College Student Got 15 Million Miles By Hacking United Airlines

An anonymous reader quotes a report from Fortune: University of Georgia Tech student Ryan Pickren used to get in trouble for hacking websites -- in 2015, he hacked his college's master calendar and almost spent 15 years in prison. But now he's being rewarded for his skills. Pickren participated in United Airlines' Bug Bounty Program and earned 15 million United miles. At two cents a mile, that's about $300,000 worth. United's white hat hacking program invites computer experts to legally hack their systems, paying up to one million United miles to hackers who can reveal security flaws. At that rate, we can presume Pickren reported as many as 15 severe bugs. The only drawback to all those free miles? Taxes. Having earned $300,000 of taxable income from the Bug Bounty Program, Pickren could owe the Internal Revenue Service tens of thousands of dollars. He's not keeping all of the, though: Pickren donated five million miles to Georgia Tech. The ultimate thank-you for not pressing charges last year. In May, certified ethical hackers at Offensi.com identified a bug allowing remote code execution on one of United Airlines' sites and were rewarded with 1,000,000 Mileage Plus air miles. Instead of accepting the award themselves, they decided to distribute their air miles among three charities.

I've seen this before

[Ol+Olsoc]

First prize is 15 million miles.

Second prize is 30 million miles.

Re:I've seen this before

[frank_adrian314159]

It is United, after all.

Re:I've seen this before

[pete6677]

It being United, I'm surprised they paid at all. They treated him WAY better than they do a paying customer who gets bumped from an overbooked flight.

Re:I've seen this before

[Joce640k]

Is it possible to even fly 15000000 miles in a single lifetime?

(and still have a proper life, I mean, not living in airports and eating airport food)

Re:I've seen this before

[TheRaven64]

Probably quite difficult. That said, miles probably don't mean what you think they mean. United has three categories of air miles:

• Lifetime flight miles are the total number of miles that you've flown. These count towards your million mile status (when you get enough in this category, you get status for life).
• Premiere qualifying miles. These are the number of miles that you've flow, with a few small tweaks, which count towards your premiere status for the next year (25K for silver, 50K for gold, and so on).
• Award miles. These expire if you don't fly with them for a while (18 months, I think), accumulate roughly in proportion to the number of dollars you spend with them (with a multiplier for your premiere status) and can be used to buy flights, upgrades, and so on.

I believe that this person was given 15 million award miles. That doesn't mean that he can use them to fly a million miles. For example, a transatlantic flight (around 2.5-6K miles, depending on the route) booked with award miles costs either 30K or 60K (depending on whether you want a guaranteed flight or a chance to be bumped). And you still need to pay airport taxes for the trip (likely around $100-150). If you want to upgrade to business class, I think it's another 20K miles and a $500 fee.

That said, 15M award miles is probably enough that he'd never need to pay full price for a flight ever again. It's enough for 125 transatlantic round trips, which is a lot more than most people take in a lifetime (though some people obviously do: you can spend all of those miles without reaching million miler status).

Re:I've seen this before

[jittles]

Probably quite difficult. That said, miles probably don't mean what you think they mean. United has three categories of air miles:

• Lifetime flight miles are the total number of miles that you've flown. These count towards your million mile status (when you get enough in this category, you get status for life).
• Premiere qualifying miles. These are the number of miles that you've flow, with a few small tweaks, which count towards your premiere status for the next year (25K for silver, 50K for gold, and so on).
• Award miles. These expire if you don't fly with them for a while (18 months, I think), accumulate roughly in proportion to the number of dollars you spend with them (with a multiplier for your premiere status) and can be used to buy flights, upgrades, and so on.

I believe that this person was given 15 million award miles. That doesn't mean that he can use them to fly a million miles. For example, a transatlantic flight (around 2.5-6K miles, depending on the route) booked with award miles costs either 30K or 60K (depending on whether you want a guaranteed flight or a chance to be bumped). And you still need to pay airport taxes for the trip (likely around $100-150). If you want to upgrade to business class, I think it's another 20K miles and a $500 fee.

That said, 15M award miles is probably enough that he'd never need to pay full price for a flight ever again. It's enough for 125 transatlantic round trips, which is a lot more than most people take in a lifetime (though some people obviously do: you can spend all of those miles without reaching million miler status).

They've definitely changed the way they allow you to use miles. I splurged on a 3 person trip to Europe, first class, and it cost me about $120 per person and around 300,000 miles total. That was in 2013. I was thinking about going to Australia for New Years and they wand 180,000 miles + $40 round trip in coach to Sydney. That's per person. The taxes and fees are surprisingly low but the mile cost is high. That being said, I had thought about going to Copenhagen with less than a month's notice and there was (surprisingly) a ton of reward seats left on the flight. $60 in taxes and 40k miles. I still haven't quite figured out how they value the miles now. It used to be a flat rate - 25k for domestic and 55k for international - assuming you got a reward seat and not a normal seat.

As for all the hate on United... well I think their service is definitely better in 2016 than it has been in the past and I get a free upgrade to economy plus at booking. I get upgraded to first class around 30-40% of the time so I am happy to stick with them even.

Re:I've seen this before

[Ol+Olsoc]

Probably quite difficult. That said, miles probably don't mean what you think they mean.

Too bad they don't use a points system instead of stealing an actual measurement which sortakinda seems like it applies to something that can be measured, like miles which is an actual distance that the trip takes, but doesn't mean a damn thing in truth.

Re:I've seen this before

[TheRaven64]

Without multipliers, the miles correspond to the number of miles that you've travelled. If you got one mile for every mile and one mile let you buy one mile of travel, you'd never pay after your first flight.

Re:I've seen this before

[Ol+Olsoc]

Without multipliers, the miles correspond to the number of miles that you've travelled. If you got one mile for every mile and one mile let you buy one mile of travel, you'd never pay after your first flight.

I think I'll add that to my rationale for a points system.

Re:I've seen this before

[sabt-pestnu]

You're saying:

First prize, they send you into space.
Second prize, they bring you back as well.

Georgia Institute of Technology

When I read "Georgia Tech University" I throw up in my mouth. It's the Georgia Institute of Technology.

Re:Georgia Institute of Technology

[shadoelord]

Came here to say the same thing. Georgia Institute of Technology you savages.

"University of Georgia Tech"?

Ah, c'mon, can't you tell the difference between the North Avenue Trade School and the "to heck with" one?

Oh Noes!!!!!!

[OzPeter]

You have to pay taxes on money you earn? Say it ain't so.

FFS Get out of the basement and explore the real world.

I knew a guy who said he'd happily pay a tax bill of (pinky finger to mouth) $1 Million dollars. Because that meant he had learnt a shitload more.

Re:Oh Noes!!!!!!

[OzPeter]

He earned miles, not money. Did you read the article?

yes .. and that is taxable income.

Re:Oh Noes!!!!!!

[BoogieChile]

So he's able to pay his tax bill with United Miles?

Re: Oh Noes!!!!!!

[corychristison]

The US tax system is fucked if they are considering consumer rewards points as taxable income.

Re:Oh Noes!!!!!!

[jezwel]

Came here to ask this exact question - IMO if the taxman is going to bill in $$$ for something earned in some other form, you should be able to pay your taxes in the same form you were paid.

Re:Oh Noes!!!!!!

[bungo]

Does anyone know how the donation would affect the tax?

If he owes 25% (or whatever the real rate is) in tax, and he donates 33%, does that count as a write off on the tax and therefore he wouldn't have to pay anything?

This would make the donation not totally altruistic.

Re:Oh Noes!!!!!!

[TheRaven64]

The US constitution requires that the government accept payment for taxes in US dollars, but it doesn't prohibit it from accepting them in another form. It's always possible that he might persuade the IRS to accept miles instead of dollars.

Re:Oh Noes!!!!!!

[hipp5]

And this is exactly what happened the first time Oprah gave away a car to everyone in the audience. All these poor people suddenly owed taxes on a $30,000 windfall, and many couldn't actually cover it. It future iterations of the giveaway Oprah learned her lesson and included payment of taxes as part of the prize. Of course, there's still the issue of insuring and doing repairs on a $30,000 car. Thankfully, here in Canada we're not taxed on winnings.

Re:Oh Noes!!!!!!

[parkinglot777]

He may or may not need to pay taxes depending on how they handle this transaction. The IRS FAQ said that usually the donor generally responds for the taxes, but in this case, it may not be so and he would have to pay taxes on the money's worth of the miles he received.

Re: Oh Noes!!!!!!

[operagost]

Yes, because they have value. All prizes are taxable income. That's why you hear so often of someone winning a house or car, and having to sell it because otherwise they'd be on the hook for taxes they can't afford. Some organizations now award some cash along with the grand prizes so that they can pay the tax.

I would prefer that there be some sort of deferral for X number of years, or when the prize is sold, for non-cash prizes. But who am I kidding? We really need to get rid of Federal direct taxes on income. There's your problem.

Re:Oh Noes!!!!!!

[operagost]

No donation you declare on your tax return is purely altruistic. In fact, some argue nothing is altruistic because it feels good to help. Those people are pretty frickin' cynical.

Re:Oh Noes!!!!!!

[Archangel+Michael]

Income taxes are some of the most regressive taxes. Period. Liberals love "Taxes" because they always want more (at least for the "rich") but the rich can avoid them, the poor don't pay them, and the middle class is stuck with them, and they are ever increasing.

Taxes, all of them, are regressive. Income taxes are some of the most regressive taxes available.

IMHO, if the value "earned" isn't something that has a regular (commodity) trade value, then it isn't "income" at all. Something that has no trade value at all (like Airline Miles) is of no use outside of flying that airline. You can't even use them on another airline, therefore it has not actual value (like a coupon).

Re: Oh Noes!!!!!!

[Archangel+Michael]

Do "Coupons" have value?

I would classify Promotional things like "airline miles" as nothing more than a coupon. I would love to see the IRS try and classify a Coupon as "income".

Re:Oh Noes!!!!!!

[Archangel+Michael]

It is kind of like the Clintions donating some large percentage of their "charity" to the Clinton Foundation, and getting a tax write off for essentially donating to themselves. Genius!

Re:Oh Noes!!!!!!

[Archangel+Michael]

It depends on the status of the winnings. If they were a "gift" you would be correct. However, since the miles were issued in response to "work", they can't be classified as a gift, but as income to the person who performed the work.

Re:Oh Noes!!!!!!

[Archangel+Michael]

Let's Analyze this for the lay folk ...

1) Ad Homenum logical fallacy.
2) Strawman logical Fallacy
3) Snarky Sarcastic comment, as if that makes their nonsense right. Period

Income taxes ARE regressive, even if they have a "Progressive" structure to them. The rich do not have ordinary income, and therefor do not pay them. The poor do not pay taxes, leaving the "middle class" stuck with the bulk of them. Progressive? Hardly.

Taxes, all of them, retard whatever is being taxed. In this case, we are retarding income. There are plenty of examples of people doing whatever it takes to NOT go into a higher tax bracket. And if you think that 35% - 39% tax rate isn't confiscatory, you're part of the problem. "Sorry, you make too much money (arbitrary argument) so we are punishing you with a higher tax bracket! You should thank us"

Actually, having studied Finance and Financial planning specifically, Capital Gains is not normal income, and can be largely avoided for long periods of time. Hence the Rich use this method to hide their wealth and its growth. That Million dollar painting, isn't just an art piece, it is a long term asset protection methodology.

So, my statement is 100% accurate, even if you want to deny it (without any evidence yourself). Taxes, all of them, are regressive. The rich can avoid them, the poor don't pay them. The Middle Class pays the bulk of them. So any "Tax increase" is just another attack on the Middle class by snobby socialists and liberals who think they know how to spend your money better than you do.

Lastly, Anonymous Cowards are more or less useless as an entire class of Slashdot commentators. There is no "history" to show how this particular AC thinks, so I only have this one post to go on. Meanwhile, you can visit my comment history to see my thoughts on just about everything, So, I suggest you go back, and find the posts where I prove that taxes, all of them, are regressive and see if you can't find the one that speaks of the Luxury tax Clinton (WJC) laid out, that nearly killed several industries, putting quite a number of workers out of jobs. Taxes do not occur in a vacuum, and the cause and effect results are always full of unintended consequences that Socialist and Liberals NEVER understand.

Re: Oh Noes!!!!!!

[corychristison]

Here in Canada they always expressly state "Non transferable. No cash value.", and voila, no taxes.

Re:Oh Noes!!!!!!

[Archangel+Michael]

You are "correct" for values of "income" that is taxed. The rich tend to not have "ordinary" income (Income tax purposes) and much of what they hold is in "Trusts" that are taxed differently.

All of which goes to what "definition" of is is. Income taxes are regressive, because the "Rich" do not have "income" the same way that I have income, and am taxed. They aren't paid out of a payroll, so all those additional payroll taxes aren't mentioned.

So, I stand on my case that taxes, all of them, are regressive. Just because you don't see it the way I do, doesn't mean I am wrong ;)

Certificate Program

[R3d+M3rcury]

[...] certified ethical hackers at Offensi.com [...]

Okay, who is the governing body that does this? Because I totally want a certificate that says that I am ethical.

Miles donation

[hcs_$reboot]

If instead of miles they get real money, would they donate that much of their rewards?

Re:"University of Georgia Tech"

[flopsquad]

... you mean Georgia Institute of Technology (Georgia Tech).

I know you're trying to be pedantic, AC, but TFS is referring to the actual University of Georgia Tech, in South Carolina.

Well if 15 years prison wasn't bad enough

[thegarbz]

I'm not quite sure what is worse, the threat of 15 years prison, or having to fly United.

From the summary...

[Dread_ed]

"He's not keeping all of the, though:"

Well, I either!

Basic math

[Sun]

paying up to one million United miles ... we can presume Pickren reported as many as 15 severe bugs

No. If each report earns up to 1 million miles, and Pickren got 15 mil, it means he reported at least 15 severe bugs.

Shachar

taxable income for limited miles? what next replay

[Joe_Dragon]

taxable income for limited miles? what next replays on pinball games count as income?

Summary correction

[Ubi_NL]

Hi did not spend 15 years in prison
FTFA:

A felony offense that's punishable by a maximum sentence of 15 years in prison and a $50,000 fine.
This explains why he was instead accepted into a pretrial diversion program. Should Pickren successfully complete the program, the felony charge will be dismissed

Re:taxable income for limited miles? what next rep

[Dog-Cow]

Can you transfer the retries to someone else, using a method other than leaving the machine?

I think he pretty much eliminated that tax issue.

[sabbede]

That's a $100,000 charitable donation. I'm not a CPA or tax lawyer, but I'm pretty sure that's a hefty write-off.

Re:It's Georgia Tech, not University of Georgia Te

[sabbede]

Consider your audience dude. I'm betting that football trivia isn't a strength of most slashdotters. For example, what's FSB?

Re:It's Georgia Tech, not University of Georgia Te

[sh00z]

Well, it's not FBS. I consider myself a decent nerd, but anyone who hasn't heard that since 2006, the former NCAA Division I-A and I-AA are now called the Football Bowl Subdivision (FBS) and Football Championship Subdivision (FCS), must have been living under a rock.

FSB-- Financial Stability Board? Front-side bus? Russia's Federal Security service (KGB successor)?

FFS, it's not "University" of Georgia Tech

[EmagGeek]

For crying out loud, you'd think Slashdot editors could get correct the name of a top 10 national engineering program.

It's "Georgia Tech," or "The Georgia Institute of Technology." It's not "Georgia Tech University," "University of Georgia Tech," "The University of Georgia at Atlanta," or "The Georgia Technological University."

Re:FFS, it's not "University" of Georgia Tech

[Shimbo]

For crying out loud, you'd think Slashdot editors could get correct the name of a top 10 national engineering program.

Well, you might have thought Fortune editors could get it right in the first place.

Re:I think he pretty much eliminated that tax issu

[BigDish]

That means he still has to pay income tax on $200,000

Re: Why no story on Tesla hack? 24 hours after

[sittingnut]

you are obviously wrong, since tesla had to patch it in a hurry.
https://it.slashdot.org/story/...

gp's point that /. pandered to tesla seems vindicated. editors here waited until tesla patched the vulnerability to even mention it.
when even drudge report linked to this tech story at least 36 hours before /. , we know /. is truly irrelevant.
in contrast to such interesting relevant news, we were treated to khan of londonistan's propaganda here.
shame! this was once a great site.

Re:It's Georgia Tech, not University of Georgia Te

[sabbede]

Don't knock it till you've tried it. Rocks make great insulators and don't wear out like roofs do.

Re:I think he pretty much eliminated that tax issu

[sabbede]

Well, I did say I wasn't an accountant...