Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

A Millionaire Hacker’s Lessons For Corporate America

Santiago Lopez, a 21-year-old ethical hacker who shows corporations their cybersecurity fails, expects to keep going for years to come. A Millionaire Hacker’s Lessons For Corporate America

A Millionaire Hacker’s Lessons For Corporate America

Santiago Lopez started invading corporate computer systems at age 16, after he learned to hack from YouTube videos and like-minded friends.

Now 21, he says he never wanted to commit crimes. Rather, he is a bounty hunter, invited by companies to find holes in their business networks and burrow into their vulnerable data. The idea is that a company will then fix what’s wrong to harden itself against bad actors—“black-hat” hackers—looking to steal data, conduct espionage and disrupt business operations.

Like others in a stable of “white-hat” attack experts associated with bug-bounty firm HackerOne, Mr. Lopez gets paid commensurate with the severity of the weaknesses he identifies. He and other members swarm applications and websites to look for security holes missed by customers that contract with the San Francisco-based firm. Big problems pay big money.

Mr. Lopez is good at his job: Last year, he reached $1 million in bounties since he started and is now closing in on $2 million in total, he says. Recently, he has found bugs for Airbnb Inc. and Verizon Media Group.

In a video chat from Buenos Aires, where Mr. Lopez has hunkered down with his family for the coronavirus pandemic, he talked with The Future of Everything about how corporate leaders can up their cybersecurity game.

It’s 5 P.M. And You Said You’ve Just Finished Breakfast. Nighttime Must Be The Best Time To Hack U.S. Companies Because Fewer Security Teams Are Awake.

A bit in the afternoon and evening, but preferably at night. I see hacking as a normal job, so I tend to hack between six and seven hours per day.

One Large Company Gave You $10,000 For Finding A Way To Manipulate One Of Its Servers To Access Data It Shouldn’t Have Been Able To. Was That Challenging?

It took me a full day to close that bug and prepare my report. It wasn’t long to identify the area [that was] vulnerable. It took much longer to see what kind of secret information I could access. That can be the most difficult task at times, being able to identify how much information you can access with that failure. And it is what gives the most reward.

Hacking Has Surged During The Covid-19 Pandemic, As The Journal Has Reported. What Effects Will That Have In The Future?

Employees are online and information is more vulnerable. Hackers are trying to get those employees to click to load malicious software. Hackers are learning a lot, some new ways to get people’s money. It’s getting worse. I have not yet experienced any company where I have not been able to find a bug, no matter how minimal. Even if there is a company where you feel like you can’t find a bug, it doesn’t mean that someone else can’t find it. Without a doubt, companies are struggling to protect themselves. Cybersecurity is advancing year after year, so even if they manage to create a new type of protection or evolve in some way, bad hackers will always be running the race and they will be discovering and preparing different new ways to make companies vulnerable.

You’re Really Effective At What You Do. What Does This Say About Corporate Cybersecurity?

They’re not investing money or time or work in trying to grow their cybersecurity team. A lot of companies, if you report bugs to them, they don’t have the expertise to fix them. Software that they build themselves has more bugs but software generally is vulnerable, always. If software has access to important data, then encrypt it.

A Millionaire Hacker’s Lessons For Corporate America

Mr. Lopez Is Closing In On $2 Million In Bug Bounties Since He Started This Line Of Work.

How Do Different Industries Compare?

Banks and companies that are all digital are good. Universities don’t care about security because maybe they don’t have sensitivity to customers. Health care? They’re not investing so much in cybersecurity, but they should. They have private information. Overall, cybersecurity teams need more money.

What Kinds Of Technology Changes Are Coming That Will Create Cybersecurity Problems?

Artificial intelligence has helped us a lot to optimize tasks, process data and make decisions much faster than a human being could. However, new technologies, including artificial intelligence, create big cybersecurity risks, as potential vulnerabilities are not fully understood when they are found. This means that with more organizations relying on machine learning to perform business-critical actions, AI systems are sure to become a major target for hackers.

Should Companies Be Worried?

If an attacker had the opportunity to control an AI algorithm, it would be a huge problem since physical objects could be controlled for the first time. An AI attack can transform a stop sign into a green light in the eyes of an autonomous car. The data could also be controlled so that the way it is collected, stored and used can be changed. Imagine an AI attack could control the way that Google or Facebook collects your personal data and the hacker could save or manipulate the data as he pleased.

What About Quantum Computing, Which Experts Say Will Be Able To Crack Today’s Encryption?

That’s way in the future. It’s not easy to crack encryption code, so for now, that’s a good guard against hackers. The larger problem is that people are not being cautioned about cybersecurity. Are all employees having training in cybersecurity? It doesn’t seem like it. Employees, when they click on links, make a big hole for a hacker to enter. If you’re not training people well, no matter what technology you have, you’re only creating future problems. Customers aren’t happy when their data is hacked. They will go to a competitor. Make the investment.


Related Articles:

Container Shipping Line CMA CGM Says Data Possibly Stolen In Cyberattack

Major Hospital System Hit With Cyberattack, Potentially Largest In U.S. History

Hacker Releases Information On Las Vegas-Area Students After Officials Don’t Pay Ransom

Russian Troll Farms Posing As African-American Support For Donald Trump

US Moves To Seize Cryptocurrency Accounts Linked To North Korean Heists

These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier

Uber Exec Allegedly Concealed 2016 Hack With $100K BTC ‘Bug Bounty’ Pay-Off

Senate Panel’s Russia Probe Found Counterintelligence Risks In Trump’s 2016 Campaign

Bockchain Based Surveillance Camera Technology Detects Crime In Real-Time

Trump Bans TicToc For Violating Your Privacy Rights While Giving US-Based Firm Go Ahead (#GotBitcoin?)

Facebook Offers Money To Reel In TikTok Creators

How A Facebook Employee Helped Trump Win—But Switched Sides For 2020

Facebook Rebuffs Barr, Moves Ahead on Messaging Encryption

Facebook Ad Rates Fall As Coronavirus Undermines Ad Spending

Facebook Labels Trump Posts On Grounds That He’s Inciting Violence

Crypto Prediction Markets Face Competition From Facebook ‘Forecasts’ (#GotBitcoin?)

Coronavirus Is The Pin That Burst Facebook And Google Online Ads Business Bubble

OpenLibra Plans To Launch Permissionless Fork Of Facebook’s Stablecoin (#GotBitcoin?)

Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)

FTC Approves Roughly $5 Billion Facebook Settlement (#GotBitcoin?)

How Facebook Coin’s Big Corporate Backers Will Profit From Crypto

Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)

A Monumental Fight Over Facebook’s Cryptocurrency Is Coming (#GotBitcoin?)

Alert! 540 Million Facebook Users’ Data Exposed On Amazon Servers (#GotBitcoin?)

Facebook Bug Potentially Exposed Unshared Photos of Up 6.8 Million Users (#GotBitcoin?)

Facebook Says Millions of Users’ Passwords Were Improperly Stored in Internal Systems (#GotBitcoin?)

Advertisers Allege Facebook Failed to Disclose Key Metric Error For More Than A Year (#GotBitcoin?)

Ad Agency CEO Calls On Marketers To Take Collective Stand Against Facebook (#GotBitcoin?)

Thieves Can Now Nab Your Data In A Few Minutes For A Few Bucks (#GotBitcoin?)

New Crypto Mining Malware Beapy Uses Leaked NSA Hacking Tools: Symantec Research (#GotBitcoin?)

Equifax, FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)

Cyber-Security Alert!: FEMA Leaked Data Of 2.3 Million Disaster Survivors (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Lithuanian Man Pleads Guilty In $100 Million Fraud Against Google, Facebook (#GotBitcoin?)

Hack Alert! Buca Di Beppo, Owned By Earl Enterprises Suffers Data Breach Of 2M Cards (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Maxine Waters (D., Calif.) Rises As Banking Industry’s Overseer (#GotBitcoin?)

FICO Plans Big Shift In Credit-Score Calculations, Potentially Boosting Millions of Borrowers (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply