Search This Blog

Powered by Blogger.

Blog Archive

Labels

Darknet follows bug bounty lead

Closed networks are not solely hotbeds of crime and depravity, now darknet marketplace too hopes on putting bounties on bugs which can help improve security for its clientele.

Dark net black markets are turning to bounty hunters to find security flaws in their systems. Hansa Market is one of them where anonymity is prized and exposure can lead to jail time. To keep its customers out of trouble, Hansa, a popular darknet marketplace for selling illicit goods, is following legitimate businesses by paying researchers for reporting security flaws.

According to CyberScoop, the marketplace, which brought in $3 million last year, has launched a bug bounty program offering rewards worth up to 10 BTC or around $10,000. The biggest bounty worth 10k is reserved for "vulnerabilities that could severely disrupt HANSA's integrity."

Considering marketplaces like Hansa sell drugs, illegal firearms, log-ins and other data, the websites likely want to amp up their security measures to protect their sellers from law enforcement. They also likely want to protect all the log-in/password dumps and other data for sale from other hackers who might break into their system to steal them. Last week, Hansa announced on Reddit that it had launched a bitcoin bug bounty to keep clients safe.

Companies frequently create private networks to enable employees to use secure corporate servers, for example. And free software allows individuals to create what are called “peer-to-peer” networks, connecting directly from one machine to another.

Unable to be indexed by current search engines, and therefore less visible to the general public, subnetworks like these are often called “darknets,” or collective as the singular “darknet.” These networks typically use software, such as Tor that anonymizes the machines connecting to them, and encrypts the data travelling through their connections.

Bug bounties are gaining in popularity in the world of legitimate business as a means of improving product security.

However, Sarah Jamie Lewis, a privacy researcher who worked on Dark Web security tool OnionScan, doesn't believe bug bounty programs could help dark net websites much because she believes that bug bounties are only a patch, we really need new privacy-oriented software stacks, servers, blog platforms, etc.

And some of what is on the darknet is alarming.

“Perusing the darknet offers a jarring jaunt through jaw-dropping depravity: Galleries of child pornography, videos of humans having sex with animals, offers FOR SALE of illegal drugs, weapons, stolen credit card numbers and fake identifications for sale. Even human organs reportedly from Chinese execution victims are up for sale on the darknet,” read a story from Fox News.

But portraying the darknet as primarily, or even solely, for criminals ignores the societal forces that push people toward these anonymous networks. One major darknet, called Freenet, indicates that darknets should be understood not as a crime-ridden “Wild West,” but rather as “wilderness,” spaces that by design are meant to remain unsullied by the civilising institutions—law enforcement, governments and corporations—that have come to dominate the internet.
Share it: