‘White hat hackers’, who’re among the good ones — help companies detect bugs in their system, preventing attackers from accessing critical information or just messing things up. Every year, several tech companies, including Facebook, Google, Microsoft and other biggies, conduct bounty programmes which reward hackers to find a bug in their code, which helps them evade potential attack against their system. Some companies like Microsoft conduct annual competitions for the same and others like Google have incorporated this programme to be a year-long affair — paying handsome bounties to the tune of tens of thousands of dollars to hackers. Here we enlist the top five bounties collected by hackers from tech titans in the last few years.
Vasilis Pappas ($200,000) from Microsoft
Vasilis Pappas, a PhD student at Columbia University in 2012, won $200,000 at the Blue Hat Security contest in Las Vegas, for coming up with a programme called ‘kBouncer’ which blocks any Return-Oriented Programming (ROP) attack from running. An ROP attack is designed to disable or evade computer security controls of a programme, allowing access to execute an attack code.
James Forshaw ($100,000) from Microsoft
James Forshaw received a sum of $100,000 from Microsoft in 2013, for unveiling a security bug in the preview version of Windows 8.1, which would allow any attacker to circumvent the inbuilt defence mechanism of the software. The 34-year-old London-based security researcher had previously also won a bounty for finding a bug in Internet Explorer 11.
Peter Pi ($75,750) from Google Android
Google has had a bug bounty programme since 2010, but recently in 2015, they shifted to a year-long bounty programme. In their first year, Peter Pi found out 26 bugs in Google’s Android platform and was rewarded $75,750 for his efforts.
Joshua Drake ($50,000) from Google Android
Joshua Drake won $50,000 in 2015 for unearthing bugs related to Google’s Android platform. The security researcher came across a number of StageFright bugs, which allow hackers to have remote access to a users’ device, enabling them to control it too.
Andrew Leonov ($40,000) from Facebook
Andrew Leonov was recently awarded a $40,000 bounty from Facebook for finding a ‘remote code execution’ flaw with its open-source photo editing software, ImageMagick. The bug would’ve allowed harmful hackers to upload photos with malicious software, which when downloaded by a user can compromise their computer. The bug was reported by Leonov in October 2016 and was patched within a day. He received his reward in the following weeks, which was also the biggest bug bounty ever paid by the social media giant.