimum of $2,000 for a high-severity vulnerability or $5,000 for a critical one. It requires background-check for researchers to participate in the listed programmes.
Earlier this month, HackerOne CEO Marten Mickos had announced, "[A]s we work to comply with the new sanctions, we'll withdraw all programmes for customers based in Russia, Belarus, and the occupied areas of Ukraine." On Monday, he clarified that the restrictions were for sanctioned regions - Russia and Belarus, not mentioning any clear details about the status of Ukraine. "That's a really weird situation," said independent security researcher Bob Diachenko, who has been associated with the San Francisco, California-based platform for the last two-three years now. The security researcher tweeted on Sunday that HackerOne stopped paying bounties worth around $3,000 for the flaws he reported. Alongside stopping payouts, HackerOne has removed its 'Clear' status from all Ukraine accounts. The status essentially allows ethical hackers to participate in private programmes run by various companies to earn a minimum of $2,000 for a high-severity vulnerability or $5,000 for a critical one. It requires background-check for researchers to participate in the listed programmes.
Re: (Score:2)
It's kinda nice. I don't see mass down voting of opinions for simply being unpopular.
Yeah, well, except that, given that your completely reasonable comment was posted AC and so is scored 0 so almost nobody's going to see it except reflected in my reply. Previously much of the mod abuse such as modding down people for 'reasonable' opinions when "There is no -1 disagree moderation" was being corrected reasonably systematically so I'd rather have that than have the valuable anonymous comments completely lost.
Re: (Score:1)
Premature? (Score:2)
Declaring the entire territory of Ukraine as "occupied" is premature, I think. Perhaps they read Russian news about Ukraine and took it at face value?
Re: (Score:2)
If you sanction Crimea in the name of sanctioning Russia without stating "occupied portions of Ukraine," you are implicitly granting that Crimea is part of Russia rather than an occupied region of Ukraine.
The whole gradual, violent transfer of power creates many sticky situations. Even the military aid that we provide to Ukraine - one must concede a fairly high risk it will end up in Russia's hands.
Re: (Score:2)
Ya, pretty sure this is a case of trying to thread a needle on doing what's right, what's required by international sanctions & not knowing how to define things. More literal fog of war vs malicious intent or lack of support for Ukraine.
Re: (Score:2)
If Ukraine falls into Russian hands, there will be great danger for the world no matter what you do before hand. Russia will never be satisfied with Ukraine, and the resources they gain would make them much more formidable. At least you have a chance to avoid great danger if you help Ukraine give Russia a black eye so they'll think twice before trying to invade their neighbours. A nation that so liberally uses force will only understand the language of force. Have we really lost the lessons of history?
Humanitarian Catastrophe? (Score:1)
Re: (Score:2)
Almost by definition, yes.
ethical hackers? (Score:2)
Re: (Score:2)
Would you prefer "people who participate in bug bounty programmes"?
Your paycheck doesn't matter? (Score:2)
> IMO the payouts shouldn't be a big issue for these people
Why, exactly, do you think their paychecks shouldn't matter to them? You figure anyone Ukrainian should just fucking starve to death?
> unless they're like the endless list of military industrial complex leeches trying to make a dime from conflict zones.
They didn't ask for Russia to invade their country and kill their families.
Wow you are one dumb fucker.
Re: (Score:2)
Come to think of it, let me make this more clear to you and take it a step further. You're calling the victims of an invasion "leeches trying to make a dime from conflict zones" because they want to get their paycheck from an American company they worked for.
You really should never open your mouth again. You're clearly too stupid to ever have an intelligent thought of any kind.
labor laws / contract laws? Or just F* gig wokers! (Score:2)
labor laws / contract laws? Or just F* gig workers!
Re: (Score:2)
A) Contract law is superseded by state-level economic sanctions. B) Gig workers don't have an employment contract.
Re: (Score:1)
Re: labor laws / contract laws? Or just F* gig wok (Score:2)
Uh, no. I do think it stops payment processors, which is the topic at hand.
Whats the problem? (Score:1)
By The Way (Score:1)
Hack All The Things! (Score:2)
https://knowyourmeme.com/photo... [knowyourmeme.com]
But not if you are cancelled out by the West though...