A 19 year old Becomes a Millionaire by Hacking

A Teenager Becomes a Millionaire Through White Hat Hacking:

Hacking often refers to the breaching of information without a person’s consent or knowledge. It basically is the unauthorized intrusion into a computer or a network. It can be used to alter or change a system for different purposes or goals. Hacking can also mean the involvement of unusual or improvised alterations to equipment or processes.

A hacker has expertise in computer skills, and will know their way around systems and security features. They are often skilled programmers who use their technical knowledge to exploit bugs in order to break into computer systems.

The above-mentioned information is a very generic definition of hacking, It is what most people associate with “hacking” or “hackers”. They’re often used in a negative connotation, giving us the same feeling whenever we come across these words. However, it is very important to clarify that hacking is not only used in a negative sense. In fact, “ethical hacking” is on the rise.

“Ethical hacking” is also known as penetration testing. By definition, it is an act of intruding/penetrating into system or networks to find the threats and vulnerabilities in those systems which a malicious attacker may find and exploit, causing loss of data, These vulnerabilities could also lead to financial loss or other major damages. Ethical hacking or “white hat” hacking is different from intrusive or “black hat” hacking, in that its purpose is to increase and improve the security of the networks or systems. It does this by fixing the vulnerabilities found during testing. The tools and methods of ethical hackers might be similar or even the same at times, but the intentions and reasoning behind the act are totally different.

Recently, a teenager named Santiago Lopez made millions of dollars utilizing ethical hacking on HackerOne.

HackerOne is the number 1 ranked platform that helps organizations find and fix critical vulnerabilities that have the potential of destroying or exploiting your information in any sense. HackerOne is well known and has partnership with the U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,200 other organizations in order to find and protect them against all kinds of vulnerabilities.

Like most of the hackers, Lopez is also self-taught. His specialty and expertise lies in finding Insecure Direct Object Reference (IDOR) vulnerabilities.

Lopez first gained interest in this field from watching a movie about hacking. His interest grew in this area, and then he started watching and learning to hack from online tutorials and by reading blogs. At the age of 16 he signed up for HackerOne, not knowing what he was getting into. He knew that he had to hack into company databases and he kept his name @try_to_hack in order to motivate himself further. He still goes by this name. Once he had signed up for HackerOne, he earned his first fifty dollars in a few months and that’s what motivated him further and showed him a path that he could do it.

Lopez continued making the internet a better place for many people who are associated with and have put their entire trust in HackerOne. Lopez choose ethical hacking because; “To me, this achievement represents that companies and the people that trust them are becoming more secure than they were before, and that is incredible.”

So this is how Lopez, a 19-year-old teenager worked his way up in the hacker community and proved himself by earning the first million dollars of his life. His story is a textbook definition of how practice, enthusiasm and talent matters – and is needed to get the top spot in any field.


Hacking School Computers to Change Grades

Hackers recently targeted a Virginia high school in order to change the grades of multiple students. The hackers were able to obtain access to teacher accounts when they sent out a phishing link. The phishing link was included inside an email that pretended to be from the “Oaktown High School’s Honor Council” dedicated to “honor and integrity”. The link then directed the user to a malware site, which downloaded key logger software onto the computer.

A key logger records strokes on the user’s keyboard, including passwords and other sensitive data. That information is captured by the hacker, giving them the ability to access the user’s accounts.

Hacked School System

The Virginia high school hackers used their access to make several changes in the school system:

After the emails began circulating, there were multiple cases of grade changes being requested, as well as students’ passwords being changed and emails being sent through remote log-ins, according to the search warrant. The court document does not say whether the hackers were successful in changing any grades, and Fairfax County Public Schools officials declined to say. –The Washington Post

Hacking Grades Could Result in Heavy Charges

Law Enforcement haven’t found the high school hackers, but if they do, charges could be steep.

There was a recent case of a University of Georgia student who hacked into his professor’s computer in order to alter his grades. He was charged with over 70 counts of computer forgery and computer trespassing.

According to the Washington Post, these types of grade-changing hacks are increasing. There are also services for hire to help students change their grades through hacking, as well as YouTube tutorials.

Photo credit: Katy Levinson

CategoriesNewsSocial Media

2600 Magazine Offers $10K for Access to Donald Trump’s Tax Return

The Twitter account that represents 2600 Magazine – The Hacker Quarterly says they will offer $10K for first access to Donald Trump’s tax return. They also say that identities will be protected and provide a PGP key.

Twitter users responded with several funny comments:

There have been many recent attacks on the Democratic National Committee including the Guccifer 2.0/Wikileaks release of DNC emails and more recently a possible hack of some of the party member’s phones. Some say that hackers have been focusing too much on exposing the DNC and not enough on the RNC. Perhaps this is the opportunity they have been waiting for.

2600 has also extended the offer to Trump himself:


Facial Recognition gets “Hacked” Thanks to Facebook

Facial recognition technology is utilized in many different systems. Biometric software is used in facial recognition tools for security purposes and other applications such as social media marketing. Algorithms use a statistical approach to identify facial features – and facial recognition is increasingly used as a crime-fighting tool. In the future it could be used to monitor employee attendance at work, to enhance security measures at ATMs and to prevent voter fraud. Many privacy advocates see a problem with this technology because it could quickly turn us into a surveillance society.

University of North Carolina researchers have discovered a way to get around facial recognition security. By using a virtual reality (VR) system to develop 3D models of the face, they were able to trick the biometric security measures. They did this with just a handful of photos found on Facebook and were able to fool the systems more than half the time (Newsweek).

Clearly this is a huge security flaw in the technology which means other types of “verifiable data” would need to be used for authentication in order for facial recognition to be a feasible option. One technique that could be used is the detection of infrared radiation which would be given off by a real face, not a 3D model (Techworm).

For more information on how facial recognition technologies work, check out this video from Brit Lab:


NSA Hoards Zero Days; Doesn’t Disclose Them all to Vendors

The NSA does not always disclose the zero day vulnerabilities it finds to unprotected vendors. Some security flaws are kept secret “when they can be used to serve a clear national security or law enforcement need” (Wired).

The US National Security Agency (NSA) was hacked by a suspected Russian hacker group and many of their exploits and hacking tools were archived. Leaked information was made public that showed the NSA collects exploits and does not always disclose them to vulnerable vendors. When vulnerabilities are not disclosed, problems do not get fixed. The NSA appears to operate “on the premise that secrets will never get out. That no one will ever discover the same bug. That no one will ever use the same bug. That there will never be a leak” (Business Insider).

Unfortunately, as we are currently witnessing with this recent leak, other types of hackers are able to find the same bugs and those hackers could have more malicious intent than the NSA. When hackers obtain a trove of U.S. secrets, that could put the government and corporations worldwide in a susceptible position. For example, the leaked data includes information on breaching popular commercial firewalls. Emergency service providers, governments, financial systems and many businesses all rely on these firewall technologies.

Global networking company, Cisco Systems, confirmed last week that the NSA exploited an undetected severe vulnerability that allows remote attackers “who have already gained a foothold in a targeted network to gain full control over a firewall” (Ars Technica). The NSA knew about this vulnerability since 2013 and did nothing to stop it. Now that the data is leaked, Cisco fears that the information “could be used to breach its Adaptive Security Appliance (ASA) software used in its firewalls. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system”. It can be argued that these exploits would have been patched had the NSA disclosed the vulnerabilities instead of collecting them for their own use.

(Watch – Snowden discusses NSA hack, Cisco to cut 5,500 jobs, NASA preps an asteroid rocket):