Why don't they just open up a special bank-account...
And dump 10 or 20.000 pounds or euro's in it and make it a
PWN2OWN contest...
(The winner can keep the money and gets the job !)
The Bank of England is planning to hire ethical hackers to conduct penetration tests on 20 "major" banks and other financial institutions, it has been reported. The move appears to be a response to lessons learned during the Waking Shark II security response exercise last November. The exercise put merchant banks and other …
Not a bad idea, but has a bit of a downside: whoever manages to own that account may have the temptation to do the same with the rest of the bank deposits and flee away to Barbados.
Not every ethical hacker keeps being ethical in the face of the chance of stealing a few millions.
Good question. If you want to trust me, or anyone else for that matter, with something sensitive, you better make sure that the reward for keeping it confidential has a higher value than the reward for not doing it.
Of course we have to include in that concept of value not only cold hard cash, but also everything else one may appreciate (and that maybe can't be purchased with money) in life. For example, perhaps being physically closer to friends and family for someone is more valuable than living in some remote country even if drowning in money.
"Good question. If you want to trust me, or anyone else for that matter, with something sensitive, you better make sure that the reward for keeping it confidential has a higher value than the reward for not doing it."
If you have no high ethical values, then you will be spotted no matter what. So, it's not that people need to trust you, its *you* who need that people trust you instead. Otherwise, good luck finding a well paid job.
> the Bank of England's “ethical hackers” will attack 20 major banks and other financial institutions
One of the things that old consultants tell young consultants is:
Teach them everything they know, but not everything you know.
So one should not be surprised if the "ethical hackers" don't hold back one or two of the juicier holes as a sort of pension plan. Maybe the plan needs some extra-ethical hackers (one's who've already made their pile) to watch over the merely "ordinarily" ethical hackers?
Oh, and don't have the penetration testers stationed too close to any international airports.
"It’s important to recognise that threats can often stem from insider hacktivists or a weak security culture in the back office [that] leaves sensitive data and apps open to abuse or theft."
If *ANY* organisation don't want to have insider hacktivists, the best thing they need to do is *BEHAVING* accordingly the word of law and ethos.
This post has been deleted by its author