science

I'm a professional hacker and I've raked in more than $2 million by infiltrating Yahoo, Uber and even the US Government


From a prolific cybercriminal to one of the richest ethical ‘bounty hunters’ in the world; a white hat hacker has shared the story of his transformation in an exclusive interview with MailOnline. 

Tommy DeVoss – famously known as ‘dawgyg’ – has raked in more than $2 million (£1.6 million) by exploiting thousands of big names for cash, including Yahoo, X (formerly Twitter), Uber and even the US Government. 

This is thanks to sites like HackerOne, which enable ethical hackers to use their skills for the greater good, by reporting vulnerabilities within computer systems to help bolster cybersecurity.

Tommy even received a staggering $180,000 (£147,000) payout in one day for helping Yahoo, and is among just a handful of hackers to have earned $2 million (£1.6 million) on the site.

But the 39-year-old hacker from Virginia, US, hasn’t always been on the right side of the tracks, having faced federal prison three times due to his previously unlawful behaviour. 

Tommy DeVoss - or 'dawgyg' (pictured) - has exploited thousands of big names for cash

Tommy DeVoss – or ‘dawgyg’ (pictured) – has exploited thousands of big names for cash

BLACK HAT VS WHITE HAT HACKERS 

BLACK HAT HACKERS

Criminals who break into computer systems with malicious intent. 

For Tommy DeVoss, this often involved ‘defacing’ sites with messages for the owners.

This refers to the act of replacing website content without the consent of a website owner. 

But stealing personal information, passwords and credit card information are among other acts a black hat hacker may do. 

WHITE HAT HACKERS

These are ethical security hackers that aim to identify issues within computer systems. 

White hats often take part in ‘bug bounty’ programs.

These offer monetary rewards to researchers that report weaknesses within computer systems. 

 

‘Looking back and thinking “I’m getting ready to go to federal prison”, I thought that my life was effectively over,’ he told MailOnline.

‘I expected to be working in a dead-end, meaningless job for the rest of my life barely making money. I never expected to be where I am right now.

‘It’s nice to know that I could turn what was once bad stuff into a good career. It’s nice that I’m doing things for good now and I don’t have to hide.’ 

Readers Also Like:  Cellphone service is getting worse in the US - but carriers like AT&T, Verizon and T-Mobile say there's a good reason for dropped calls and texts

Tommy claims he’s been hacking since the age of nine after learning from members of a chatroom he joined completely by accident. 

Initially unaware of the legal boundaries, he went to town experimenting with his newly found knowledge. 

As a black hat, Tommy believes he eventually exploited well over 10,000 governments, militaries and companies just out of boredom. 

This included the likes of Nokia, Sony, Mercedes-Benz and even EA Sports, often as part of a group known as World of Hell.

At one point, he even exploited 700 companies in five minutes after breaking into a hosting provider. 

But it was this behaviour that landed him three federal prison sentences spanning from 2002 to 2010.

Most notably, in 2005 he was convicted of breaking into US military computers and was even raided by FBI agents on two separate occasions. 

‘June 12 2002, they came with the full swat and everything at my door,’ he told MailOnline. 

Tommy DeVoss even received a staggering $180,000 payout in one day for helping Yahoo

Tommy DeVoss even received a staggering $180,000 payout in one day for helping Yahoo

WHAT IS BOUNTY HUNTING? 

Bounty hunting programs, which are run by various websites and organisations, offer rewards to individuals who identify errors or vulnerabilities within computer systems.

For instance, last year alone, Google paid out a staggering $12million (£9.8million) in rewards to 703 paid researchers within its own bug bounty program.

The tech titan was able to fix almost 3,000 vulnerabilities as a result – with one researcher even bagging $605,000 (£494,899) in a single reward payout. 

‘I wasn’t there for that one – my sister was there. I was at work, but I had been trying to get off the the whole day, and finally convinced my boss that I wasn’t feeling good, and he let me leave at like one o’clock in the afternoon.

‘So, I drove home and when I got to my apartment at the time, there was not a single car in the parking lot.

‘Every single car was out of the parking lot, and it was strange because I had never seen that. 

‘And then I tried to unlock my door and open it, but it was locked on a dead bolt that could only be unlocked inside. So, I started beating on the door, telling my sister to open the door, and that she better not be smoking. 

Readers Also Like:  Apple unveils its long-awaited augmented reality headset Vision Pro at WWDC

‘Then the next thing I know the door opens, and there’s an M16 in my face.’

He later added: ‘I’ve got an addictive personality, I’ve also got ADHD, you know.

‘So it’s the one thing that my mind has never grown tired of, and the feeling that I get when I like get the bug or I break into a system or something I know it’s going to be a big – the rush is no different to doing drugs.’

During his time in prison, Tommy faced months of solitary confinement in which he was only allowed to make one phone call every 30 days. 

It was only on his fourth release from prison that Tommy realised that legal bug bounties were an option for him

It was only on his fourth release from prison that Tommy realised that legal bug bounties were an option for him

It was only after his final release that Tommy realised legal hacking in the form of ‘bug bounties’ were an option for him.

These programs, put out by various websites and organisations, offer rewards to individuals who identify errors or vulnerabilities within computer systems.

For instance, last year alone, Google paid out a staggering $12million (£9.8million) in rewards to 703 paid researchers within its own bug bounty program.

The tech titan was able to fix almost 3,000 vulnerabilities as a result – with one researcher even bagging $605,000 (£494,899) in a single reward. 

‘I heard about bug bounties in 2013 or 2014, but I thought it sounded too good to be true so I didn’t do it,’ he continued.

‘And then towards the end of 2015 I started seeing people’s write-ups of bug bounties on Twitter.

‘So, then I started looking into it and saw there was a bug bounty program on HackerOne.’

HackerOne is a US-based firm that’s focused on reducing the risk of security incidents by working with the largest community of trusted ethical hackers.

It hosts countless bug bounty programs for a range of different organisations in addition to scenario-based activities that teach people how to get involved.  

While Tommy now works as a Staff Security Engineer at the US-based Braze, he would previously spend 10 to 20 hours a month doing this, earning roughly $100,000 (£81,000) each year.

He’s now hacked the US Government, Yahoo, Uber and numerous other firms within ethical programs such as this. 

Tommy DeVoss (dawgyg) on HackerOne: Listed are the public bounty programs that he has interacted with.  'Valid/Closed' bounties are the number of successful reports he has submitted on the site

Tommy DeVoss (dawgyg) on HackerOne: Listed are the public bounty programs that he has interacted with.  ‘Valid/Closed’ bounties are the number of successful reports he has submitted on the site

Tommy added: ‘I started hacking Yahoo – they gave me my first bounty in March of 2016, and then they just went from there.

‘There’s a decent number of us now that are make a living out of this, but the vast majority are not.’

Tommy claims that bug bounties are now getting tougher thanks to heightened competition.

But for those keen to get started, he advises that perseverance is key.

‘If you decide to do this, you cannot be somebody that doesn’t take failure well,’ he told MailOnline.

‘Bug bounty hunters fail 999,999 times for every time that they’re successful. 

‘So you have to be okay with the fact that most of what you do is gonna end up being unpaid.’

He later added: ‘So you’re going to fail a lot, but you’re gonna be constantly learning. You’ve got to have that mindset.’

Just last month, Tommy bought his seven-year-old daughter a laptop for her birthday.

She wants to be an ethical hacker just like him.  

‘She tells people that her daddy is a hacker,’ he continued.

‘She wants to be a hacker like me and a teacher, and she wants to be a ballerina cause her mum wanted to be a ballerina.

‘You can make really good money from legally hacking.’  

The FBI declined to comment on the details of Tommy DeVoss’s criminal history, and it’s understood that his records were redacted by the US military in 2016. 



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.