Last month, Lu Juhui and Jun Mao opened their laptops in a nondescript conference room in Vancouver, and a 30-minute countdown timer was started. A few keyboard taps and one minute later the pair had hacked Adobe Reader, the PDF viewing software, and earned $22,500 apiece. They sat wondering what to do for the next 29 minutes.
Lu, 24, is a member of The Keen Team, China's most successful hacking collective. His Adobe exploit, performed in conjunction with Jun, a manager with technology firm Tencent, was just one of many lucrative hacks the team performed at the annual Hewlett-Packard-sponsored Pwn2Own hack contest, where a total of $557,500 was given out in hack prize money. It took them 30 seconds to hack Adobe Flash, a move that earned them $60,000. They also gained user privileges to Windows' font system, which got them another $25,000. Not bad for around three minutes' work.
Until recently, The Keen Team's members' names were not made public and I've been granted their first major English-language interview. But despite their air of mystery The Keen Team is not an underground or criminal organisation. Nor is it comprised of members of the Chinese government's hacking army, which was recently suspected of crippling anti-censorship site Greatfire.org and fortifying the Great Firewall to keep the likes of Facebook and Twitter outside China's borders.
Fully above-board and legal, The Keen Team is part of a growing cadre of security research groups hired by the world's biggest tech firms to find holes in their systems so they can be plugged before they sink. Others include China's 360Vulcan team, which hacked Internet Explorer at this year's Pwn2Own. Another is France's Vupen Security, which took home $400,000 for hacks in the 2014 contest.
"Anyone who succeeds at Pwn2Own displays not just a high level of skill but a lot of dedication," said internet security journalist Dennis Fisher, who runs security blog Threatpost.com and has seen The Keen Team in action first-hand. "Although the live attacks at Pwn2Own usually take about a minute or two, they're the end result of weeks or months of research and hard work.
"It has gotten more difficult to exploit the target browsers and applications in Pwn2Own recently as the vendors have added layers of defences and exploit mitigations that have defeated entire classes of bugs and attack techniques," Fisher added.
Despite this, to Shanghai-based The Keen Team and their rivals Pwn2Own was simply a fun trip, a chance to show off and get a bit of extra money on the side. "Put it this way," Lu told me, "competition prize money isn't our main income."
Three weeks after Pwn2Own, The Keen Team hosted a presentation in Beijing's Zhongguancun technology hub. Gathered at the top of a staircase overlooked by a pink sign reading 'Geek is the new sexy', the 100-strong audience was mainly made up of male students on internet-related courses. They all idolize the team.
"They're definitely the top guys in China," said Huming Ming, 23, an information security major student. "They are gifted and innovative. Unlike some hackers they are not looking to poke holes. They are looking to perfect innovations and push technology forward. They are the good guys."
The Keen Team's leader is Wang Qi, the 37 year-old CEO of the squad's parent company Keen Cloud Tech. "We call ourselves geeks, not hackers for the precise reason that we don't want people to think we're intruders looking to destroy," he said, addressing the crowd after being introduced to whoops and cheers.
He didn't look like a geek. Wang is a gently attractive man, with a jeans and hoodie combo and relaxed demeanor that's more Brooklyn start-up than Apple Store smuggery.
He talked about how since Edward Snowden's 2013 National Security Agency leaks we have been living in the "spring of information security." During this period The Keen Team has been hired by the likes of Microsoft, Tencent, and Google's global Project Zero security drive.
Although Wang wouldn't reveal details of the salaries he pays, his team's nonchalant attitude toward hack prize money suggested that they enjoy wages that could afford them the option to eat their dinners off MacBook Pros. He also talked of the challenges posed by being based in China, where the government blocks thousands of sites from public access.
He spoke about how Microsoft's Windows 8 was banned from government purchase lists in 2014 due to what Chinese state media said were security concerns related to foreign systems. Microsoft and Google are both clients of The Keen Team and are involved in GeekPwn, a competition for young hackers they organize.
"We were worried that a complete Microsoft ban would follow," Wang said. "If that happens, we're screwed. We would be sponsored by two foreign companies that aren't based in China, looking for candidates to spot bugs and holes in Chinese companies and systems. We would be seen as spies."
Wang was adamant that his hackers pay as close attention to moral codes as they do digital ones. In a climate where a layman's image of hacking swings between Keanu Reeves staring at lines of green numbers in a darkened bedroom and an army of North Koreans cyber-trawling the US for emails about Angelina Jolie, this is understandable.
"Some hackers spot vulnerabilities in programs then demand a price for the information from the company," he told me. "Then if the company can't give it to them they sell it to a competitor, who might use it to prove a program is unsafe. But we are here to make technology better, not to threaten it."
"You need proper nerds for this line of work: no friends, no life"
The Keen Team was founded in 2011 by Wang, who used to work for Microsoft. The standards required to gain a spot on the team are ridiculously high. "Higher than Microsoft's," said Wang. "Standards have to be that high because every computer or phone with an Android or Mac system is affected by our research results.
"Math is very, very important," he added. "Some members are winners of international math competitions. And we might pick one person from each of the top schools here in China. You need proper nerds for this line of work: no friends, no life. But first, we need to know your character and morality. You can't have used your talent to do bad things. If you have a stain on your past, we won't consider you."
Team members range in age from 20 to 40, and all of them are male. "Maybe it's because there aren't a lot of girls who love playing with hardware," said Wang. "And maybe they can't endure the loneliness."
Wang wasn't keen to give away details of The Keen Team's hacking methods, but explained that the main thrust is writing automated test programs to run systems through and find potential flaws. As Lu said, "It's not like we just scan endless codes and spot holes with our eyes."
But they still put the hours in. Lu said he works around 12 hours a day. Before the 2014 Pwn2Own competition, Keen Team member Chen Liang locked himself in a rented room for two months to remove all potential distractions while analyzing codes for Windows 8.1, Adobe Flash, and Apple's Safari Mac OS X Mavericks. It paid off: Chen hacked all three programs in less than 20 seconds each. "Chen likes that sort of style," said Lu. "But personally, I like working with people."
Like Wang, Lu was keen to underline the fact that he sits on the legit side of hacking, and that he was never tempted to go to the dark side. As Ken Westin, senior analyst at web security company Tripwire, told me, "Security research is misunderstood by the general population. When people see 'China' and 'hacking' in the same sentence they immediately think in adversarial terms. This is a big mistake."
Lu agreed. "Attack issues are quite rare now, and most of what still exists now is more on a government level," he said, adding that most "bad guys" concentrate on creating viruses since laws against personal account stealing were toughened in 2010. "Now bad hacker business is pretty low-level, like, tricking people and committing fraud or faking hits for websites."
It also seems a lot more fun being a legit hacker than a criminal one. With their logo-adorned fleeces and sweet, school mathletics-style gang name, a sense of gawky camaraderie as well as high moral standards defines The Keen Team.
"There's not much competition between the members and the team dynamic is definitely good," said Lu. "We're more competitive with the foreign teams, but we're still friends with them. Plus we don't depend on the competitions as our main source of income, so that limits the competitiveness."
"If you spot a vulnerability in a system companies will want to reward you," said Wang, who thinks the spring of corporate internet security is only going to get hotter as teams such as his continue to prove so effective for their clients. "The pay, yeah, it's pretty good." Certainly, it's likely that with these high-profile clients companies like Keen pay staff salaries higher than those of government internet security workers, highlighting another reason for high morale among the team.
"It is the fact that consumers and businesses are demanding more privacy and security in the products they buy that is driving much of the growth of the security market," Westin said. "The security industry has been screaming for years about serious vulnerabilities and now the boardroom and governments alike are finally listening."
So are The Keen Team's fanboys. Every student I spoke to, as the chattery audience filed out of the conference room, said they want to join a similar team as soon as they could, after graduation. "They have so much focus," Liu Chanh, 22, another internet security major student, told me. "They really want to solve problems and they don't stop until they are resolved. I'd love to lead my own team one day."
Maybe in a few years time it'll be Liu scooping up the cash piles for 30-second hacks of the world's most popular programs. Who knows where someone like Lu will be by then, when he's creeping into his late-20s. Perhaps the biggest hot tub in Shanghai wouldn't be a bad bet? By 2018 Apple should have perfected the fully waterproof MacBook Pro.
With additional reporting by Jiehao Chen.