“Everybody needs a hacker” by Alexandre Dulaunoy is licensed under CC BY-SA 2.0.

Abstract: This article aims to explore in depth how hacker culture improves the security of digital media network environments, while also raising profound ethical, legal, and social issues.

1.The Background of Hacker Culture

The origin of hacker culture can be traced back to the early development stage of computer and information technology, especially in the late 1970s and early 1980s. During this period, computer technology began to enter the public eye, and the emergence of personal computers led people to explore the working principles of computer systems. These early hackers were usually technology enthusiasts who mastered computer skills through self-learning and collaboration.

Steven Levy’s “Hackers: Heroes of the Computer Revolution” is considered a classic study of hacker culture. Levy detailed the life and activities of early hackers in his book, especially at the Tech Model Railroad Club (TMRC) at Massachusetts Institute of Technology (MIT). This club is considered the cradle of hacker culture because it brings together a group of young people who are passionate about technology and begin to explore and improve computer technology(Levy, 1985). Levy also emphasized that hacker culture views knowledge as a shared social capital and opposes it with traditional knowledge protection models. 

“Hackers by Steven Levy” by matt hutchinson is licensed under CC BY 2.0.

2.  Digital media

Digital media has thoroughly transformed our lifestyles and social structures. However, with its rapid development, people are exposed to new threats. Cyberattacks, data breaches, malware, and other threats continue to emerge, posing unprecedented challenges to the security of the digital world. Due to cyberattacks or the intentional use of malicious tools and techniques like ransomware, it is estimated that these issues cost the global economy approximately $445 billion annually(Samtani et al., 2017). In this seemingly perilous digital media environment, hackers are often seen as the culprits. Nevertheless, the presence of ethical hackers, white-hat hackers, and bug bounty programs adds a complex and multifaceted dimension to their impact on cybersecurity.

3. Bug Bounty Program

When we talk about the positive significance of hacker culture, we must understand how bug bounty program plays a key role in it. Bug bounty program is a legal incentive plan to encourage security experts and ethical hackers to actively find and report security vulnerabilities and defects in software, network systems and applications(Walshe & Simpson, 2020). These vulnerabilities may be exploited by malicious hackers, leading to data leakage, system paralysis or other potential security threats. 

“Bug Bounty” by EpicTop10.com is licensed under CC BY 2.0.

Therefore, many organizations and large companies set up bug bounty program so that security vulnerabilities can be found and fixed in time, thus improving the security of their network environment. In response to cyber attacks, some companies provide cyber threat intelligence (CTI) reports to help organizations resist threats. However, the traditional CTI report has some shortcomings, including the lack of information about tools that have not been used for attacks and the lack of full understanding of the attackers(Samtani et al., 2017).

To address these issues, the academic community has proposed a more comprehensive and proactive CTI approach, which directly collects, identifies, and analyzes data from online hacker communities to better understand malicious tools and individuals. Hacker forums have become an important data source, including information on malicious tools and assets(Samtani et al., 2017).

4. Bug Bounty Program from the US Department of Defense

https://www.defense.gov/News/News-Stories/Article/Article/710033/hack-the-pentagon-pilot-program-opens-for-registration/

The U.S. Department of Defense released an important bug bounty program in April 2016 to improve the network security of its information technology system. This plan is called “Hack the Pentagon”(DOD News, 2016).

https://www.wired.com/story/hack-the-pentagon-bug-bounty-results/

Test and evaluate the network security of the Department of Defense by inviting legitimate white-hat hackers. This is also the first time that the US government has invited hackers to test its system. In this program, more than 1,400 hackers from all over the world participated in the pilot program and found about 2,100 vulnerabilities. During this period, the Ministry of National Defense solved 138 unique vulnerabilities and paid tens of thousands of dollars to 58 hackers(Newman, 2017).

“Hack the Pentagon” has become a successful example, which has inspired other government agencies to take similar measures. This mode of cooperation with ethical hacker community is helpful to improve the level of the whole network security industry. This action emphasizes the important role of legitimate hackers in helping organizations improve network security, and also provides a successful example for a wider bug bounty program.

“160617-D-SK590-153.JPG” by U.S. Secretary of Defense is licensed under CC BY 2.0.

5. Bug hunter of technology company

The rise of bug bounty program marks a new chapter in network security in the digital age. These programs encourage independent security researchers and hacker communities to actively participate in discovering and reporting potential vulnerabilities, thus bringing great benefits to the security of the network environment. Google, Meta(Facebook), Amazon, Apple and other large technology companies have started BBP, while small companies have adopted BBP platform (such as Hacker One), which is not only an important investment in network security, but also reflects their commitment to protecting user data and digital assets(Walshe & Simpson, 2020).

“Google Logo in Building43” by Robert Scoble is licensed under CC BY 2.0.

https://www.bleepingcomputer.com/news/security/google-paid-12-million-in-bug-bounties-to-security-researchers/

In 2022, Google paid more than $12 million in bonuses through its Bug bounty program to help it identify and fix more than 2,900 security problems in its system. Google paid bonuses to 703 researchers in 68 countries around the world to identify security issues. Among them, the highest reward is $605,000, which is used to explain in detail the exploitation chain of five vulnerabilities in Android(Ilascu, 2023).

In addition, Google paid a total of $4 million in 2022 for 363 vulnerabilities in Chrome browser and 110 security issues in Chrome. Google has been maintaining the bug bounty program since 2010 to identify vulnerabilities in Google products(Ilascu, 2023).

6. Potential risks

The vulnerability market emerged to provide an opportunity for programmers, end users and security professionals to report code vulnerabilities. And promoted the cooperation between the safety research community and organizations. This collaboration helps to share the latest threat information and security best practices, thus improving the security of the entire digital media system. However, with the passage of time, the vulnerability market has become a small industry serving many different stakeholders. There is moral hazard in the loophole market, because it may lead to the abuse and improper use of loopholes(Hoffman & Berghel, 2019).

Due to the opacity and lack of legal protection in the vulnerability market, many hackers will use bug bounty program to blackmail their companies to pay higher fees. The vulnerability market provides a selling channel for all kinds of computer threats, from government agencies to criminal organizations, which may be potential buyers. These markets are usually driven by consumers, but the motives are not necessarily consistent with the health of the software industry or the safety of end users(Hoffman & Berghel, 2019).

7. Conclusion

Nowadays, people are inseparable from the Internet. The hacker culture also shapes the different identities of the Internet. Bug bounty program has played an active role in improving the security of digital media environment, but it must be implemented under the premise of careful consideration to minimize potential risks and misconduct. This requires constant supervision and improvement to ensure the long-term success and effect of the plan. At the same time, the society should study and discuss these issues in depth in order to better understand the role of the BBP in the field of network security and its impact on the overall network security.

Reference List

A brief history of cybersecurity and hacking. YouTube. (2020, September 10). https://youtu.be/V6p7lFsokXo?si=GzYvxipAHl7OhSNS 

“Hack the pentagon” pilot program opens for registration. U.S. Department of Defense. (n.d.). https://www.defense.gov/News/News-Stories/Article/Article/710033/hack-the-pentagon-pilot-program-opens-for-registration/ 

Hoffman, A., & Berghel, H. (2019). Moral hazards in cyber vulnerability markets. Computer, 52(12), 83–88. https://doi.org/10.1109/mc.2019.2936635 

Ilascu, I. (2023, February 22). Google paid $12 million in Bug Bounties to security researchers. BleepingComputer. https://www.bleepingcomputer.com/news/security/google-paid-12-million-in-bug-bounties-to-security-researchers/ 

Levy, S. (1985). Hackers: Heroes of the computer revolution. Dell. ISBN : 0440134056 

Newman, L. H. (2017, November 10). The Pentagon opened up to hackers-and fixed thousands of bugs. Wired. https://www.wired.com/story/hack-the-pentagon-bug-bounty-results/ 

Samtani, S., Chinn, R., Chen, H., & Nunamaker, J. F. (2017). Exploring emerging hacker assets and key hackers for Proactive Cyber Threat Intelligence. Journal of Management Information Systems, 34(4), 1023–1053. https://doi.org/10.1080/07421222.2017.1394049

Walshe, T., & Simpson, A. (2020). An empirical study of bug bounty programs. 2020 IEEE 2nd International Workshop on Intelligent Bug Fixing (IBF). https://doi.org/10.1109/ibf50092.2020.9034828  

SID:520648328