Bounty hunters are legally hacking Apple and the Pentagon – for big money

August 22, 2016

Nathaniel Wakelam became a bounty hunter when he was 18.

Now 21, it is his full time job. This month so far he has earned $21,150, in installments: he counted them out over the phone – “400, plus 400, plus 300, plus 100, plus 1,000, plus 3,000, plus 4,000…”

Wakelam’s month-to-month profit varies considerably, but in an average year, he said, he can comfortably clear $250,000, working from his home in Melbourne or on his Macbook in coffee shops or nearby bars.

He saves a lot of what he earns, and spends philanthropically; he runs a charity which links young hackers with mentors. Last year, he bankrolled a trip for six people to a conference in New Zealand, using his earnings from just 48 hours of work. “If you are able to get money doing something like that and it comes easily, I think you’ve got an obligation to help people around you,” he said.

Wakelam is one of a new generation of so-called “white hat” hackers. Unlike “black hat” hackers – who hack for criminal, nefarious, or destructive purposes – white-hat hackers make their living hunting for chinks in the digital armor of large companies in order to report them and collect an often generous reward.

There is no shortage of money to be made. This month, Apple joined the ranks of Facebook, Microsoft, Adobe, Tesla, Yahoo, and Google when it became the latest big tech firm to instigate a bug bounty program, offering prizes of up to $200,000 to bounty hunters who discover security vulnerabilities.

It’s not just private companies that are using bounty hunters to shore up their information security. The US Department of Defense (DoD) launched a pilot program in March called Hack the Pentagon. The first exploit was found, Rice said, within 15 minutes of the program’s launch. All in all, 58 participating hackers found 134 vulnerabilities in just three weeks, and the DoD paid out more than $70,000 in bounties.

Read full story…