safe, “unconnected” neighbor.!4? The heat transfer had a simple message: Nothing is safe. Why put such effort, worthy of the deepest physics problems, into the challenge of sneaking into a cellphone undetected? Well, for Seaborn and Dullien, the drive was part of a “discover and publish” effort to keep the overall system clean. It is better to hack, discover and patch than to be hacked, and remain undiscovered. But these “good guy” engineers are racing against different, equivalently sophisticated, less- decently inspired teams. The development and sale of zero-day bugs is, after all, a business. Modern versions of Cap’n Crunch whistles crack access to some of the most essential financial, political and security data stores on the planet. As the power and value of hacking targets has increased, so has the price of the exploits. Public “zero day markets” sponsored by companies like Google and Microsoft pay hundreds of thousands of dollars to researchers who discover holes in their systems. “Better to find them ourselves,” the thinking goes. Though that does not always make the embarrassment less acute when holes are spotted. At one of the most carefully watched public hacking competitions in early 2015, for instance, a skinny, smiling South Korean named Jung Hoon Lee took home $225,000 in prize money by pwning a series of some of the most important, common programs on the planet, Apple’s web browser Safari and Google’s Chrome among them. These systems had been constructed at the cost of hundreds of millions of dollars. They‘d been assembled under the gaze of some of the best PhD-led computer scientists in the world. Jung Hoon Lee’s exploits ran through their complete defenses in less than a minute. 144 As good and fast as someone like Lee might be, he’s nothing compared to what the best hackers do. They don’t work in public or compete in hotel ballrooms. They don’t brag. And they develop ideas that make $225,000 look like a bargain. These successors to the Warez Dude