Saturday, 01 April 2017 04:45

Darknet follows Google's bug bounty lead: But this cash is for flaws that expose shady traders


Now it's a darknet marketplace that hopes a bug bounty scheme can improve security for its clientele.

To keep its customers out of trouble, Hansa, a popular darknet marketplace for selling illicit goods, is following legitimate businesses by paying researchers for reporting security flaws.

It is one of many darknet marketplaces seeking to meet demand for anonymous trading once offered by fallen drugs bazaar Silk Road. With its buyers and sellers likely to be of interest to law-enforcement agencies as well as hackers, Hansa announced on Reddit last week that it had launched a bitcoin bug bounty to keep clients safe.

How does internet technology change the reality of what humans do? In this book, Jamie Bartlett explores some of the internet's wilder shores in search of an answer.

Bug bounties are gaining in popularity in the world of legitimate business as a means of improving product security.

Google has operated its bug bounties for six years, and more conventional organizations, including some automakers, airlines, and the US Department of Defense, are now using them to attract bug reports, often through bounty programs run by Bugcrowd and HackerOne.

For Hansa, being an arena where anonymity is prized and exposure can lead to jail time, the highest value rewards are for bugs that could result in users being identified.

Hansa's operators say they will offer 10BTC for any bugs that could "severely disrupt" Hansa's integrity in a way that would expose the IP address, or personal information of a user or seller. After last month's spike in the value of bitcoin, this sum is greater than $10,000.

Less critical bugs are valued at 1BTC each, while simple "display bugs or unintended behavior" will earn researchers 0.05BTC.

CyberScoop, which first reported the new bug bounty, notes that Hansa is responsible for about $3m in trade. The hidden website launched the bounty following reports of a bug on AlphaBay, another post-Silk Road marketplace, that exposed private messages containing user names and delivery addresses. According to CyberScoop, Hansa has already received reports of non-critical bugs.


Despite Hansa's intention to improve its own measures, security and privacy researcher Sarah Jamie Lewis told CyberScoop that the bounty is unlikely to achieve much for darknet markets.

"The problems pervading onions [the nickname for websites accessed on the Tor network] are caused by bad assumptions at the software design level, the reliance on web technologies designed for an internet without consideration for privacy," Lewis said.

"Bug bounties are only a patch. What we really need are new privacy-oriented software stacks, servers, blog platforms."

Author : Liam Tung

Source : zdnet.com


World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.