http://www.howitworksdaily.com HowIt Works 027
DID YOU KNOW? Black hat hackers attack computers and networks at a rate of once every 39 seconds
“I was
told if I
got caught
again then
I wouldn’t
get out”
Why did you become a black hat hacker?
At school I would finish my work in ten minutes
and spend the rest of the lesson play ing on the
computer. I was 10 or 11 when I stumbled across a
chatroom whose members taught me how to hack
- I was just a bored kid doing it for fun. I first got
into trouble in high school and was ordered to stay
away from computers, but I didn’t. With others, I
broke into secure government systems and was
caught again and spent four years in prison. I was
told if I got caught again then I wouldn’t get out.
In 2016 I discovered bug bounty programs [via the
‘HackerOne’ organisation] and could return to the
hobby I loved, but this time working for good.
Walk us through a typical hacking attack
When hacking a website, I pick a target that has a
bug bount y program and spend some time
looking at and using it.
Next, I look for interesting places where you
might be able to do something like upload files,
or where the website tries to fetch data from
another website.
I would then tr y to upload files that could
introduce a v ulnerabilit y, for example, if there is
an option to upload a profile picture. Then I could
potentially upload a code execution.
If there is an area like an RSS feed generator, I
can see if I can get it to pull data from an internal
ser ver that I shouldn’t have access to.
How do you see the future of hacking and
cyber security developing?
As more things are connected to the internet, we
will see more attacks on things in the real world.
25 years ago when I started out, we used to joke
about causing real-world damage; it wasn’t
feasible then, but it is now.
Tommy DeVoss started
hacking aged ten and was
jailed in 2000 for breaking
into military computers. He
now earns ‘bug bounties’ for
finding problems in company
computer systems
From child
hacker to
bug hunter
Former hackers
doing good are
helping to protect
us, says Tommy
© Courtesy of HackerOne