A surprising number of computer hackers earn over US$100,000 a year

But ‘good guy’ hackers are among those making a decent living through ‘bug bounty’ programmes

PUBLISHED : Thursday, 15 September, 2016, 12:11pm

UPDATED : Thursday, 15 September, 2016, 2:55pm

Comments:

People reported to the FBI that they paid a total of US$24 million in "ransomware" scams in 2015. Photo: Pichi Chuang/Reuters

Business Insider

More on this story

HackerOne co-founder Jobert Abma still hunts for computer bugs making an average US4,000 per bug found.
Photo: HackerOne Jobert Abma

Start-ups

Hacker makes US$100,000 a year as a 'bug bounty hunter’

3 May 2016

Ten-year-old Jani found he could delete other people's comments from Instagram using malicious code.
Photo: Getty images

Social & Gadgets

10-year-old boy hacks Instagram and is rewarded with US$10,000 'bug bounty'

5 May 2016

There’s no question that breaking into a computer and finding ways to get it to share its data or become a member of your zombie computer army is a valuable skill — a skill that can be used for good or evil.

We know that this skill pays well for those who use it for evil. It’s hard to track what the average high-end hacker earns, of course, but just one type of that sort of thing, ransomware, is said to be quite a lucrative business.

Ransomware is where a hacker finds a hole in your computer’s security and uses it to install software that locks your computer or its files, and will only unlock them once you pay a ransom. People reported to the FBI that they paid a total of US$24 million in such scams in 2015, and that number could be higher as it only counts those who reported the hack.

But it turns out, the good-guy hackers can also make a decent living by participating in what’s known as bug bounty programmes, according to new research from HackerOne, a start-up that orchestrates bug bounty programmes.

A bug bounty programme is when a company, (or government agency or other organisation) invites hackers to break into their software and then pays them bounties for the bugs they find. The more serious the bug or vulnerability, the bigger the bounty.

Google earlier this week announced that it would pay US$200,000 to a hacker who finds the best bug in Android, as part of its new “Project Zero Prize.” Second prize is US$100,000 and third is US$50,000. That kind of cash isn’t typical though.

For instance, Microsoft will pay between US$500 to US$15,000 for qualified bugs found in its new Edge browser.

But for those that dedicate themselves to it, they can make a nice living, or some serious moonlighting cash.

According to a survey of 617 successful hackers by HackerOne, half of them earn more than US$35,000 a year on bug bounties. Nearly 11 per cent are making over US$50,000, and 6 per cent are making more than US$100,000 per year.

Successful hackers are young too. Almost all of them are under age 35.

And while most of them say that they hack for the money, and for fun, over 50 per cent said that they also find these bugs just to help the world fight the bad guys.