Being Rewarded For Hacking

On March 7th, Google held its third annual event called the Pwnium Hacking Competition where they invited hackers of all sorts to test the security and software of the Chrome OS running on a Samsung Series 5 550 Chromebook. Google has been increasing known for paying others to discover vulnerabilities within their product. During these events, the Internet search giant has offered large sums if money to any participant who was able to hack into their computers. The prizes were $110,000 dollars for anyone able to take control of a webpage or the entire computer, as well as $150,00 dollars if the hacker was able to maintain this control after rebooting the software. In total, Google offered to reward up to $3.14159 million dollars, or Pi million dollars, during the competition. This nerdy value of money isn’t uncommon for the company who has been known for “express[ing] its love of extremely geeky numbers”.

Image

            The most recent updates from this event show that no one had successfully hacked into the Chrome OS, but Google did pay one individual at the Pwnium Hacking Competition $40,000 for finding a bug in the system that could cause a later error. I believe that this competition is a smart advantage for Google on multiple levels. First, it shows the customers the safety of their product, in that some of the most skilled hackers weren’t able to break into the Chrome OS. Secondly, it allows Google to fix any problems in their updated product before releasing it to the public. And finally, the prizes that Google gave away only represent a fraction of what the company can actually lose if someone hacks into their system. As we have discussed in class, there is a lot of money hidden in the internet and stored in user’s hard drives so it would be easy for a hacker to steal this information, like credit card numbers, and receive a higher gain.

Image

            However, in the Forbes article that I read, security experts from the event stated that certain hackers never end up brining the weak link in the operating system to Google attention. Instead, they either keep these secrets for themselves to use at a later time for their own use or they sold it to other intelligence agencies that would pay even more money that Google. One French CEO told the author of this article that he “wouldn’t give Google information about a technique for hacking Chrome for even $1 million”. In relation to what we’ve learned in class, the price for the information is related to the return of investment for the hacker. On one hand, there would be no penalty for the hackers to give the information about a faulty error in the Chrome OS during the competition and they would still receive a cash reward for their efforts. Yet, on the other, there is a great risk involved, along with more time and effort, for those who kept the security vulnerabilities to themselves and could potentially walk away with a vastly greater amount of money. 

Articles that I used for this post:

Advertisements

9 thoughts on “Being Rewarded For Hacking

  1. Great move by google here. Paying hackers to test the security and failing is a great PR move. Makes me more comfortable that I use google over explorer and sarfari Does Sarfari/Explorer/Firefox do anything like this? This is good move for the Hackers as well. Getting paid with no risk of any judiciary consequence.

  2. This was a really interesting post, relevant to class; however, introducing something I had never heard about before. I think this is certainly a smart move on Google’s part and I agree with you that the money spent is worth it in the long run. This is a great idea for Google to improve the security of its system. What intrigued me the most about your post was the hackers that would not give Google information about hacking. I wonder what price Google would have to raise the reward to in order for hackers to reveal the information. Overall, really intriguing post.

  3. Super interesting concept and I agree with you and the two comments above that this is a great move by google. Reading through I wasn’t expecting your last paragraph and it is an interesting twist of perspective. Is google offering enough incentive for hackers to turn in these flaws that they find. Will they have to increase their offers in the future if there is real threat of people withholding information. It definitely made me happy to know that I was reading this post on Chrome. Thanks for sharing!

  4. Very interesting article. I had the same train of thought as you did as I read your post. I initially thought it was very smart of Google because they will be able to fix all of their problems at such a small cost. But then I also thought about what if the hackers found a way to control chrome but didn’t tell Google. This whole thing is a little risky for Google because they are giving the hackers almost a trial run to see if they can find anything and then are expected to tell Google how to fix it. I don’t think the money that Google is offering to pay the hackers is enough incentive for them to help out Google. I think that the more dangerous hackers will definitely try to sell what they find out for more money than what Google is offering them.

  5. As everyone seems to think, I agree that Google offering incentives to hackers is a great move. Ideally, its a great PR move as well as works to strengthen Google’s products. I’m sure Google has no issue offering prize money because they can potentially avoid the serious consequences of losing control of their products.
    The idea of Vupen, however, is quite terrifying. The title of this blog is “Being Rewarded for Hacking.” Members of Google’s competition are involved in a game for a chance at some prize money. Vupen, on the other hand, is a business bringing in large sums of money for selling the information that they with hold from Google. What is even scarier is the fact that its legal. The information Vupen holds is too powerful to be sold to the highest bidder, and action needs to be taken to check these cyberspace operations.

  6. awesome article, Google is so good at using this kind of competition to improve their product. They are also confident in their security, they know that the hackers won’t get the prize. This is how I think a big giant company should do in order to keep being BIG: Openly allow people to challenge their product to show the public their strength and Always keep improving before big problem breaks out!
    I agree that maybe some hackers might keep the secret and sell it to outside party for higher profit, but I think that is something you can’t avoid.
    Lastly, I really like Google Chrome :)

  7. Very interesting post. I think it is a very smart move for Google to pay hackers to try and find holes in their security. Using incentives Google can fix any issues before they release the system and like you said will in the end save them money by hackers can take more money from Google through their hacking than Google gives to the these hackers. Although you stated that some people would find issues and not report them for money, I believe that this event is still worth it since the hackers would have found the issues anyway when the system was released. The event allows Google to work out many issues and they are not giving any money to those who decide to not report the information. I think more companies should try this out in order to make safer systems which in the end will benefit both the company and its clients.

  8. I think that in theory, Google was thinking right. In theory, this competition would be an extremely effective method of improvement for their company by advertising their product, showing their customers the quality of the product, and improving the quality of the product. Unfortunately, Google has been outsmarted in this endeavor. Many competitors have gotten the chance to hack Google with no risk and discover the flaws in the software through this contest. They now have material to make a competitors to Google which is more effective. I will be curious to see if any of these contestants take the information they discovered and use it to their advantage.

  9. Interesting post. Everyone here seems to think the same thing-it is pretty smart to pay hackers to try and find bugs within the system. I do agree it makes the system more secure. However, on the other side of this, how does Google trust the hackers to produce any bugs they do find? Nonetheless, I too was glad to see how secure Chrome was.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s