Feeds

Auction Web site offers $25,000 hacker bounty

News or publicity stunt? You make the call

  • alert
  • submit to reddit

Internet Security Threat Report 2014

On-line auction outfit Bidbay is offering a $25,000 bounty for information leading to the conviction of malicious intruders who shut down their operation intermittently for two days starting 7 September, rendering service unavailable to users.

The hacking underground is sure to resent the idea of offering financial incentives to rat on one's buds, but the company is unapologetic. "Our CEO feels that if you start talking to people's pocket books, you're more likely to get a response," Bidbay spokesman Tim Allison told The Register. "He takes it kind of personally when people mess with our site," Allison added.

The company believes it was not the ultimate target in the attack, but rather that the intruders broke in to commandeer Bidbay's gear for attacks on other targets. An aggressive port-scan is what rendered the service unavailable, gobbling up "over ninety megs of bandwidth on one server alone," a member of the engineering crew told us.

The company traced the attack back to a porno site, which it declined to name, which also came under attack; but the use of numerous intermediate machines made it impossible to pinpoint the true origin.

As the trail went cold, Bidbay bit the bullet, passed the hack logs on to the FBI, backed up their data, re-formatted and started fresh.

Perhaps this explains why there is such a modest amount of merchandise offered on the site, and why there should be so little bidding activity. With a few exceptions, categories advertised with fifty items often have one or none, and ones claiming over a hunderd often have ten or twenty. This could be a problem related to the hack, of course.

Another explanation could be that the hacking bounty is a bid for publicity in the guise of news. We don't know, but it wouldn't be the first time such a thing has happened.

Bounty hunters may e-mail Bidbay CEO George Tannous or ring 1-877-424-3229. The company says that all information offered will remain confidential. ®

Internet Security Threat Report 2014

More from The Register

next story
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.