{"id":17295,"date":"2016-11-18T01:38:05","date_gmt":"2016-11-18T06:38:05","guid":{"rendered":"https:\/\/digital.hbs.edu\/platform-rctom\/submission\/hackerone-helping-good-guys-protect-the-internet-from-pornhub-to-pentagon\/"},"modified":"2020-08-07T12:06:51","modified_gmt":"2020-08-07T16:06:51","slug":"good-guys-protecting-the-internet-from-pornhub-to-the-pentagon","status":"publish","type":"hck-submission","link":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\/","title":{"rendered":"Good Guys Protecting the Internet, From Pornhub To The Pentagon"},"content":{"rendered":"

Why Security Matters<\/strong><\/p>\n

In just one day, we create 2.5 quintillion bytes of data.[1]<\/a> A lot of this data is data we don\u2019t want others to know, like our bank account information, stuff we say behind our boss\u2019 back, or whom we are having affairs with. Yet we are bombarded with continuous streams of security breach horror stories such as 40 million Target shoppers getting their credit card information stolen, personally identifiable information of 78.8 million insurance policy holders floating around, and the whole world reading Sony producers\u2019 evaluation of Angelina Jolie: \u201ca minimally talented spoiled brat.\u201d [2]<\/a> [3]<\/a> [4]<\/a> Whether it\u2019s embarrassing or hilarious, a security breach often leads to lawsuits and has unfathomably heavy cost to company and its customers. Naturally, cybersecurity is becoming a priority for everyone.<\/p>\n

\"jolie\"<\/a>
[1] Jolie and Pascal post Sony Hack. Awkward…<\/figcaption><\/figure>Is Cyber Security\u00a0Rocket Science?<\/strong><\/p>\n

Guarding a website against hackers is incomparably more challenging and complicated than keeping burglars out of a house. Unlike a house, with a door and few windows, a digital property has a host of access points. Most digital property is also in continuous development; with new features and improvements, the product is always shapeshifting. Because developing and maintaining a product involve so many parties, including some third party APIs, it\u2019s hard to know what exactly is a product.<\/p>\n

Bug Bounty: There are Good Guys Out There\u00a0<\/strong><\/p>\n

In as early as 1995, big companies like Netscape figured out a way to reduce the risk of getting hacked: placing a bounty on a bug. [5]<\/a> \u00a0Although it sounds like an oxymoron, well-intended hackers exist. Companies can pay these white hat hackers<\/em>\u2014engineers who are skilled enough to find weaknesses but are not malicious enough to exploit them and commit crimes\u2014to test and identify vulnerabilities on their systems. Unfortunately, bug bounty did not pick up for a while because trust between companies and hackers, even ones whose intentions are good, was hard to establish.<\/p>\n

HackerOne\u00a0<\/strong><\/p>\n

HackerOne founders, Prins and Abma, were aforementioned white hat hackers who enjoyed hacking websites, but did not want to become criminals, and in fact thought about how companies could fix their vulnerabilities.[6]<\/a> Seeing how difficult it was for white hat hackers and companies to establish trust and interact, Prins and Abma built a platform connecting companies and hackers. (From now on, \u201chackers\u201d will be referred to as the PC synonym, security researchers.)<\/p>\n

By putting monetary value on bugs, HackerOne incentivizes security researchers to take the time to find loopholes and report them to the companies instead of using them for criminal activities. Companies can communicate and transact with security researchers through HackerOne, vetting vulnerability submissions, paying researchers, and building solutions together. Implications of white hat researchers protecting companies against the black hats, the bad guys, are far reaching: we can make the internet great again.<\/p>\n

\"[2]<\/a>
[2] Pornhub’s listing on HackerOne<\/figcaption><\/figure>
\"[3]<\/a>
[3] Pornhub’s bounty price list<\/figcaption><\/figure>An Unconventional Client List<\/strong><\/p>\n

Unsurprisingly, big tech companies like Facebook, Google, Uber have flocked over to start bug bounty programs on HackerOne, inviting white hat researchers to poke around their assets. In 100 days, Uber has paid $345,120 and fixed 161 unique vulnerabilities.[7]<\/a> This July, three security researchers made $22,000 from identifying a serious weakness from PornHub.[8]<\/a> The researchers never clarified why they were on Pornhub in the first place, but they did help protect the identities of Pornhub\u2019s 60 millions daily visitors. Even the Department of Defense recently hired HackerOne and have paid out $150,000 to \u201cHack the Pentagon\u201d, a productive campaign that would have cost $1M if they had hired a contractor.[9]<\/a><\/p>\n

\"[3]<\/a>
[4] Recent Bug Submissions on HackerOne<\/figcaption><\/figure>What\u2019s Next?<\/strong><\/p>\n

While companies like HackerOne provide researchers to stress test assets in the internet, I think a natural next step lies in physical assets. HackerOne resolved the issue of mistrust between researchers and companies and created a marketplace for bug discovery. If they were able to expand the scope of bug bounty to physical assets such as data warehouses or company sites, to prevent mischievous practices like tailgating or malicious USB sticks, I think companies would be able to enjoy added layers of security in their often neglected offline assets on top of online assets.<\/p>\n

 <\/p>\n

(Word count: 793)<\/p>\n

 <\/p>\n

[1]<\/a> “Bringing Big Data to the Enterprise.” IBM. Accessed November 17, 2016. https:\/\/www.ibm.com\/software\/data\/bigdata\/what-is-big-data.html.<\/p>\n

[2]<\/a> Pagliery, Jose., Riley, Charles. “Target Will Pay Hack Victims $10 Million.” CNNMoney. Accessed November 17, 2016. http:\/\/money.cnn.com\/2015\/03\/19\/technology\/security\/target-data-hack-settlement\/index.html.<\/p>\n

[3]<\/a> Elkind, Peter. “Sony Pictures: Inside the Hack of the Century.” Fortune. June 25, 2015. Accessed November 17, 2016. http:\/\/fortune.com\/sony-hack-part-1\/.<\/p>\n

[4]<\/a> Mathews, Anna. “Anthem: Hacked Database Included 78.8 Million People.” WSJ. February 24, 2015. Accessed November 17, 2016. http:\/\/www.wsj.com\/articles\/anthem-hacked-database-included-78-8-million-people-1424807364.<\/p>\n

[5]<\/a> Burningham, Grant. “The Rise of White Hat Hackers, Our Modern-day Web Cowboys.” Newsweek. January 31, 2016. Accessed November 17, 2016. http:\/\/www.newsweek.com\/2016\/02\/12\/white-hat-hackers-keep-bug-bounty-421357.html.<\/p>\n

[6]<\/a> ibid.<\/em><\/p>\n

[7]<\/a> Fletcher, Paul. “100 Days Into Uber Engineering’s Public Bug Bounty Program – Uber Engineering Blog.” Uber Engineering Blog. August 11, 2016. Accessed November 18, 2016. https:\/\/eng.uber.com\/bug-bounty-update\/.<\/p>\n

[8]<\/a> Spring, Tom. “PornHub Hack Earns Researchers $22,000.” Threatpost. July 25, 2016. Accessed November 18, 2016. https:\/\/threatpost.com\/pornhub-hack-earns-researchers-22000\/119450\/.<\/p>\n

[9]<\/a> Kuldell, Heather. “DOD Wants You to Hack the Pentagon Again and Again.” Nextgov. October 21, 2016. Accessed November 18, 2016. http:\/\/www.nextgov.com\/defense\/2016\/10\/dod-wants-you-hack-pentagon-again-and-again\/132539\/.<\/p>\n

Pictures<\/p>\n

[1] THR Staff. “Angelina Jolie Speaks Out for First Time on Insults From Sony-Hack Emails.” The Hollywood Reporter. November 5, 2015. Accessed November 18, 2016. http:\/\/www.hollywoodreporter.com\/news\/angelina-jolie-sony-hack-amy-pascal-837389.<\/p>\n

[2] “Pornhub on HackerOne.” HackerOne. Accessed November 18, 2016. https:\/\/hackerone.com\/pornhub.<\/p>\n

[3] “Pornhub on HackerOne.” HackerOne. Accessed November 18, 2016. https:\/\/hackerone.com\/pornhub.<\/p>\n

[4]\u00a0“New Hacktivity List.” HackerOne. Accessed November 18, 2016. https:\/\/hackerone.com\/hacktivity?sort_type=latest_disclosable_activity_at&filter=type%3Aall&page=1.<\/p>\n","protected":false},"excerpt":{"rendered":"

Cybersecurity should be on everyone's mind in this day and age, but it's very difficult to implement. Bug bounty programs mobilize the good guys of the internet to help companies protect themselves before the bad guys can hurt them. HackerOne establishes trust between hackers and companies and provides a marketplace for discovering and fixing bugs.<\/p>\n","protected":false},"author":2037,"featured_media":17301,"comment_status":"open","ping_status":"closed","template":"","categories":[2044,845,2478,502],"class_list":["post-17295","hck-submission","type-hck-submission","status-publish","has-post-thumbnail","hentry","category-cyber_security","category-cybersecurity","category-hackers","category-marketplace"],"connected_submission_link":"https:\/\/d3.harvard.edu\/platform-rctom\/assignment\/digitization-challenge-2016\/","yoast_head":"\nGood Guys Protecting the Internet, From Pornhub To The Pentagon - Technology and Operations Management<\/title>\n<meta name=\"robots\" content=\"noindex, nofollow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Good Guys Protecting the Internet, From Pornhub To The Pentagon - Technology and Operations Management\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity should be on everyone's mind in this day and age, but it's very difficult to implement. Bug bounty programs mobilize the good guys of the internet to help companies protect themselves before the bad guys can hurt them. HackerOne establishes trust between hackers and companies and provides a marketplace for discovering and fixing bugs.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\/\" \/>\n<meta property=\"og:site_name\" content=\"Technology and Operations Management\" \/>\n<meta property=\"article:modified_time\" content=\"2020-08-07T16:06:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/whitehat-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"370\" \/>\n\t<meta property=\"og:image:height\" content=\"198\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\\\/\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\\\/\",\"name\":\"Good Guys Protecting the Internet, From Pornhub To The Pentagon - Technology and Operations Management\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2016\\\/11\\\/whitehat-1.jpg\",\"datePublished\":\"2016-11-18T06:38:05+00:00\",\"dateModified\":\"2020-08-07T16:06:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\\\/#primaryimage\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2016\\\/11\\\/whitehat-1.jpg\",\"contentUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2016\\\/11\\\/whitehat-1.jpg\",\"width\":370,\"height\":198},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Submissions\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Good Guys Protecting the Internet, From Pornhub To The Pentagon\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\",\"name\":\"Technology and Operations Management\",\"description\":\"MBA Student Perspectives\",\"potentialAction\":[{\"@type\":\"性视界Action\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Good Guys Protecting the Internet, From Pornhub To The Pentagon - Technology and Operations Management","robots":{"index":"noindex","follow":"nofollow"},"og_locale":"en_US","og_type":"article","og_title":"Good Guys Protecting the Internet, From Pornhub To The Pentagon - Technology and Operations Management","og_description":"Cybersecurity should be on everyone's mind in this day and age, but it's very difficult to implement. Bug bounty programs mobilize the good guys of the internet to help companies protect themselves before the bad guys can hurt them. HackerOne establishes trust between hackers and companies and provides a marketplace for discovering and fixing bugs.","og_url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\/","og_site_name":"Technology and Operations Management","article_modified_time":"2020-08-07T16:06:51+00:00","og_image":[{"width":370,"height":198,"url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/whitehat-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\/","url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\/","name":"Good Guys Protecting the Internet, From Pornhub To The Pentagon - Technology and Operations Management","isPartOf":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website"},"primaryImageOfPage":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\/#primaryimage"},"image":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\/#primaryimage"},"thumbnailUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/whitehat-1.jpg","datePublished":"2016-11-18T06:38:05+00:00","dateModified":"2020-08-07T16:06:51+00:00","breadcrumb":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/d3.harvard.edu\/platform-rctom\/submission\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\/#primaryimage","url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/whitehat-1.jpg","contentUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2016\/11\/whitehat-1.jpg","width":370,"height":198},{"@type":"BreadcrumbList","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/good-guys-protecting-the-internet-from-pornhub-to-the-pentagon\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/d3.harvard.edu\/platform-rctom\/"},{"@type":"ListItem","position":2,"name":"Submissions","item":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/"},{"@type":"ListItem","position":3,"name":"Good Guys Protecting the Internet, From Pornhub To The Pentagon"}]},{"@type":"WebSite","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website","url":"https:\/\/d3.harvard.edu\/platform-rctom\/","name":"Technology and Operations Management","description":"MBA Student Perspectives","potentialAction":[{"@type":"性视界Action","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/d3.harvard.edu\/platform-rctom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/17295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission"}],"about":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/types\/hck-submission"}],"author":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/users\/2037"}],"replies":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/comments?post=17295"}],"version-history":[{"count":1,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/17295\/revisions"}],"predecessor-version":[{"id":37035,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/17295\/revisions\/37035"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media\/17301"}],"wp:attachment":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media?parent=17295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/categories?post=17295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}