I have reported a number of times about the “bug bounty” programs used by private companies such as Google and Facebook as well as, more recently, the Department of Defense in which is now offering a “bug bounty” to vetted hackers who are able to identify vulnerabilities in their web pages and computer networks. Private companies, such as Google and Facebook have long made cash payments to independent hackers, sometimes called white hat hackers to distinguish them from the criminal black hat hackers, who identified vulnerabilities in their computer code. Generally, these bounties are between $500 and $15,000, however, Google has recently announced that it has doubled the reward that it will pay anyone who finds a flaw in the security of its Chromebook to $100,000. Google has paid out more than six million dollars in bug bounties since the program was started in 2010.
Now Facebook has announced that it has paid a $10,000 bounty to a ten year old boy from Finland who found a security flaw that enabled him to delete comments posted on Instagram accounts. The boy has become the youngest white hat hacker to ever receive a bounty from Facebook which has paid 4.3 million dollars to white hat hackers through its bounty program.
Bug bounties are a positive strategy for businesses and government to enhance cybersecurity. Although the ten year old white hat hacker used his talents for good, the fact that a ten year old boy has the technological sophistication to identify and exploit vulnerabilities in commonly used software programs must give us all a bit of concern. As for us as individuals, the best things we can do to protect our own cybersecurity is to keep our anti-virus and anti-malware software up to date on all of our electronic devices and refrain from clicking on links or downloading attachments in all forms of electronic communication until we have absolutely confirmed that the communications are legitimate. Otherwise, the risk of downloading malware is too great.