Being a hacker is on its own illegal since hackers by definition steal personal information from people’s computers whether those people are individuals or part of an international big company. Yet, United Airlines gave free tickets available for one million miles, to two hackers who were able to discover weak points on the company’s security system.
This action was actually part of the “bug bounty” program with which the company congrats hackers who choose to inform the company for any potential security brinks instead of taking advantage of them and harming the company or not sharing the weaknesses to the Internet. “Schemes like this reward hackers for finding and disclosing problems in the right way. That makes the internet safer for all of us,” said security consultant Dr Jessica Barker. “Bug bounties are common in tech companies as they tend to understand online security a bit more, but other industries are catching up,” she added.
It is worth noting that those free miles are equal to the maximum reward that one can get from this specific program and it is probably more than 12 trips for each one of those two hackers.
The company’s spokesman stressed out that the said project is a big step to secure and upgrade the company’s internet security.
The idea on the other hand, to reward hackers who find weak points and share them only with the company is not something new. Numerous companies such as Yahoo, Google and Facebook are known, for many years now, to offer hackers financial motives to provide that kind services.
However, the two hackers who received the miles by United Airlines as a reward for their services are pledged to reveal nor the nature of the problem they discovered, neither any details on the security breaks.
Now as we mentioned above, paying hackers to hack into a company’s system is not something new and it’s not illegal either (as long as the company is doing the hiring).
In 2013 for example, a pair of private investigators in the Bay Area embarked on a fairly run of the mill case surrounding poached employees. But according to a federal indictment unsealed in February, their tactics sounded less like a California noir and more like sci-fi. In order to spy on the clients’ adversaries, prosecutors say, they hired a pair of hackers.
In fact, the bug bounty project does not exist only in United Airlines. It is also used by almost every company that wants to establish a powerful security system or improve an existing one. There are even sites such as www.quora.com which mentions companies that provide growth hacking services or growth hackers.
Fortune mentions on a relevant article: “In some cases, companies might correct the issue without so much as a “thank you.” Worse, they might ignore hackers’ warnings and leave their systems open to attack. Worse yet, they might contact law enforcement and sic investigators on the researchers.” So the solution to that is for the companies to set up bug bounty programs. It is working so far. So the guys who were the threat end up being precious helpers.