Feedback
Tech

Study Reveals the Age, Nationality, and Motivation of Hackers

The word "hacker" may conjure up images of shadowy figures up to no good, but many people with the skill use their abilities for the better by participating in bug bounty programs.

A new report from HackerOne, a company that helps connect businesses with hackers who can expose vulnerabilities in their systems, is painting a new portrait of who the typical hacker really is.

It's probably not news that the typical hacker is male and under the age of 34 — but nationalities and motivations for hacking may come as a surprise.

Hispanic security guard watching monitors in control room
Erik Isakson / Getty Images/Blend Images

The company's "2016 Bug Bounty Hacker Report" surveyed 617 hackers who had submitted at least one vulnerability through HackerOne and found that while many do it for money, fun is also a motivator.

According to the report, 72 percent of respondents said they hack for money, but 70 percent agreed they do it for fun, and 66 percent said they thrived on the challenge.

More than half of those surveyed, 51 percent, also said they hack "to do good in the world."

Hackers also hailed from more than 70 countries, with India, the United States, and Russia having the most concentration of hackers.

For 17 percent, hacking was their sole source of income, while 26 percent reported that at least three-quarters of their income comes from bug bounty programs.

The typical hacker, about half of those surveyed, reported making under $20,000 from programs, while the most skilled hackers reported making as much as $350,000.

The survey also highlighted the gender gap in hacking, with just 2 percent of respondents identifying as female.

Bug bounty programs are seeping into the mainstream. Apple announced last month it would start offering up to $200,000 to hackers who can find software flaws in its products, joining the ranks of hundreds of companies who offer financial compensation for bug-busting.

The first program of this kind was deployed by Netscape in 1995; since then, Microsoft, Tesla, and Google have all introduced bucks-for-bugs programs. Facebook has so far paid out more than $4.3 million to researchers since it started its program in 2011.

Read More: A Behind-the-Scenes Look at Hackers Who Get Paid to Find Bugs