Amid continued interference from Russia, some ethical in Ukraine have been left bewildered as bug bounty platform has allegedly withheld their payments. Losses due to the sudden are said to have reached hundreds of thousands of dollars. Some affected ethical hackers – also known as cybersecurity researchers – have taken the issue to media. Some of them also wrote to the platform to find out why it stopped their payments amid the country’s humanitarian disaster.

Ethical hackers typically report flaws in various Internet- solutions through bug bounty platforms, and are paid anywhere from tens, hundreds to millions of dollars in rewards. However, HackerOne is said to have stopped some Ukrainian hackers.

Earlier this month, HackerOne CEO Marten Mickos Announce“[A]As we work to comply with the new sanctions, we are canceling all programs for customers in the occupied territories of Russia, Belarus, and Ukraine. “On Monday, he clarify The restrictions are for sanctioned regions – Russia and Belarus, mentioning any clear details about Ukraine’s status.

“This is a very strange situation,” said Bob Diachenko, an independent security researcher who has been associated with the San Francisco, California-based platform for the past two or three years.

HackerOne stopped paying around $3,000 (roughly Rs 2,30,000) worth of bounties for the vulnerabilities he reported, the security researcher tweeted on Sunday.

In addition to stopping payments, HackerOne also removed its “cleared” status from all Ukrainian accounts. This status allows ethical hackers to participate in private programs run by multiple companies to earn at least $2,000 (approximately Rs 1,53,100) for high severity vulnerabilities or $5,000 (approximately Rs 3,82,800) for critical exploits. It requires background checks on researchers to participate in the listed projects.

“HackerOne is a major source of income for me and many other researchers,” said independent security researcher Nick Mykhailyshyn. “Even stopping payments for a few weeks puts many people at risk.”

See also  Tame coronavirus, hairy social control blanket China

Mykhailyshyn wrote to HackerOne’s support team to find out if his payments were wrongly blocked and if the “cleared” status accidentally removed. He shared a screenshot with TechnologyShout, and the team’s response said the company was “exploring options to restore background check updates and get you back to clear, pending updates.”

The response also stated, “We recognize this is very frustrating to you, and we are working to address and that we comply with U.S. economic sanctions and export controls.”

Another hacker, Vladimir Metnew, shared Screenshot of a HackerOne support email sent to him, says all communications and transactions with Ukraine, Russia and Belarus have been suspended.

When the initial restrictions were announced earlier this month, HackerOne announced a donation of $25,000 (approximately Rs 19,14,300) to the United Nations Children’s Fund (UNICEF), with plans to match the donation to a dollar of up to up to $100,000 (approximately Rs 76,57,300) to support the -affected Ukrainian people for the next three months.

On Monday, HackerOne CEO Mickos also said the company conducting additional screening of hackers under sanctions rules.

“The wording of sanctions covers a wide range of financial and commercial areas. They were not written with ethical in mind. They are also updated frequently. Interpreting sanctions is complex. We have internal and external experts working on it,” Mikos Sayadding that he apologised for the delay and inconvenience caused by the hack on the platform.

However, the executive did not provide any clarity on whether the compensation earned by the Ukrainian researchers intentionally disabled.

See also  Alphabet's YouTube ad business hurt by Ukraine war: quarterly revenue misses expectations

TechnologyShout has reached out to HackerOne for comment on this matter and will update this article when the company responds.

HackerOne is one of the most popular bug bounty platforms among ethical hackers worldwide. According to the company’s internal report, in 2020 alone, it has more than 1 million registered hackers who have a total of $40 million (approximately Rs. 306 crore).