Teen hacker Santiago Lopez from Argentina has become the world’s first white-hat hacker to earn a million dollars from bug bounties.
Lopez a.k.a @try_to_hack (his online moniker) started flagging up security weaknesses to companies via vulnerability coordination and bug bounty platform, HackerOne.
Since embarking on his legal hacking career in 2015, he has reported more than 1,600 security flaws to organisations, including social media platform Twitter and Verizon Media Company, as well as private corporate and government entities.
Inspired by the movie Hackers, Lopez taught himself how to hack watching free online tutorials and reading popular blogs.
At the age of 16 he earned his first bounty of $50 and was motivated to continued hacking after school. He now hacks full-time earning nearly 40 times the average software engineer salary in Buenos Aires.
White-hat hackers like Lopez can earn funds through bug bounties, which is a cash reward given to a hacker who reports a valid security weakness to a company. Offering bug bounties is rapidly becoming a popular way for organisations to identify vulnerabilities that expose them to cyber attacks.
Numerous global companies including the US Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, and Intel have partnered with HackerOne to discover more than 100,000 vulnerabilities and award more than $45m (£34m) in bug bounties.
Luta Security CEO and cybersecurity expert, Katie Moussouris, said that bug bounties although useful weren’t a “silver bullet”. Moussouris, who created the bug bounty at Microsoft, warned that if badly implemented such programmes could see talent leaving organisations in favour of pursuing bug bounties, and thus damage the talent pipeline.
Commenting on his success, Lopez said, “to me, this achievement represents that companies and the people that trust them are becoming more secure than they were before, and that is incredible. This is what motivates me to continue to push myself and inspires me to get my hacking to the next level.”
HackerOne CEO Marten Mickos, said of Lopez, “the entire HackerOne community stands in awe of Santiago’s work. Curious, self-taught and creative, Santiago is a role model for hundreds of thousands of aspiring hackers around the world.
“The hacker community is the most powerful defence we have against cybercrime. This is a fantastic milestone for Santiago, but much greater are the improvements in security that companies have achieved and keep achieving thanks to Santiago’s relentless work.”
HackerOne’s latest report revealed that it has now paid out more than $42m (£31.7m) to hackers for 93,000 bug bounties, and that white-hat hacker earnings in 2018 totalled $19m (£14.3), up from $9.3m (£7m) in 2017.
Luke Tucker, senior director of community and content at HackerOne, said of this growth: “With the frequency of cyber attacks swelling to new highs, companies and government organisations are realising that to protect themselves online, they need an army of highly skilled and creative individuals on their side – hackers. As more organisations embrace the hacker community, the safer customers and citizens become.”