Ukraine Ethical Hackers Confused About Shutting Down HackerOne Bug Bounty Platform

Amid the ongoing disruption from Russia, some Ukrainian moral hackers feel lost because the Bug Bounty platform hacker has stopped paying them. The damage caused by the sudden shutdown is said to have mounted hundreds and thousands of dollars. Some of the affected ethical hackers – also known as cybersecurity researchers – have taken the issue to social media. Some of them wrote on the platform to get clarity on why it has disabled their payments in the midst of humanitarian catastrophe in the country.

Ethical hackers typically make between ten and hundreds of millions of dollars in rewards through bug bounty platforms for reporting errors in various Internet-based solutions. However, HackerOne has reportedly abruptly stopped paying for some Ukrainian hackers.

Earlier this month, Martin Mikos was the CEO of HackerWan Announcement“[A]”We are working to comply with the new sanctions. We will withdraw all programs for customers based in the occupied territories of Russia, Belarus and Ukraine.” To clarify Russia and Belarus did not elaborate on the situation in Ukraine, which was subject to sanctions.

“This is a very strange situation,” said Bob Diachenko, an independent security researcher who has been associated with the San Francisco-based California-based platform for the past two to three years.

The security researcher tweeted on Sunday that the hacker had stopped offering rewards of around $ 3,000 (approximately Rs. 2,30,000) for the errors it reported.

In addition to closing payouts, HackerOn has removed its ‘clear’ status from all Ukraine accounts. The status basically allows ethical hackers to participate in individual programs run by different companies so that they can earn a minimum of $ 2,000 (approximately Rs. 1,53,100) for a high-intensity vulnerability or $ 5,000 (approximately Rs. 3,82,800) for a complex one. Researchers need background checks to participate in the programs listed.

“Hackerwon was the primary source of income for me and many other researchers,” said Nick Mikhailishin, an independent security researcher. “Even stopping payments for a few weeks can put a lot of people at risk.”

Mikhailishin wrote to the HackerOn support team to find out if his payout had been accidentally blocked and if his ‘clear’ status had been accidentally deleted. He shared a screenshot with Gadgets 360 where the team was seen responding by saying that the company was “exploring the options available for restoring background check updates and will redirect you to clear, pending update results.”

“We acknowledge that this is extremely frustrating for you and we are working diligently to resolve and ensure that we comply with US economic sanctions and export controls,” the response said.

Another hacker, Vladimir Metneu, To share A screenshot of a HackerOne support email sent to him stating that all communications and transactions based in Ukraine, Russia and Belarus have been blocked.

When announcing the initial restrictions earlier this month, Hackerwon announced a $ 25,000 (approximately Rs. 19,14,300) grant to the United Nations Children’s Fund (UNICEF) and planned to match the donation with up to $ 100,000 (approximately Rs. 76). $ 57,300 for the next three months to help the people of war-torn Ukraine).

On Monday, HackerOne CEO Mikos added that the company was running hackers through additional screening based on approval rules.

“Sanctions have been put in place to cover a wide range of areas of finance and business. These were not written with ethical hacking in mind. They are updated frequently. Explaining the ban is complicated. Our internal and external experts are working on it, ”said Micos SaysHe added that he apologized for the delay and inconvenience caused by hackers on the platform.

The executive, however, did not specify whether the money earned by Ukrainian researchers had been deliberately deactivated.

Gadgets 360 has reached out to HackerOne for a comment on the matter, and its chief hacking officer and CISO Chris Evans has acknowledged delays in paying for some Ukrainian hackers.

“On behalf of everyone at HackerOn, I am really sorry for how our poor communication has created confusion and unwanted pressure for the Ukrainian hacker community,” Evans said in a prepared statement. “We have not and will not block the legitimate payments of Ukrainian hackers. We actively support the fight for Ukraine’s independence. For some Ukrainian hackers, the backend payment system has been delayed. Is doing. “

CISO also reiterated that HackerOne is not automatically making any bounty payments to UNICEF or any other charity. “We donate hackers’ rewards only to charities at their direction,” he said.

However, Evans’ statement, shared by HackerOne, did not specify whether the “clear” status was abruptly removed for Ukrainian researchers.

Hackeron Gadgets 360 redirects to an FAQ page on how it is resolving to revoke ‘clear’ status for Ukrainian researchers, stating that the chief hacking officer is communicating to resolve the issue and expedite background screening for the status.

“Our 15 Ukrainian hackers, including cleared status, have received a bad worded communication about additional background screening,” the FAQ page noted.

HackerOne is a popular bug bounty platform among ethical hackers around the world. According to the company’s internal report, its board has more than one million registered hackers who received a total of $ 40 million (about Rs 306 crore) by 2020.


Leave a Reply

Your email address will not be published.