Do you know who white hat hackers are and how their lives are?

In recent years, businesses and users have to constantly face large-scale online attacks, such as the attack on the WannaCry network in May 2017, or recently the attack. DDoS makes many big websites in the US paralyzed, not to mention thousands of cases of users being stolen credit card information and fraudulent payment system at stores, restaurants, retail units . Causing Out of these annoyances, no one else is the black hat hackers with the experience and knowledge inherent, these hackers make businesses miserable. However, on this front line still exists in the righteous way, there are still heroes with white hat hackers silently fighting day and night against these attacks.

White hat hackers have the same experience and expertise as black hat hackers, but instead of finding ways to attack the system, they take the time to research, prevent, prevent and report errors to owners. The system has security holes before it is exploited by bad guys.

Since 1983, some companies and organizations have been calling on hackers who can find bugs in some systems, browsers and many people have received awards from these programs. A few years later, these programs were expanded, culminating in 2011 when Google launched a "new test support package" for groups / individuals who discovered Chromium's bugs (Chromium is Chrome platform version) will receive an award of up to $ 1337 for serious vulnerabilities and $ 500 for other security flaws.

Currently a number of large technology companies like Snapchat, Dropbox, Tinder and Starbucks also offer award-winning programs of up to thousands of dollars, with this method both helping them recruit talent, and even security for the company.

Who are the white hat hackers?

According to HackerOne's report - a specialized platform that rewards hackers when they report security vulnerabilities to system owners - the majority of white-hat hackers operating on the platform live in India (23%) and the United States. (20%), Russia has 6%, Pakistan is 4% and Britain is 4%. They come from many different educational environments: 58% of hackers study on their own, 50% have studied computer science at university, 26.4% have studied this at high school. 90% of white hat hackers HackerOne's under 35, 50% under 25 and 8% are under 18 years old.

Although different starting points, these people share a common point that is extremely curious. These white-hat hackers often work very secretly, always searching for holes and then reporting to companies and businesses to receive worthy remuneration. Most of these white hat hackers usually start when they are very young.

Jack Cable is a typical figure in this white-hat hacker world. He started learning programming from the age of 12 through YouTube videos. Just like other Cable students have to do homework and math tests of high school. But, thanks to knowing about Cable programming accidentally discovered more than 200 holes of about 50 other companies. each other, including big companies like Uber, Bitcoin Exchange, and even the US Air Force.

In addition to class time, Cable spent most of the remaining time serving the community. Every day Cable often walks in a forum with about 150 hackers, where hackers often share, talk to each other about new hacking techniques, work together to find security holes even when they often compete with each other. to receive the prize.

In addition to Cable, white-hat hackers also knew Sean Melia, a longtime security engineer of Gotham Digital Science, who discovered more than 30 Yahoo errors and pocketed more than $ 22,000. After the first time, Melia became more passionate and spent a lot of time doing this, after work, he began to go online to continue to find errors and discovered more than 800 problems of more than 50 jobs. company from Uber, Twitter to Starbucks.

To be good at this case, apart from the big reward, Melia thinks that each person must have passion, because when you love something you will go further and be more successful.

Businesses explained that frequent hanging prizes for white-hat hackers are because, "people in blankets often do not know how to get angry," so they can hardly find a vulnerability coming from within. Outside hackers can be more experienced, more creative and find the nooks and crannies their own employees can't see.

Bug detection process

There are many ways for white-hat hackers to find vulnerabilities, with Melia discovering it by chance. Like every day, Melia uses the Stackbucks app to buy goods, and when he orders coffee, he realizes that if he changes his order code, he can modify someone else's order. This allowed him to send coffee to strangers' homes, or get someone else's order to send himself, so he would have free coffee. Melia then reported this error and received several thousand dollars in bonuses.

For Cable, his search process is constantly tested, the more intensive search you will find there are more interesting flaws than you think. However, this process takes time and perseverance. So don't stop trying, you will achieve success.

As for Melia, he likes the "black box", that is, when he opens an application or website, he will use it as a normal user, then he will try to find ways to edit the content or things. on the app in the direction that the app is not designed to do. In the meantime, he learns more information about the company as much as possible: how big their network is, how they target customers, how they are located, the structure of the app / web. what's strange .

Future

Now there are many people with very good skills, but they don't do these things because they don't want to be named hackers. Because the media as well as many people do not fully understand hackers, they will equate all and think that any hacker is a bad person. In addition, many places enact laws that make them skeptical about the hacking community. As the 1980 anti-phishing law describes the concept of "computer fraud" in a way that can be extended and covered by what the white-hat hacker group is doing, leading to them being able to fined a large amount of money or even imprisoned. Such barriers prevent hackers from sharing what they find, and it does not help much for the security industry.

See more:

1. In addition to white hat hackers and black hat hackers, what other colors are available to hackers? Is there any genuine work for them?
2. The white "monster master" hat hackers
3. Alibaba and the fortified Jack Ma wall made the Chinese hackers terrified