Bug Poaching
   HOME

TheInfoList



Click Here for Items Related To - Bug Poaching
OR:
Bug Poaching on:   [Wikipedia]   [Google]   [Amazon]

Bug poaching is a cyberextortion tactic in which a
hacker A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bug (computing), bugs or exp ...
breaks into a
corporate A corporation or body corporate is an individual or a group of people, such as an association or company, that has been authorized by the state to act as a single entity (a legal entity recognized by private and public law as "born out of s ...
network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...
and creates an analysis of the network’s private information and
vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...
. The hacker will then contact the corporation with evidence of the breach and demand
ransom Ransom refers to the practice of holding a prisoner or item to extort money or property to secure their release. It also refers to the sum of money paid by the other party to secure a captive's freedom. When ransom means "payment", the word ...
.


Operation

Unlike a typical
ransomware Ransomware is a type of malware that Encryption, encrypts the victim's personal data until a ransom is paid. Difficult-to-trace Digital currency, digital currencies such as paysafecard or Bitcoin and other cryptocurrency, cryptocurrencies are com ...
attack, once information is stolen, a bug poacher will extort the company with information on how their system was breached, rather than the stolen data itself. IBM Security has found that a bug poaching campaign has targeted approximately 30 companies in 2015, which don’t have bug bounty programs.


Recovery of Files

Bug poachers have demanded up to $30,000 to share how they breached the system. Poachers do not immediately destroy or release stolen data. Some may choose not to pay bug poachers, since they do not typically release the stolen data. However, you will need to hope that the data is not leaked.


A Grey Hat Technique?

Ethical hacking is often described as white hat while the alternative is often termed black hat. Bug poaching uses unethical behavior in requesting a ransom, however uses the technique of alerting the company which is often used by ethical hackers. It therefore has a few attributes of each hat, fitting at least one definition of grey-hat.


References

{{Reflist Cyberwarfare Hacking (computer security)