Jon Ellch doesn't consider himself a bug hunter. The prolific wireless hacker -- best known by his hacker handle, "johnny cache," says there's really no money for legitimate researchers finding bugs, anyway.

Figure 1: Jon Ellch

"There's no money in it for a good guy, and I don't want to be a bad guy," says Ellch, 24. "It's an insulting amount of money for a good guy... Nowadays, if you sell something to ZDI [3Com's Zero Day Initiative] or iDefense, it basically comes out to pennies an hour. It's not worth it."

"There used be a skill level required, and the amount of money you were paid was on par with that," Ellch says. "But it's gotten so hard to find reliable exploits now, and the money you need [to compensate for it] hasn't gone up."

These laments come from a guy who has made a name for himself with some high-profile WiFi vulnerability discoveries, including the hotly contested demonstration of a bug in the "stock" Intel Airport wireless driver on a Mac and some wireless device driver vulnerabilities published in the Month of Kernel Bugs. Ellch has also developed several wireless hacking utilities, such as a popular fingerprinting tool that grabs details about a device driver. (See Month of Kernel Bugs Ends in Controversy, Broadcom's Buffer Problem, and New Tool Dusts for Fingerprints.)

Before Black Hat, Ellch had operated mostly under the radar in research circles. But he got a little more publicity than he bargained for when he and fellow researcher David Maynor, formerly of SecureWorks and now with Errata Security, demonstrated the Mac exploit at Black Hat in Las Vegas in August.

Ellch and Maynor were heavily criticized by some vocal Mac enthusiasts who challenged the validity of their demo, and things got ugly, and SecureWorks apparently tried to do a little damage control. (See Device Drivers at Risk and Startup to Take Measure of Security.)

"Unfortunately, it still isn't resolved. They are still going to be hashing that out for a while," he says.

His biggest regret, he says, is that he and Maynor didn't release an actual exploit of the wireless vulnerability. "We thought we were doing everyone a favor," he says. "That was the biggest mistake of my life, not handing out an exploit."

Ellch says his loudest critics didn't have the technical background to understand the hack. "If you don't have basic knowledge of the OSI network stack, you're not going to understand what I do," he says. "And I don't feel obligated to" teach them.

Has Ellch moved on, even with the vulnerability controversy still simmering? "I just don't care... I've published enough working exploits that I can own your damn wireless drive," he says with a laugh. "Anyone with a technical clue can figure out what really happened."

But he admits the incident stung. "At first, I was jaded and wanted to drop exploits on everyone," he says. "But since then, I've interfaced with Dell and Microsoft and realized that not everyone is bad and is going to screw you."

Meanwhile, Ellch is getting ready to make some steady money for his work. Unlike some famous hackers who drop out of school and go straight to work, Ellch is just now job-hunting. He just earned his Master's Degree in computer science, with an emphasis in -- you've got it -- security, from the Naval Postgraduate School in Monterey, Calif. He wrote his thesis on 802.11 and recently published a book called Hacking Exposed Wireless. (He won't say where he's leaning employment-wise.)

Johnny cache's first taste of technology was at age seven, playing with his dad's Commodore 64. And when he was 14, he asked for (and got) Red Hat 4.0 for Christmas. "I needed Linux to do some hacking." Ellch says his first successful hack was on his northwest Indiana high school computer system, and he did it for fun rather than to steal anything.

He attended North Central College and then Purdue, where he graduated with a degree in computer science. "I like school more than most people." But not because he could get an edge in technology: "I didn't learn shit about computers in undergrad," he says. "I just went with computer science to get through it."

His biggest challenge now, he says, is to constantly find something new and unique to hack. "That's why I delved into the kernel."

Oh -- and in case you're wondering, Ellch had no idea who Johnny Cash was when he chose his hacker persona as a teenager.

The name just sang to him.

— Kelly Jackson Higgins, Senior Editor, Dark Reading