Epiphanies A chat with the friendly co-founder of HackerOne, Jobert Abma

Cover Image - Epiphanies

How do creatives know what they're good at? When do they find out? And when they know, what happens next? In this series, Epiphanies, we explore those questions...

Hacking has always had a certain mystique. Whereas the first hackers are now the founding pioneers of the world wide web (shout out to Tim Berners-Lee), over the years, the general opinion about it has turned: hackers are viewed as criminals who are out to steal your data. But in fact there are some very friendly hackers out there who still work according to the same principles as the ones that built our beloved internet. One of these is young Jobert Abma, hacker and co-founder of HackerOne.

What did you want to be when you grew up?

I grew up with my best friend, Michiel Prins, who is also one of the co-founders of HackerOne. My dad was into carpentry so we spent a lot of time in his garage. One of our neighbors had a lot of broken electronics for some reason, and he just kept bringing them to my dad’s garage.

We usually took them apart to see how they worked and if we could fix them. I think building things made us realize that we liked to do technical stuff; it was always about breaking things, taking them apart and then putting them back together.

One of the most interesting things we ever took apart were two walky-talkies. I mean there’s not a lot inside a walky-talky, but it was almost impossible to understand for us – especially as six-year olds – how could two devices could talk to each other even though they’re not physically connected?

That kind of thing intrigued us, and helped create that curiosity that you need to eventually become an engineer or a hacker.

When did you realize you wanted to become a hacker?

So flash forward to when we were 11, Michiel’s nephew sent us a CD of a piece of software called Visual Basic. Visual Basic is almost like a drag and drop tool to create software.

We went to the library where Michiel’s mum worked and got this 600-page book about Visual Basic. We just started typing out the examples in that book and see if we could get them to work ourselves.

During the course of the next two years, most of our spare time was spent building stuff, for software applications and also on the internet. The internet was so cool; you had those weird tones when you dialled in, and after that you could basically access whatever you wanted. We discovered how we could develop a website.

This is I think was our epiphany moment: whenever one of us built something, it was usually the other one that broke it. We always found ways around the security that we built in, and we always told each other about that. That made us realize that we were better at finding those problems than actually writing programs.

This was in the time when hacking was frowned upon, so you could not say to someone, “Hey I just hacked your company and this is what I found.” You would get prosecuted. It was kind of scary, but because we had the two of us, and we knew how to write code, we actually created a digital playground for ourselves where we could still hack stuff, but in a way that was not illegal.

How did you help change people’s attitudes to hacking?

This is kind of funny. When we were 17, both our parents received letters from our ISP (internet service provider). It basically said, “Hey we noticed some weird traffic coming from your internet connection, you probably have a virus on your computer. “ But both of our parents knew what we were doing, and they were like, “Nah that’s not a virus, we have a kid.”

They said to us why don’t you start a company and then charge people money for finding vulnerabilities in their software? So we went to the chamber of commerce in Groningen with our dads, and we started a company called Online24. You could basically hire us to hack your systems and we would write a report about what we found. But as you can imagine there’s not a single company that is going to contract two 17-year-olds to hack their systems, right?

Eventually we came up with this challenge: if we couldn’t find a vulnerability in your site in 30 minutes, we would buy your entire company cake. If we did find something, then we wanted to have a meeting. We never bought anyone cake.

It was pretty bold, but people liked it. They started to recognize the value of what we could deliver. So at age 19 we were contracted by organizations like the Dutch government, banks and some smaller companies.

Illustration by Jordy van den Nieuwendijk
Illustration by Jordy van den Nieuwendijk

Your parents totally understood it, but do you have issues explaining what you do to other people?

I would start by saying that there are a lot of people in this world that want to do good. Hacking has this negative sound to it – hackers usually break things. However, the hackers that we deal with are people that have the best intentions and the only thing they want is for a company to fix a security vulnerability.

There’s a difference between hackers and criminals. You can use hacking in order to achieve something. We try to get back the positive meaning of the verb “hacking.”

Now that you are a co-founder of a company, do you still get to hack?

I still hack. The HackerOne’s culture is all about a connection to our community. In my mind, the best way to do that is to be one of them. I still try to find as many bugs as possible, and then use that to educate other hackers to show them different techniques that they could use.

What project would you love to work on in the next couple of years?

What I think is critical to the growth of the internet is that if we don’t make security more open, we could actually slow down innovation.

It is amazing that we now have autonomous cars like Tesla driving around on the streets, but if even one person finds a security vulnerability in a Tesla and then steers all of them to the left, then people will say, “See, we cannot connect everything to the internet.”

We want to make everything regarding internet security as accessible as possible. Given the fact that there are so many people with good intentions on this planet, we should keep stimulating innovation and make the internet more secure.