‍

When the hit techno-thriller WarGames landed in movie theaters in 1983, depicting a terrifying scenario where a nerdy schoolboy hacks into the Pentagon’s computers and almost triggers a global thermonuclear war, a lot of children were fascinated by the potential of this new world of hacking. One of them was eight-year-old Katie Moussouris, and she went on to not just become a hacker herself, but lead enormous changes in the way the Pentagon secures its systems from cyber attackers. Now she’s fighting a different battle, helping women combat discrimination in the workplace and fighting for fair pay for all. 

The only winning move is to read the manual

Katie was born in Boston in 1975, and was given her first computer just one year after WarGames was released. Her parents had separated and her mother was poor, but she saved up enough money to purchase Katie a Commodore 64. Fortunately the C64 did not ship with any means of connecting to phone lines so young Katie was unable to hack the Pentagon at first. Indeed, she wasn’t able to do much at all, as the Commodore 64 only shipped with one game, and as Katie later described: “When I asked for more games for my C64, she told me to RTFM & handed me the BASIC book it came with.” This exhortation to RTFM (Read The F****** Manual) proved to be excellent parenting, and Katie swiftly developed her programming skills far beyond those needed to make 8-bit video games. Her coding talents took her to MIT and Harvard, where she ended up working on the Human Genome Project and as a systems administrator in some of the most prestigious computing labs on Earth, but those talents also took her to other, less legitimate networks.

‍

‍

Hacking in The L0pht 

Katie’s native Boston had been a hotbed of hacking activity since the early 1980s, thanks to the collective known as L0pht Heavy Industries. The L0pht gained worldwide notoriety In 1998 when several members testified to the first-ever Congress hearing on cybersecurity, claiming that the US government’s Internet security was so poor they would be able to “make the entire internet unusable” - including severing communications between vital US government networks - in just 30 minutes. This was not a threat, but a plea for improved vigilance; The L0pht had been trying to warn US government agencies of the fragility of their networks for some time, but their message largely fell on deaf ears, at least partly because the L0pht’s members - young men with long hair and dubious legal backgrounds going by pseudonyms such as ‘Kingpin’, ‘Mudge’, and ‘Space Rogue’ - were not perceived as legitimate experts on national security matters. 

The L0pht was unusual at the time because it existed in the physical world, as well as online, with one of the world’s first “hackerspaces”, a communal space where hackers could congregate. These were rare because so much of what hackers did was, at best, of questionable legality, but The L0pht provided a focal point for much of Boston’s nascent cybersecurity community. Although Katie was never an official L0pht member she worked closely with the collective and, after the L0pht was bought by the new cybersecurity startup @stake, she was asked to join the team and help the group as they strived to alert organizations to their many vulnerabilities.

‍

‍

Queen of the bug bounty hunters

Katie’s reputation as a cybersecurity expert grew rapidly and by 2007 she had joined Microsoft as a security strategist, quickly revolutionizing the way the Redmond firm responded to vulnerabilities in its programs. At the time, firms like Microsoft still had a largely adversarial attitude to hackers but Moussouris brought a new approach, instituting the firm’s first ‘bug bounty’ program. Hackers were encouraged to attack Microsoft’s systems and report vulnerabilities that they found, for which they would be paid a bounty. This was a radical departure and the impact was substantial: Microsoft had previously had a well-earned reputation as a fertile breeding ground for malware, browser exploits, and other security vulnerabilities but this was soon dispelled, in no small part thanks to Katie's innovative approach. Bug bounty programs are now a crucial part of Microsoft’s defenses, with the firm paying out over $13m to whitehat hackers in bounties in 2020 alone. 

‍

‍

Bug bounties were not a new idea; the first known example was announced in 1983 by developers of a niche operating system called Versatile Real-Time Executive (mainly notable as the OS that runs the Hubble Space Telescope). Katie’s innovation was to bring the concept of bug bounties to much larger organizations with much broader concerns. After Microsoft, she took the idea to the US Department of Defense and found a more ready ear than those who had ignored the warnings of her L0pht colleagues almost 20 years earlier. This led to the realization of a long-standing ambition in 2016 when Katie was finally able to Hack The Pentagon, albeit with their permission, as part of the US government’s first bug bounty program. The initiative was a resounding success, with the first vulnerability report submitted just 13 minutes after the program was launched, and 138 separate vulnerabilities uncovered and patched in total. Further bounty programs have followed, starting with Hack The Air Force, and building up to 2022’s Hack The US initiative, which has an extremely broad scope covering everything from the US Coast Guard to DARPA. 

‍

‍

Hacking the law

Katie started negotiations with the Pentagon about the bug bounty program in 2014 while she was still working at Microsoft, but she left the firm soon after under contentious circumstances, filing a class-action lawsuit making allegations about gender discrimination: poor pay, underpromotion, and sexual harrassment in the workplace. Her legal team collected 201 testimonies from Microsoft employees, but ultimately they were unable to persuade the courts that these testimonies were related incidents, and consequently the bid to bring a class action suit was rejected. 

This setback has not deterred Katie. “I will not live to see pay equity at the current trajectory,” Moussouris says, “and I found that to be unacceptable.”

With typical hacker adaptability, she is now trying a different approach, forming the Pay Equity Now Foundation, and donating $1m to Penn State Law - the largest donation in the school’s history - to create the Anuncia Donecia Songsong Manglona Lab for Gender and Economic Equity. The Manglona Lab seeks to hack the legal system by bringing lawsuits that not only fight for equal pay, but also change the legal precedents that currently make it difficult to protect women in US workplaces. The lab is named after her mother, whose excellent parenting decisions in the 1980s started her daughter down the path to True Superheroism, and who would no doubt approve of Katie’s career as a Pentagon hacker and champion of equal pay. 

‍