US should pay hackers who find threats, says analyst

CIA Mr Geer develops technology for US security agencies

Related Stories

The US government should pay hackers who indentify significant cybersecurity threats, a respected risk analyst has proposed.

Dan Geer said large bounties would prevent the vulnerabilities from ending up in the hands of criminal gangs or hostile authorities.

Mr Geer, whose tech firm assists the CIA, was referring to previously unknown security flaws, for which a patch is not yet available.

They are often used in cyber-warfare.

Tech news site the Register reported that Mr Geer, who made the suggestion in a keynote address at the Black Hat cybersecurity conference in Las Vegas, said the tactic would only work if there were few vulnerabilities in existence.

"If there are many vulnerabilities, then we've wasted our money," he reportedly said.

Could airport security be hacked?

"But if there are a limited number, by making them not weaponisable have we not contributed to world peace?

"The US can corner the market in this in a way few other countries can."

Mr Geer added that the government should consider paying 10 times more than anyone else would for the vulnerabilities.

Once a patch was found, authorities should make the vulnerabilities public, he advised.

Hotel take-over
Starwood Hotels Jesus Molina was able to hack the network of a Chinese hotel

Other cybersecurity experts unveiled their research at the annual conference.

Jesus Molina explained how he had taken over a hotel in Shenzhen, China, after hacking into the central system via a guest iPad in his room.

Mr Molina said he was able to control the rooms' temperature, lighting and even the hotel doors.

Another cybersecurity professional, Billy Rios, claimed to have found multiple vulnerabilities in the tech used by the US Transportation Security Administration (TSA) in airports.

He said he could gain access to the TSA's X-ray machines, as well as a system that tracks employees' shift changes and the scanners used to detect hazardous materials in luggage or clothing.

"They all have major issues," Mr Rios told the BBC.

However a representative of the company that develops the airport technology, Morpho, denied the devices were vulnerable to attack.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories


Features & Analysis

  • Dana Lone HillDana Lone Hill

    The Native American names that break Facebook rules

  • Painting from Rothschild collectionDark arts Watch

    The 50-year fight to recover paintings looted by the Nazis

  • Mukesh SinghNo remorse

    Delhi bus rapist says victim shouldn't have fought back

  • Signposts showing the US and UK flagsCrossed lines

    How British misunderstanding of the US is growing

BBC Future

(US Navy)

The world’s noisiest spy plane

The Soviet giant that still soldiers on


  • 3D model of Christ the Redeemer statueClick Watch

    Using drones to 3D map the famous Brazilian landmark Christ the Redeemer

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.