Cyber bug bounty hunter hacks his way to a real-life fortune
AN “ETHICAL hacker” has become Britain’s first bug bounty-hunting millionaire after earning $1.5 million (£1.22million) exposing security flaws in global firms’ computer systems.
Mark Litchfield, 47, from Fife, uncovers potential IT weaknesses which could be exploited by criminals.
Mr Litchfield, now based in Las Vegas, began bug hunting after internet company Yahoo asked him to identify defects in the coding of its website.
Yahoo suffered serious data breaches between 2013 and 2014, which led it to find imaginative ways of protecting its data from being breached.
The discovery of a bug by Mr Litchfield led to a cash reward, and he realised more money could be made through legal hacking. Previously a computer salesman, he has said in an interview with the BBC that he “can’t code – at all” and that “literally anyone could do this”.
He said he hopes that his example will encourage other hackers to “test their skills” in order to “make the internet a much safer space for people”.
“Hacking can open doors to anyone with a laptop and curiosity about how to break things,” he added. Hackerone, a cyber security company based in San Francisco, said Santiago Lopez, a 19-year-old Argentinian, became the world’s first ethical hacker to earn $1million earlier this year.
Hackerone works with organisations to pay bounties to groups and individuals to uncover potential security liabilities. It said a vulnerability is reported by a hacker every five minutes.
The company has revealed that four other hackers have also made $1million, having bypassed the security of organisations such as accountants Goldman Sachs, the US Department of Defense, Uber and Airbnb.
They come from Australia, the United States, Sweden and Hong Kong.
The increasing number of high-level cases has meant that the average bounty payment has jumped by 48 per cent from $2,281 in 2018 to $3,384 this year. The hackers have discovered almost 5,000 vulnerabilities in the security systems of companies and government divisions operating internationally, highlighting the risks at hand.
Hackerone published a report yesterday which showed that 25 per cent of all vulnerabilities pinpointed by ethical hackers in the past year were of critical severity.