On March 7th, Google held its third annual event called the Pwnium Hacking Competition where they invited hackers of all sorts to test the security and software of the Chrome OS running on a Samsung Series 5 550 Chromebook. Google has been increasing known for paying others to discover vulnerabilities within their product. During these events, the Internet search giant has offered large sums if money to any participant who was able to hack into their computers. The prizes were $110,000 dollars for anyone able to take control of a webpage or the entire computer, as well as $150,00 dollars if the hacker was able to maintain this control after rebooting the software. In total, Google offered to reward up to $3.14159 million dollars, or Pi million dollars, during the competition. This nerdy value of money isn’t uncommon for the company who has been known for “express[ing] its love of extremely geeky numbers”.
The most recent updates from this event show that no one had successfully hacked into the Chrome OS, but Google did pay one individual at the Pwnium Hacking Competition $40,000 for finding a bug in the system that could cause a later error. I believe that this competition is a smart advantage for Google on multiple levels. First, it shows the customers the safety of their product, in that some of the most skilled hackers weren’t able to break into the Chrome OS. Secondly, it allows Google to fix any problems in their updated product before releasing it to the public. And finally, the prizes that Google gave away only represent a fraction of what the company can actually lose if someone hacks into their system. As we have discussed in class, there is a lot of money hidden in the internet and stored in user’s hard drives so it would be easy for a hacker to steal this information, like credit card numbers, and receive a higher gain.
However, in the Forbes article that I read, security experts from the event stated that certain hackers never end up brining the weak link in the operating system to Google attention. Instead, they either keep these secrets for themselves to use at a later time for their own use or they sold it to other intelligence agencies that would pay even more money that Google. One French CEO told the author of this article that he “wouldn’t give Google information about a technique for hacking Chrome for even $1 million”. In relation to what we’ve learned in class, the price for the information is related to the return of investment for the hacker. On one hand, there would be no penalty for the hackers to give the information about a faulty error in the Chrome OS during the competition and they would still receive a cash reward for their efforts. Yet, on the other, there is a great risk involved, along with more time and effort, for those who kept the security vulnerabilities to themselves and could potentially walk away with a vastly greater amount of money.
Articles that I used for this post: