There’s no question that breaking into a computer and finding ways to get it to share its data or become a member of your zombie computer army is a valuable skill — a skill that can be used for good or evil.
We know that this skill pays well for those who use it for evil. It’s hard to track what the average high-end hacker earns, of course, but just one type of that sort of thing, ransomware, is said to be quite a lucrative business.
Ransomware is where a hacker finds a hole in your computer’s security and uses it to install software that locks your computer or its files, and will only unlock them once you pay a ransom. People reported to the FBI that they paid a total of $24 million in such scams in 2015, and that number could be higher as it only counts those who reported the hack.
But it turns out, the good-guy hackers can also make a decent living by participating in what’s known as bug bounty programs, according to new research from HackerOne, a startup that orchestrates bug bounty programs.
A bug bounty program is when a company, (or government agency or other organization) invites hackers to break into their software and then pays them bounties for the bugs they find. The more serious the bug or vulnerability, the bigger the bounty.
Google earlier this week announced that it would pay $200,000 to a hacker who finds the best bug in Android, as part of its new “The Project Zero Prize.” Second prize is $100,000 and third is $50,000. That kind of cash isn’t typical though.
For instance, Microsoft will pay between $500 to $15,000 for qualified bugs found in its new Edge browser.
But for those that dedicate themselves to it, they can make a nice living, or some serious moonlighting cash.