Jack Cable was a high school sophomore and skilled computer programmer when he figured out how to withdraw money from other people’s accounts on a Bitcoin website.
Instead of helping himself, Cable reported his findings to the company, which ran a bug bounty program that pays a reward to hackers who report tech vulnerabilities.
Now the recent New Trier grad is an internationally known ethical hacker, hired by companies around the world to detect vulnerabilities in their websites and other applications.
“I love the challenge and impact,” Cable said during an interview at Glencoe Roast Coffee.
Discovering these tech vulnerabilities requires persistent creativity and “thinking out of the box,” he says. The intellectual challenge coupled with the ability “to improve the security of the world, one bug at a time,” makes hacking worthwhile and gratifying, he told me.
Cable placed first at last year’s Hack the Air Force bug-bounty program sponsored by the Pentagon.
It recruited hackers like Cable to pinpoint security holes. The program paid $130,000 for the 207 vulnerabilities that were discovered.
Cable discovered 30, including an open administration panel on one of the Air Force’s websites that would have allowed malicious hackers to infiltrate and possibly steal user credentials or distribute malware.
Bug-bounty programs have taken Cable all over the world, including to a competition in Ukraine, where he was presented the first-place award by Apple co-founder Steve Wozniak. Last month, Cable competed in Amsterdam, targeting Dropbox.
HackerOne, an organizer of bug bounty programs, recently ranked Cable 5th among the best hackers in the world.
During the past two years, the Chicago-area teen has juggled work and math team at New Trier as well as math and computer science classes at Northwestern University.
In between, he found time to hunt for vulnerabilities in hacking projects with Uber, Salesforce and Yahoo, among others. Often he’s doing it while sitting on his couch with his dog, Macy, close by.
Cable has earned enough to help pay for his way to college—he’s headed to Stanford.
Companies pay rewards that range in amount to hackers to break into their systems. Uber, for example, offers a $500 minimum bounty, ranging up to $10,000 depending on a vulnerability’s severity.
This summer, Cable will intern for a few weeks at Uptake, the data analytics company founded by Brad Keywell.
“Jack has a great deal of curiosity and has honed technical skills beyond his age,” says Nick Percoco, Uptake’s chief security officer.
For the rest of the summer Cable will intern at the Defense Digital Service agency at the Pentagon. He’ll work with the team that introduced the Hack the Pentagon program.
He’s entering the field at a time of heightened concern about security. The U.S. Department of Homeland Security just unveiled a new strategy to reduce vulnerabilities and there’s growing concern about security in the 2018 U.S. midterm congressional elections. Cable has a bring-it-on attitude and sees bug-bounty programs as a government necessity to prevent breaches and “expose flaws that previous reviews missed.”
He also gives props to companies like Facebook, which has come under scrutiny for its data-sharing tactics, for its “extensive” bug bounty programs and efforts to engage the community. “It’s one of the most proactive companies from a security perspective,” says Cable.