Swisscom info and facts

Swisscom has the Customer Center attacked by hackers

Berne, 19 September 2016

Starting today, Swisscom will be letting IT hackers test the security of the Customer Center. Through the cooperation with HackerOne Inc., an American start-up company, IT security experts from all over the world have been invited to attack a copy of the Swisscom Customer Center. This copy does not contain any customer data, which means any successful attacks will only provide access to anonymised dummy data.

Unlike usual security tests, which are carried out by individual experts from one company, Swisscom is relying on the “Crowd Security” approach here. Hackers from all over the world, who have registered via the platform “HackerOne”, will be allowed to attack a copy of the Swisscom Customer Center during a period of six weeks. Any security gaps that are found will be reported immediately via HackerOne to a special Swisscom team, which will initiate the rectification of the weakness. A cash reward will also be provided to the finder. The amount will be based on the severity and difficulty of the gap, and it can amount to several thousand Swiss francs.

“It is important to bundle the expertise of the hackers in a positive form and provide legal incentives”, says Stephan Rickauer, Project Manager of the programme at Swisscom. With its assignment to HackerOne, Swisscom is making an important contribution towards this while simultaneously ensuring that any weakness found by the hackers does not find its way on to the illegal black markets. “Our offer is clear: show us our weaknesses, and we’ll reward you for it – legally”, says Stephan Rickauer.

Customer Center copy without “real” data

Swisscom is looking forward to receiving the results of the six-week test, which is restricted during this pilot to a copy of the Customer Center without any customer data. The findings of the hackers can therefore be used in full to optimise the security of the Customer Center, without revealing any customer data, which of course must be protected at all times. This innovative approach to increasing the quality of Swisscom services is a further component in the security strategy of Swisscom – as the best partner in the digital world.

About HackerOne

HackerOne is a company based in San Francisco that specialises in identifying IT security breaches. IT security experts from all over the world work for HackerOne on the basis of a bug bounty (a reward for any gaps found). The company has a subsidiary in (Netherlands), where mainly development work is carried out. In addition to Swisscom, the customers of HackerOne include companies like Twitter, Slack, Adobe, Yahoo, LinkedIn and Airbnb. HackerOne is the first company in the world to use the innovative approach of employing hackers from all over the world to optimise IT security.