Tuesday, Feb 10 2015

The Unlikely Career Choice: Hacking the Silicon Valley Elite

Written by

The Unlikely Career Choice Hacking the Silicon Valley Elite

The majority of IT professionals work to build or improve technologies, making them safer, faster, and more advanced. And then there are some who put their best efforts into exploiting those technologies — finding holes in them and attempting to tear them down.

They’re not malicious cyber-criminals. The descriptions are similar, but the motivations are entirely separate. So-called “white hat” hackers put their coding skills to work searching for chinks in the armor of software programs and platforms, which in turn helps the tech companies who design them improve the performance and safety of their products.

And sometimes, white-hat hackers get paid for exploiting the best of the best.

Google wants you to hack their products

For several years, software giant Google has been offering cash bounties to hackers and researchers who could find exploitable bugs in their offerings. One of the best-known of these rewards is the Pwnium competition, held for the fourth time annually in March 2014. The one-day hacking contest has served as a challenge for good-guy hackers to find a way into the company’s Chrome browser — all in the interests of making the Chrome experience safer for users.

Last year’s Pwnium 4 contest offered the highest rewards yet, with a total of $2.71828 million (the equivalent of the mathematical constant e) up for grabs. Google broke down the prize into six-figure rewards for each successful instance of:

  • Browser or system-level compromise in guest mode or as a logged-in user ($110,000 bounty)
  • Compromise with device persistence: guest to guest with interim reboot ($150,000 bounty)

For the 2014 event, thousands were awarded on-site, but there was only one confirmed big winner: $150,000 was awarded to a hacker known as Geohot. But the crucial takeaway from the competition was that Google Chrome is one of the safest browsers out there, hands down.

Ongoing rewards for exploiting Google offerings

Currently, no plans have been announced for Google to host Pwnium 5. However, the company maintains an ongoing Vulnerability Reward Program that pays hackers various bounties according to which product they manage to hack, and at what level.

Included in the eligible products for the reward program are the Chrome browser, any Google-owned web service including the search engine itself, YouTube and Blogger, the Google Play Store, and all Google-developed apps and extensions regardless of platform.

Applying technical skills in order to break technology might seem like an unusual career choice, but these friendly hackers help companies like Google make software, programs, and platforms safer and more functional for everyone by finding vulnerabilities before they can be exploited with malicious intent.