Microsoft pays $1 mn to British expert who discovered glitches in Microsoft OS

11 Oct 2013

British vulnerability expert James Forshaw has won a £63,000 award for hacking into software giant Microsoft's operating system in such a way that would potentially compromise all software running on Microsoft platforms.

The glitches he uncovered were so serious that Microsoft would not reveal the specifics of the hack until all their software had been updated.

The company announced cash bounties to experts for uncovering security holes, in June, with a view to plugging these before they could be exploited by fraudsters.

Forshaw, head of vulnerability research at UK-based Context Information Security, was the first winner of the award.

The company he works for offers advice on hacking to Ministry of Defence and other public sector organisations as part of the government's UK Cyber Security Strategy.

According to Microsoft the large sum was awarded because Forshaw's submission would help them "develop defences against entire classes of attack".

Explaining how he found the bug, Foreshaw said, over the past decade working in secure development and research, he discovered many interesting security vulnerabilities with a heavy focus of complex logic bugs.

According to commentators, Microsoft's bounty system reflected a wider monetisation of cyber hacking which had developed as governments and businesses became increasingly aware of the issue.

A secret Chinese group known as Hidden Lynx was believed to include 100 skilled hackers who could be hired to carry out prolonged campaigns on behalf of clients.

The group had been tracked by software company Symantec for the last two years and found to be behind six major attacks against governments, banks and other companies.

According to Symantec, over half of Hidden Lynx's targets were US based. The group had also attacked organisations in Taiwan, Germany, Russia and China.