What a US presidential candidate can teach us about hackers

A few months ago, it was revealed that Beto O’Rourke, one of the newest candidates to enter the 2020 United States presidential race, was a former member of one of the oldest groups of hackers in America — Cult of the Dead Cow. The hacking group was known for standing up against government surveillance and censorship, exposing flaws in systems using Microsoft Windows, and eventually coining the term ‘hacktivism.’

The possibility that the next president of the United States could be a former hacker is a pivotal point in both American and hacker history. And, it’s not a bad thing. After all, in an interview, Beto himself even states “the hacker mindset could be very helpful to society. Hackers describe the world as it really is, not how it’s supposed to be.”

For decades, the word ‘hacker’ has been primarily portrayed in pop culture as one with malicious intent as seen in Hollywood movies, sci-fi books and in news headlines. However, the word did not originate with a negative meaning in mind. The Massachusetts Institute of Technology (MIT) coined the term ‘hacking’ in the 1950s in reference to using a machine for trial and error experiments and its original connotation wasn’t a bad one. In fact, MIT has a long-standing tradition of hacking and accepts ‘hacking’ as part of its culture and synonymizes the word with ‘curious exploration’ and ‘creative inventions that demonstrate ingenuity and cleverness’. It wasn’t until the prevalence of the early phone hacks of the 1960s and modem hacks of the 1980s in which ‘hacking’ started to develop a bad rap. Using modems to break into corporations and government agencies during the 1980s led to the eventual passing of anti-hacking laws such as the US Computer Fraud and Abuse Act of 1986, imposing severe consequences for individuals convicted of such activities, including jail time. Since then, the term ‘hacker’ has been inexplicably used to identify criminals engaged in using computers and technology to perform malicious acts.  Even most dictionaries define “hacker” as “a person who is skilled in the use of computer systems, often one who illegally obtains access to private computer systems.”

With a new security breach appearing almost daily, it is understandable why the world is slow to embrace MIT’s sentiment. The good news is that the negative perception of hackers and the popular misconceptions that come with it are finally changing due to the rise of ethical hacking or ‘white-hat’ hacking, most of which has happened in this past decade alone.

The rise of the bug bounty

More companies and government organizations are realizing that in order to protect themselves online, they too need highly skilled and creative individuals on their side.  One way to do that is to incentivize hackers to do so by offering rewards in return for reporting vulnerabilities, in what is known as a “bug bounty.” Although not called that at the time, the first known “bug bounty” program was launched in 1983 by operating system company Hunter & Ready who rewarded anyone who found and reported a vulnerability with a Volkswagen Beetle (“Bug”). In the 1990s, Netscape coined the term “bug bounty” and was one of the first companies to put budget behind a program dedicated to financially rewarding hackers for finding vulnerabilities. It wasn’t until the 2000s when bug bounties started to become more commonplace. Starting in the early 2000s, Mozilla Foundation offered bug bounties of up to $500 for critical vulnerabilities. Fast forward to the 2010s, technology giants like Facebook, Google, Microsoft and others followed suit. By 2012, the development of commercial platforms such as HackerOne emerged, enabling any organization to engage ethical hackers to test their systems and build more secure systems, which for a long time was a tactic that was once only used by the early tech pioneers. In turn, hackers can hone their skills and earn money doing so safely, all in the name of making technology safer.

Hacking as a profession

What previously was viewed as a criminal offense 20 or 30 years ago is now seen as a legitimate profession. In fact, with the rise of bug bounties, hacking can be lucrative, earning more than physicians and architects in the US. A physician earns an average of $195,000 and an architect earns an average of $115,000; meanwhile, the top paid hackers are earning over seven figures. This year there have been record bounties earned with the first teenager earning over $1 million in ethical hacking.  Federal government agencies like the European Commission, UK National Cyber Security Centre, U.S. Department of Defense, and the Singapore Ministry of Defense and major corporations like General Motors, Starbucks, Goldman Sachs, and Hyatt Hotels are also engaging with hackers to find security vulnerabilities before criminals do.

Perceptions are changing

Hackers have been called the immune system of the internet, as they come together to help address the growing security needs of our increasingly interconnected society. Public perceptions are finally catching up. A study last year revealed that 70% of IT professionals wanted the Cambridge dictionary definition of a hacker changed to show hackers in a favorable light, such as with the more accurate definition like MIT uses.  Similarly a survey of U.S. adults revealed that nearly two-thirds of Americans (64%) think not all hackers act maliciously; 82% of Americans believe hackers can help expose system weaknesses to improve security in future versions; and, millennials (ages 18-34) are most likely to believe that hacking is a legitimate profession (57% vs. 31% of those aged 35+).

Hackers were recently asked how they define ‘hacker’ and here’s what they had to say:

• “A hacker is a problem solver”

• “A hacker is a person who can think and solve puzzles in unique ways”

• “A hacker is a person who is curious about how things are built”

• “Hacking is an intellectual challenge where you are finding things that others won’t be able to find, thinking the ways others won’t think.”

A recent study showed that hackers’ top motivations are the opportunity to learn, to be challenged, and to have fun. Hackers’ reasons for hacking may vary, but the results are consistently impressing the growing ranks of organizations embracing hackers —leaving us all a lot safer than before.  US presidential candidate Beto O’Rourke even states that “hackers look for flaws in systems, whether it be software, media or government, with a goal of making them better.” And maybe soon too, the world will see its first hacker president.

Ben Sadeghipour is a hacker and Head of Hacker Operations at HackerOne.