Skip to Main Content

Professional Hackers


The first major abuse of technological systems occurred in the telecommunications industry in the 1970s. Black hat hackers hacked telephone systems and used them to make free phone calls. In 1988, the first malicious software program (later called a worm), was released onto the Internet. The program, which was written by Robert Tappan Morris, a graduate student at Cornell University, caused thousands of connected computers to fail. Morris was indicted and received the first felony conviction in the U.S. under the 1986 Computer Fraud and Abuse Act. Since it was determined that he had no malicious intent, Morris was not sentenced to jail, but received three years of probation and was ordered to pay a $10,000 fine and to perform 400 hours of community service. Today, Morris is a respected computer science professor.

As the Internet grew, more and more businesses and government agencies began to have an online presence and develop elaborate Information Technology (IT) infrastructure. Black hat hackers began to try to hack into these organizations’ computer systems to access financial data and other confidential information, intellectual property, and state secrets. At the same time, white hat hackers also began to try to hack into these systems, but with the goal of helping companies and government agencies identify flaws in their IT systems. Organizations reacted in several ways. Some ignored white hat hackers when they contacted them with information about the security flaws. Others made no differentiation between “white hat” and “black hat” hackers and threatened to report the white hats to authorities. Finally, some forward-thinking organizations welcomed the work of the white hat hackers; a few even hired them on to their security staffs. In 1995, the computer services firm Netscape became the first company to offer a “bug bounty program,” which paid white hat hackers a reward to identify major security weaknesses in its systems. Despite this early interest, bug bounty programs did not become a major part of the security industry until the past few years.

In 2012, security leaders from Facebook, Google, and Microsoft created HackerOne, the first vulnerability coordination and bug bounty platform. As of March 10, 2016, HackerOne had brokered fixes for more than 19,100 bugs and payment of more than $6.4 million to white hat hackers. In 2020, HackerOne worked with many of the world's top companies, including Starbucks, Nintendo, PayPal, General Motors, and Goldman Sachs.