Whatsapp founder and billionaire ex-hacker Jan Koum.
Long before he was the two-hundred-and-second richest person on the planet, Jan Koum was just another curious kid with a wardialer.
Koum, whose net worth suddenly jumped to $6.8 billion last month when his startup WhatsApp was acquired by Facebook, began his tech career as a teenage immigrant from Ukraine and fan of the 1995 film ‘Hackers.’ From the privacy of his Mountain View, Calif. bedroom, he’d use his wardialer—a machine that cycles through phone numbers, dialing them on a modem to find open connections—to probe the global Internet and explore faraway networks.
“The Internet was so insecure back then,” he told my colleague Parmy Olson during her reporting for Forbes’ recent cover story on Koum’s $19 billion dollar startup. “Servers on the fringes of the Internet with root accountand no passwords…The challenging part was finding these systems where you have to learn your way around. There were no manuals.”
Koum says his intentions were never malicious. He was careful not to delete anything and never participated in the distributed denial of service attacks that plagued websites in the late 90s by flooding them with junk traffic. “It was more curiosity, how can I figure it out, more of a challenge,” he says.
Once, Koum admits, he found his way onto the network of the computer graphics giant Silicon Graphics, a story that the 38-year-old CEO is careful to leave unfinished. “At some point I connected to the server,” he says. “And that’s as much as I’m going to say.”
Add Koum’s name to the growing list of ultra-successful entrepreneurs whose paths to billions started on the wilder side of the hacker frontier. In fact, founders of Apple AAPL -1.12%, Microsoft MSFT -0.53%, Facebook and Twitter all flirted with activities that might today be called illegal hacking before going on to found Silicon Valley’s most successful companies, a trend worth remembering as the tech world and Washington grapple over how to apply–or restrict–the controversial Computer Fraud and Abuse Act.
In the late 60s, a teenage Bill Gates and his Microsoft co-founder Paul Allen, for instance, were caught with unauthorized access to an administrator account at Computer Center Corporation and even rummaged through its Dumpster for printouts of source code, according to Allen’s memoir. In 2004, Zuckerberg used login records on TheFacebook.com to break into the email accounts of Harvard Crimson reporters, according to reporting by Business Insider’s Nicholas Carlson. Twitter co-founder Jack Dorsey got his first job by breaking into the network of the dispatch company he hoped would hire him to show the company its security vulnerabilities.
Jan Koum’s hacking adventures played a similar role in his unlikely rise from welfare to a top spot on the most recent Forbes billionaire list released earlier this month. Koum was a noted member of the 1990s hacker group w00w00, which also included Napster co-founder Sean Fanning and, occasionally Napster co-founder and Facebook investor Sean Parker. Gordon “Fyodor” Lyon remembers Koum as a vital contributor to the development of the Nmap security scanner, a tool used today by both attackers and defenders of networks to suss out vulnerabilities. “He was particularly helpful in training Nmap to recognize FreeBSD machines,” Lyon writes to me in an email, referring to a common open-source operating system. “We lived nearby and used to hang out from time to time. This tremendous WhatsApp success truly could not have happened to a nicer person!”
When Koum was working at Yahoo! years later, it was the same w00w00 crowd that he turned for advice in fending off an unprecedented denial of service attack hitting the company’s websites, according to Reuters’ Joseph Menn. And when his startup WhatsApp was acquired for a shocking $19 billion dollars in February, the same group of hackers assembled for a spontaneous celebration, Menn reports.
Career paths like Koum’s should be taken as evidence of how prosecuting harmless young hackers under the Computer Fraud and Abuse Act can hamper innovation, says Hanni Fakhoury, an attorney with the Electronic Frontier Foundation. “[The CFAA] is definitely creating a chilling effect on researchers, tinkerers and innovators,” says Fakhoury. “At the EFF, we get phone calls weekly from researchers who have an idea, have done some preliminary testing, and want to look deeper but are worried about CFAA liability. The volume of those calls has gone up.”
Fakhoury points to the case of Aaron Swartz, the coding prodigy, activist and early employee of the social news site Reddit. Swartz was prosecuted under the CFAA in 2011 after using an automated script to download millions of files from the academic journal website JSTOR. Facing seven-figure legal bills and decades in prison, the 26-year-old committed suicide. His story is told in asoon-to-be-released documentary titled “The Internet’s Own Boy.”
“Zuckerberg, Steve Jobs, Bill Gates, Wozniak, Paul Allen, all have told stories or written in autobiographies about how when were younger they engaged in legally questionable activities, and how they used those mostly harmless experiences to create the biggest tech companies in the world,” says Fakhoury. “They were fortunate that they were spared the fate of Aaron Swartz.”
No one, perhaps, has better captured the importance of hacker experimentation for innovation better than the late Steve Jobs, who once partnered with Apple co-founder Steve Wozniak to sell “Blue Boxes,” tools that skirted the phone companies’ security measures to allow free calls. “If it hadn’t been for the Blue Boxes,” Jobs told his biographer Walter Isaacson before his death, “There would have been no Apple.”
And if there had been no wardialer, there may have never been Whatsapp.
Here’s the full list of the world’s richest former hackers.
Long before he was the world’s richest man, Bill Gates focused his obsessive personality instead on merely gaining access to precious time on expensive late-60s era computers. In Microsoft co-founder Paul Allen’s memoir, he describes how Gates got access to an administrator password at Seattle’s Computer Center Corporation (which they called C-Cubed), and accessed an encrypted file containing users’ account information. They hoped to use it for free access, but instead were caught and kicked out of C-Cubed. (Photo by Ed Kashi/Liaison)
Andy Greenberg and Parmy Olson