Cybercrime Pays, and More Lessons From HP’s Hacking Contest


Hacking is a solitary business, furtive and dimly lit by the glow of a computer screen, at least in the popular imagination. Not so the semiannual competition known as Pwn2Own, organized by Hewlett-Packard’s (HPQ) Zero Day Initiative (ZDI), where teams gather to demonstrate “exploits,” the insider term for using security vulnerabilities in Web browsers and video streaming programs to gain control of a laptop.

This year, eight contestants (some groups, some individuals) completed 12 successful attacks, winning $850,000 from March 12 to 13 in Vancouver. There was also a chance for HP and Google (GOOG) teams to hack for charity, disclosing vulnerabilities and donating the prize money to the Canadian Red Cross. The results tell you a bit about cybersecurity.

More here.

, ,

3 Responses to Cybercrime Pays, and More Lessons From HP’s Hacking Contest

  1. Charlotte Gioia February 12, 2015 at 11:24 am #

    In my opinion, the HP hacking contest is a great event to raise awareness among companies and government. The society we live in evolved a lot thanks to the rise of technologies. People use them every day and rely on them at home or at work. The problem is that these technologies are vulnerable to threats or to cyber-attacks. An event such as the hacking contest is the perfect way for companies to test their employees and their information systems. According to Market Research Media (, the U.S federal cyber-security market will grow steadily at about 6.2% at a compound annual growth rate between 2015 and 2020. This means that many companies should or will implement cyber-security measures to avoid any negative impact. This kind of event is the perfect opportunity to recruit the best “white hat”(ethical hacker).
    However, the prizes of the contest are quite high. This amount of money could be better invested in protecting information systems or in learning sessions about cyber-security. So rather than giving the money to a single individual, it should be distributed to an association like they did for the Red Cross or to invest in better performant information systems.

  2. Taylor DiLetto November 15, 2015 at 5:23 pm #

    I find the skill of cyber hacking to be extremely interesting, and incredibly lucrative.
    These teams can hack into large corporations like Google and HP (an electronics company!) and hack hundreds of thousands of dollars. Although this seems like the teams and people with this skill are dangerous and bad, this is false. This skill can be used to help with a numerous amount of things. For example, in this article the teammates used their skills to show HP, Google, and other companies that their security system is not good enough, and if someone else were to hack into it then they could end up losing a lot of money. The teammates are helping the companies show what loopholes and inefficiencies they have in their cyber systems. This skill can also be used to hack into the computers of dangerous terrorists or just criminals in general, to see what they are searching for or where they are spending money. Often, a criminal that is on the loose may be found because they leave a cyber trail of their location somewhere, and it takes an incredibly skilled person to be able to uncover that type of information.
    As a larger part of the world becomes electronic, the easier it is going to be to get money or private information stolen from cyberspace. For example, my grandfather was trying to fix his computer, and he called “dell” in Africa to have someone help him figure it out. Eventually, the customer service representative tried convincing my grandfather to give him remote access to his computer, which has an extremely large amount of information on all of his and my family’s banking. It turns out the that “dell’s” customer service representative actually did not work for dell and was just trying to hack into his computer. The fact that all banking can be done electronically is extremely convenient, but the truth is that there are many people out there with this special skill that can access all of that information whenever they please.

  3. Sam Sheikh April 10, 2016 at 4:59 pm #

    It is a great idea to have a competition to find exploits. If you are having people discover security flaws in a controlled area, it makes it much safer for you as a business. HP is fixing the issues in their security by having a competition. This makes a fun event where people can show up and win money to hack into systems. This allows them to learn about flaws without the malicious activity after the fact. Because this is such a good idea, other businesses like Google and Microsoft are also offering money to people to find exploits. IT is better to shell out $850,000 preemptively than having to spend much more after the fact.

Leave a Reply