How I became an… ethical hacker

Tommy DeVoss is obsessed with computers. His first interaction with the internet, when he was nine, launched a lifelong fascination which would lead him to spend nearly five years in federal prison before becoming a white-hat hacker who has earned more than $2m (£1.65m) in bug bounty payouts. 

Hackers fall into three categories: black hat, white hat, and grey hat. The black hats are cybercriminals, out for financial gain, revenge or simply to cause trouble. White hats exploit systems on behalf of companies, so they can identify and fix vulnerabilities. Grey hats tread the line between the two as they may hack illegally to uncover security issues which they offer to share with companies in exchange for a fee. 

The name comes from old Western movies, where viewers could tell the “goodies” from the “baddies” based on the colour of their headgear. Real black hats, however, are much harder to identify. And, it turns out, it can be fairly easy to become one. 

A hacker’s story

In 1993, DeVoss’s cousin and next-door neighbour got a dial-up internet connection. The developer who installed it also set them up with a chat programme. “I spent time hanging out in different chatrooms, just like any other young boy, looking for girls to talk to and making friends. And then one day I accidentally joined the wrong chatroom,” he recalls. 

The room DeVoss stumbled into turned out to be the domain of a prolific hacker who went by the alias Deez Nuts, or DZ. DeVoss was fascinated. He hung out in the chatroom waiting for others to join, then started asking lots of questions. This, it turned out, was a bad move when it came to getting into the good books of a 1990s hacker. 

“He kept banning me from the chatroom. Back then, every hacker was considered bad, so they were all paranoid, worried that anyone they didn’t know asking questions was a fed [member of the FBI] trying to get them in trouble,” he says.

I was never trying to hurt people. I was just doing it out of curiosity

Eventually, though, persistence paid off and DZ took DeVoss under his wing, sending him to Google to learn everything there was to know about hacking and setting him exercises…