Microsoft awards $100,000 bug bounty to British hacker

A British hacker has been awarded $100,000 (£62,760) by Microsoft after finding loopholes in the Redmond-based company’s operating system that would leave it open to cyber-attacks.

Head of vulnerability research at Context Information Security, James Forshaw, is a white-hat; someone who hacks companies’ security systems in return for a reward. Working from the London-based consulting firm, Forshaw hacked into Microsoft’s operating systems in such a way that, if he were launching a malicious cyber-attack, he would have compromised all software running on Microsoft platforms.

Katie Moussouris, the senior security strategist at Microsoft Security Response Centres, also wrote in a blog post that Forshaw received a further $9,400 (£5,899) for identifying security glitches in a preview release of Internet Explorer 11.

The vulnerabilities he discovered are so serious that the multinational corporation refuses to reveal specific details of the hack until all its software has been updated. What is clear is that what Forshaw found has allowed Microsoft to start engineering defences against an entire class of attacks.

Microsoft’s reward programme was revealed in June when the tech giant announced that it, and other technology heavyweights such as Google and Mozilla, would offer up to $11,000 for any critical vulnerabilities discovered in the Internet Explorer 11 beta and up to $100,000 for any technique that bypassed Windows’ built-in exploit mitigation schemes.

The cash-prize that Forshaw won is the first to be awarded, and interestingly, he has decided to give the majority of his payout to his employers. Context Information Security provides advice on hacking to public sector organisations – including the Ministry of Defence – as part of the Government’s UK Cyber Security Strategy.