The 'white hat' hacker

BEN GRUBB
Last updated 05:00 12/10/2012
Nathaniel Carew

WHITE HAT: Software firms are happy to have Nathaniel Carew hack their products.

Relevant offers

Digital Living

Big hopes for big data Uncapped broadband plans short on details Cortana v Siri: virtual assistants battle Growing industry has app developers racing 'Pinsex' and the rise of porn social media Miami youth group helped 'Cuban Twitter' Gates-funded student data group to shut down Turkish PM challenges social media in court Inside story of Mark Karpeles' Mt Gox

Nathaniel Carew makes a living protecting computer systems. In his spare time, he hacks into Google.

But far from trespassing, Carew has Google's blessing to explore its network. He is a "white hat" hacker, using his powers for good instead of evil by alerting companies to system vulnerabilities - the kind that typical hackers like to exploit.

"It's fun being able to use your skills and have a legal opportunity to audit Google," said the 32-year-old IT security professional from Melbourne, who also searches for flaws in other tech giants' websites in his spare time.

Apart from being fun, "white hat" hacking can also be lucrative. Over time Google has offered Carew $1500 for identifying problems, and has paid more than $500,000 to others in the "security research community" for identifying more than 500 security holes.

For his part, Carew turned the money down - instead accepting Google's offer to double the bounty and pay $3000 to his chosen charity, The Fred Hollows Foundation. But other hackers, including those attending Google's Pwnium hacking conferences, have been awarded as much as $60,000 each.

Google security engineer Chris Evans said the company's "security rewards" program is intended to help make users and the web safer.

"The more eyes the better," he said. "There are some extremely creative and clever people in the wider security community, and they may have thought of things we haven't. Engaging this talent has been productive and fun."

Google's highest individual "white hat" payout so far is $60,000, which two security researchers each received at its Pwnium conference in August, after finding flaws with Google's Chrome web browser. The problems were fixed immediately.

For other "white hat" hackers, glory is the only reward. Like Carew, NSW high school student Griffin Francis has also hacked the websites of Apple, Microsoft and Google in his spare time and notified the tech giants of flaws.

The 18-year-old from Coffs Harbour said he's seen "a tonne of vulnerable websites" in his short lifetime, and instead of payment, has been included in Apple and Google's "hall of fame" websites.

Francis said he has found issues on Apple's site that could have allowed a malicious user to "steal user cookies, hijack user sessions and redirect [web] pages". He said he has also found about six vulnerabilities on Microsoft's domains, but not all are "patched" yet, and so his hall-of-fame credit is pending.

Francis is not a typical geek. He enjoys playing sports, and got into hacking and cleansing PCs of viruses in Year 5. His computer had been infected by a fake anti-virus, and in his effort to fix the problem, he stumbled upon web forums that had self-help guides.

"I registered and thought 'this is something I could see myself doing'. And one of these sites had a program where you could undertake training," he said.

After completing a two-year web course, he began to look into sites he often visited to find security flaws as a hobby.

Ad Feedback

"You don't see many people my age looking for vulnerabilities in large websites," he said, adding that he hopes next year to study for a bachelor of information technology, or do a trainee degree at his school where he can work with teachers fixing issues with their PCs.

- The Age

Comments

Special offers

Featured Promotions

Sponsored Content