What is the first thing that comes to mind when you hear the word “hacker”?
Well, you’re probably thinking of a person in a dark room in front of a computer, going through codes on a neon-green screen, maybe even wearing a mask.
Like this guy:
The idea of the hacking wizard is that he magically logs into social media or bank accounts, damages systems, steals data, and then calls it a day.
The reputation hackers have started when the internet first flourished.
Computer criminals were described as hackers since the 1980s, and they were basically people with expert computer programming skills.
They would use bugs or exploits to break into computer systems and basically create a mess for banks, companies and individuals.
Who could have told us though, that years later these same people would make our lives better and most importantly, safer?
Today, well-established companies not only work very closely with these computer masterminds but also pay them a lot of cash to do what they do.
Confused?
Here’s how hackers managed to suddenly become the good guys who make millions.
Types of Hackers
Hacking is not an easy business. Maybe for some super-genius computer experts out there, but overall it is quite complicated.
There are actually three main hackers categories: Black hat, White hat, and Grey hat hackers.
Here’s what they do:
Black hat hackers: These are basically the bad guys. According to Norton’s website, this famous type of hackers has extensive knowledge about breaking security protocols and writing malware in order to access systems.
Black hat hackers are also usually searching for financial gains, but also destroy systems for fun, just because they can. How rude.
These guys have the power to create disruption and chaos by spreading malware in systems, steal data, and financial information or login credentials. They also seek to modify or destroy data as well.
White hat hackers: These are the good guys. They choose to use their computing and programming skills to bring any errors to the company’s attention.
They are also described as “ethical hackers” because their job is also to test the security systems by trying to break them, but all of this with the permission of the owner of the system.
This process is entirely legal because they are basically trying to find flaws in the programming security platforms and fix them. Courses, training, and certifications are even available on ethical hacking.
Grey hat hackers: Now these are the sneaky guys. This type of hacker is a bit of both black and white. (Hence the name)
What they do is, they will spot errors in a company’s programming or security system, and then ask for money in order to fix it.
If the owner doesn’t reply or pay them for their discovery, they might dare to exploit the error online. In simple words; blackmail.
These guys basically look for vulnerabilities in a system and then try to get something out of their discovery.
Types of Hacking
Besides the types of hackers out there, there are many reasons why someone would interfere with a company’s security system.
Here are some of these reasons:
Just for fun: Hackers are really smart, and they love what they do. So, many people do it just for fun, although the results for the companies or individuals being hacked can be catastrophic.
Additionally, hacking activity without the consent of the owner is viewed as an offence under the Computer Misuse Act 1990 “unauthorised access to computer material”.
There have been cases however like the one last year with the PewDiePie scandal, that aim to differ.
In 2018, an unknown individual with the pseudonym TheHackerGiraffe managed to hack 50,000 printers in order to spread the message in support of the YouTube star.
HackerGiraffe also claimed that he had discovered more than 800,000 vulnerable printers using the search engine Shodan used for finding vulnerable devices.
When the hackers managed to control printers worldwide, their message was to subscribe to PieDiePie’s YouTube channel, but also fix their printer settings for their own safety.
You can find out more about these “special” hackers by clicking here.
Political purposes: This might ring a bell from the 2016 Presidental elections in the US, between Donald Trump and Hillary Clinton. In such cases, politicians can resonate with hackers and gather personal information on voters.
Bug Bounty: Well-established companies such as Facebook and Twitter usually hire hackers to hunt down “bugs” in their systems in order to fix them.
Many hackers however often search for such careers on their own by trying to spot vulnerabilities known as “Zero Days”, and then report back to companies to get rewarded. Kinda like the grey hatters we mentioned, but nicer, as they won’t exploit the error publicly.
Professional Penetration Testing: These guys dig a little deeper into the systems compared to the bug bounty hunters.
Security tech companies have teams of hackers working just for them, and thanks to their impressive hacking skills manage to find important vulnerabilities before malicious hackers do.
If you’re one of these hackers, thank you in advance!
Legal Hacking
Having covered the different types of hackers and some of the reasons behind their activities, its time to get down to the really good stuff.
Either by working alone or within a company, at the end of the day, the majority of hackers do it to make money. And they can make a lot of cash.
Legal hacking, however, is the most ethical way to do this. Referring to the white hat hacking community, these guys have been protecting us for a very long time, and they’ve made millions.
They’re the little “tech angels” that protect our security platforms, programs, devices, bank accounts, and pretty much anything that connects to the internet.
High-tech companies usually pay out significant awards to hackers.
According to an article by The Guardian, back in 2015, an anonymous team of hackers got $1m for finding a security fault in Apple’s iOS operating system.
Similarly, CNBC posted an article last year stating that the “bug bounty” company Bugcrowd showed that hackers can now command up to $500,000 per year testing security flaws at companies that hire them.”
Another example is Microsoft, where they will pay up to $15,000 for an individual bug and up to $100,000 for previously unknown techniques in which developers might have to re-evaluate.
Hackers be like:
Since this hacking industry has been growing like crazy, companies like HackerOne can help connect researchers to companies that offer such tasks.
Google’s Quest
The most recent request made by a tech-giant regarding security was just a couple of days ago when Google announced that they’d give $1m to whoever can hack its phones.
Apple did the same thing in August of this year, regarding vulnerabilities in iPhones and Macs.
More specifically, Google is willing to pay anyone who can show off a unique hack on its Pixel 3 and 4 as long as they prove how they did it.
This means that anyone who is up for this challenge must break Google’s Titan M “secure element”; a chip which protects the device’s data by keeping an eye out for types of malware.
But it doesn’t stop there.
Google went on by offering an additional $500K for any exploits found on previous versions of Android. Other challenges include attacks that result in data theft and lock screen bypass for $500K.
Basically, if a hacker manages to do all of these things, they could end up with $2m or more!
(Meanwhile, us trying to learn how to hack)
In case you were wondering, according to Forbes, “Google will only give out the bigger bounties for research disclosed from November 21 onwards”.
Hackers Talk
The BBC interviewed the 19-year old Santiago Lopez from Argentina in March of 2019, as he is the first millionaire bug bounty hunter.
Santi gets paid to spot glitches in software and has worked for some of the biggest tech companies such as Twitter, Verizon, private companies, and the USA government.
He has managed to find over 1,600 bugs, protecting millions of people. When asked by the BBC reporter whether he feels like he’s making the internet better, the young hacker said “Yes of course. With each bug, you make the internet safer. It’s amazing!”
Santi also admitted that in the beginning, he was a little tempted of using his skills for bad hacking, but he wouldn’t risk going to jail for that. Tracking down bugs in systems for money is what saved him from doing it for all the wrong reasons.
Another 19-year old hacker interviewed by the BBC is Sam Curry from Nebraska.
This young hacker makes about $100K a year, by working 20 hours a week.
Sam is a proud white-hat hacker, and his job is to find glitches within the company’s security systems. Sam told BBC Minute: “It’s changed my life, it’s such a rush.”
His career debuted back when he was around 11-12 years old, and he’s always been obsessed about computers. Sam also stated that “The white-hat hacking community is super global. I have friends from dozens of countries. I really suck at most stuff that gets you a job. So, the fact that hacking has a reception for it financially is absolutely amazing.”
The Hackable Future
Bugcrowd CTO Casey Ellis told the CNBC that companies are desperately looking for new hackers to add to their growing cybersecurity testing teams. It is even believed that 3.5 million cyber jobs may be left open by 2021.
According to Ellis, the hackers making the most money have certain essential skills.
“They found a particular vulnerability class and they go after that over and over again at different companies. They will go all around cyberspace and try to find as many opportunities to exploit that vulnerability as they can” he said.
It is clear that the hacking community is growing really fast, and it makes sense since we are now living in a tech-dominated world.
Programs and devices keep evolving, and cybersecurity will always be a main issue and priority for companies.
Let’s just hope that as time goes by, the majority of hackers won’t be “wearing” a black hat!
