People don’t have to look for very long to find instances of malicious hackers who breach databases and steal information to sell or benefit from in other ways.
But, there are also ethical hackers who get hired by tech companies to perform penetration tests or otherwise verify a website, app or network is as secure as it seems.
In recent years, it has become easier than ever for anyone who has the necessary financial resources to tap into the “hacker-for-hire” market. It’s as straightforward as searching through Google results.
There, people can find hacker marketplaces where participants promote their skills and sometimes provide their price ranges. Initially, many hackers for hire only operated on the dark web, but now their services are so in demand that broadcasting them is commonplace.
Most hackers for hire work anonymously, and their rates go up depending on the complexity of a hack and how long it takes to do. It’s possible to hire a hacker for as little as $5 per hour, meaning the option is open even to those with minimal financial resources. Some of them also prefer Bitcoin payments rather than traditional currencies.
So, since hackers for hire are available to showcase their skills, what can people expect in the months and years to come?
The U.S. Federal Bureau of Investigation (FBI) is one agency that typically turns to the gray market to hire hackers, sometimes by contracting with specialty companies.
An interesting thing about that practice is it allows the FBI to bypass the Vulnerabilities Equities Process (VEP), which requires the agency to weigh whether to disclose zero-day vulnerabilities to tech companies or keep them classified.
Moreover, even with recent VEP updates, it still falls short by allowing the FBI to ignore the stipulations of the VEP if it purchases zero-day vulnerabilities that are subject to contractual terms, like non-disclosure agreements.
But, in December 2018, the U.S. Department of Justice showed that even if other federal agencies used hackers for hire, the market wouldn’t go unchecked. That’s because the organization took 15 domains offline that were selling distributed denial of service (DDoS) attacks and marketing them as stress tests. Additionally, three suspects got charged for running two of the offending sites.
Some of the now-defunct sites were among the most popular offering DDoS attacks. As an example, the services associated with one provider were responsible for 200,000 DDoS attacks in approximately four years.
Also, FBI agents warn they’ll prosecute both the entities that run these DDoS attack sites and the people who purchase such services. So, people cannot expect to be involved with those sites — whether as service providers or clients — and count on immunity from potential consequences.
People who are successful hackers for hire generally know various programming languages. They are also extraordinarily detail-oriented and capable of working efficiently under pressure.
A market outlook indicates the people with skills that fit the hacker-for-hire market will be even more valuable soon, particularly to companies that want to outsource to freelancers.
Many of the marketplaces that advertise hackers for hire look almost identical to the sites freelancers commonly use to find clients who need other kinds of services, such as writing and web design. That means it isn’t difficult for people to venture into the world of hackers for hire and see if they can make an income.
Sometimes, there’s no need for these freelancers to market themselves and their services. That’s because companies offer “bug bounties” to ethical hackers who find vulnerabilities and report them. One teenager made more than $100,000 through such a side hustle.
These programs, which companies like Google and Apple offer, can generate hundreds of thousands of dollars as a reward for finding a single issue. And, since these initiatives are aboveboard, participants don’t have to worry about their sources of work ending because of law enforcement involvement.
Readily available lists of bug bounty programs show the minimum and maximum payouts hackers could earn. Since so many big-name companies are turning to these citizen hackers for help, that suggests a bright future for people who want to get into the market.
Even before the December 2018 takedown of DDoS sites, an operation involving law enforcement authorities from 12 countries took down servers and made arrests associated with the webstressor.org site in April 2018.
That online destination was allegedly behind more than 4 million DDoS attacks over the years, since it was reportedly the largest hacker-for-hire platform.
However, not all national authorities are fed up with hackers. News broke in January 2019 that Canada’s domestic spy agency wants to hire hackers, as evidenced by a job posting for a “network exploitation analyst.” Then, in the U.S., Idaho National Laboratory is one of the premier cybersecurity facilities in the country. It first became known as a nuclear facility, but has more recently gained an edge in cybersecurity.
Construction is underway on a new building that will accommodate 200 more workers because the current space is too small to hold that facility’s cybersecurity team, and hiring continues to occur at a fast pace.
Representatives at Idaho National Laboratory start looking for future team members when those candidates are still in high school. The facility also holds cybersecurity competitions for college students.
These examples show hackers for hire are in demand at an unprecedented rate. And, there’s money to be made from the services they offer.
However, due to the recent activities of law enforcement officials, it seems safer to focus one’s attention on bug bounty programs and other purely legal opportunities to steer clear of possible site shutdowns.