Can you hack a Google Chromebook? If so, you can earn $100,000 legally

Google, like many other tech companies, uses rewards programs to incentivize the most talented hackers to find security problems in their products, and often, to recruit talent.

|
Kacper Pempel/Reuters/File
An illustration file picture shows a projection of binary code on a man holding a laptop computer, in an office in Warsaw.

Those who have the skills to hack Google’s Chromebook laptop, can snatch a $100,000 reward, the company announced on March 14.

This is double last year’s bounty of $50,000, which no one landed. Google is offering it to hackers who can remotely insert malicious code that can persistently compromise the security of their laptop in a secure "guest mode," even after a reboot. Such a hack would mean future "guest-mode" sessions would be compromised.

“… great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool,” Google said on its blog.

It is not unusual for Google to tap the hacker community for help identifying security issues in its products. Last year, the company paid out $2 million to hackers through a series of rewards ranging from $500 to $20,000. Since it launched the program in 2010, Google has paid $6 million for information from hackers.

And it’s not the only company to use a rewards system to fix bugs and find exceptional talent. Starting in the the mid 1990s when Netscape offered $500 per bug found in its web browser, tech companies such as Facebook, Twitter, Yahoo, Microsoft, and many others have been courting hackers with bounties to help their internal teams identify and fix potential security problems. And, importantly, to try to deter hackers from selling information about vulnerabilities to criminals or spy agencies.

“Bug bounties in [technology] defense market are very important incentives,” Katie Moussouris, an advisor to HackerOne, a company that connects companies with hackers, told The Christian Science Monitor. “It’s kind of a talent acquisition technique as well,” she noted.

Though there are a lot of talented hackers, there are relatively few who can exploit the bugs they find to carry out cyberattacks against the latest, most sophisticated software.

“Exploitation is an art form.” Ms. Moussouris says. “Once you identify these talented folks, then it’s a job feeding frenzy.”

She was a hacker herself until she became a security strategist at Microsoft, where she launched a hacker rewards program like Google’s in 2013. The first hacker who won a bounty from her now works for Google’s “Project Zero,” a team of hackers employed by the company who look for security vulnerabilities in products, such as Samsung Galaxy smartphones, that run on its Android operating system.

For independent, bounty-winning hackers, Google promotes their good work online in an effort to keep them from crossing over to the dark side of hacking, where information about cyber vulnerabilities can garner much higher sums than Google offers.

“We understand that our cash reward amounts can be less than these alternatives,” the company writes online, “but we offer you public acknowledgement of your skills and how awesome you are, a quick fix and an opportunity to openly blog/talk/present on your amazing work (while still offering you a very healthy financial reward for your work!). Also, you'll *never* have to be concerned that your bugs were used by shady people for unknown purposes.”

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Can you hack a Google Chromebook? If so, you can earn $100,000 legally
Read this article in
https://www.csmonitor.com/Technology/2016/0317/Can-you-hack-a-Google-Chromebook-If-so-you-can-earn-100-000-legally
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe