KEY POINTS:
Boredom and a desire to do good led Auckland software engineer Beau Butler to expose a flaw that kept Microsoft security teams in the United States from their Thanksgiving dinners.
Mr Butler made international news this week when it was revealed that he had discovered a design flaw in Windows that leaves millions of computers worldwide vulnerable to hijacking by cyber criminals.
In New Zealand alone, at least 160,000 computers are exposed to the flaw, which allows hackers to infect large numbers of PCs with viruses or steal data and passwords from the computers in a single go.
Microsoft experts in the US and Australia have been working around the clock to fix the problem, including over the Thanksgiving holiday, and hope to have it solved by Tuesday.
They were thrown into a panic after Mr Butler told the Kiwicon hacker conference in Wellington about the flaw and his discovery was reported in Australia's Age newspaper on Monday.
Microsoft confirmed to the Age that the flaw was serious and asked it not to publish details, fearing that they could be used by cyber criminals.
Mr Butler told the Weekend Herald he had tried to contact Microsoft himself when he discovered the flaw, but received no reply and therefore thought the company was aware of the problem, or that it was not major.
The 29-year-old had suspected such a flaw existed and one bored Sunday in June did some research on web encyclopaedia Wikipedia.
It told him the flaw had been exploited in Britain in 2005, when a hacker used it to divert computers to an auction website, but that Microsoft had solved the problem.
"For a laugh", Mr Butler registered a domain name to test whether the flaw still existed, expecting only a couple of hits a day from computers operating on older software.
Over six hours, the domain received three to five hits a second, including from corporate websites.
"It made me feel kind of scared. I thought they [Microsoft] need to know about this."
Mr Butler is what is known in the computer world as an ethical hacker, or someone who tests the security of cyber systems for ethical purposes.
"I'm a very karmic person," he said. "I'm a great believer innot screwing people over."
In his case, he does ethical hacking as a hobby, working during the day as a software engineer and consultant for IT firm Asterisk, and, for the past few months, dedicating weekends to monitoring his domain testing the flaw.
It is the first time he has exposed a flaw at international level and he said he did the monitoring out of concern for millions of computer users worldwide.
"They [computer companies] don't have a bounty system. There's nomonetary gain. I'm just tryingto do the right thing."
Microsoft has been in constant contact with him while trying to fix the problem, and although the exposure has not made him rich, it has "opened up some possibilities" for work.
Mr Butler sees a fine line between ethical and illegal hackers, with police yesterday revealing that an 18-year-old Waikato man is the alleged leader of an international cyber-crime ring responsible for major illegal hacks.
"There's really no difference," Mr Butler said. "It's just motivation. Your skill set's the same."
Instead, Mr Butler is one of a new breed of hackers making a name for themselves for the right reasons.
The country's young ethical hackers are now employed by many large overseas corporates and, says Mr Butler, "have a lot of kudos on the world stage".
"New Zealand is renowned for having a lot of MacGyvers - people who can make stuff out of number eight wire and string. That works really well with hacking. They're just really good at that stuff. It's something that makes New Zealand look really good."
ETHICAL HACKERS
* Test the security of computer systems for ethical or employment reasons.
* Act alone to alert companies or organisations of flaws in systems, or are employed by companies or organisations to secure systems and make them hacker-proof.
* Ethical hackers use the same methods as illegal hackers to penetrate systems, but their hacking is not illegal if authorised.
* Also known as white hat hackers, as opposed to black hat hackers, who hack for malicious or criminal purposes.
