How do you find hundreds of vulnerabilities hidden in millions of lines of firmware code?

When it comes to using computers to steal money, few can come close to matching the success of Russian hacker Evgeniy Bogachev.

The $3 million bounty the FBI has offered for Bogachev’s capture is larger than any that has ever been offered for a cybercriminal—but that sum represents only a tiny fraction of the money he has stolen through his botnet GameOver ZeuS.1 At its height in 2012 and 2013, GameOver ZeuS, or GOZ, comprised between 500,000 and 1 million compromised computers all over the world that Bogachev could control remotely. For years, Bogachev used these machines to spread malware that allowed him to steal banking credentials and perpetrate online extortion.2 No one knows exactly how much money Bogachev stole from his thousands of victims using GOZ, but the FBI conservatively estimates that it was well over $100 million.

Ken Thompson's "cc hack" - Presented in the journal, Communication of the ACM, Vol. 27, No. 8, August 1984, in a paper entitled "Reflections on Trusting Trust", Ken Thompson, co-author of UNIX, recounted a story of how he created a version of the C compiler that, when presented with the source code for the "login" program, would automatically compile in a backdoor to allow him entry to the system. This is only half the story, though. In order to hide this trojan horse, Ken also added to this version of "cc" the ability to recognize if it was recompiling itself to make sure that the newly compiled C compiler contained both the "login" backdoor, and the code to insert both trojans into a newly compiled C compiler. In this way, the source code for the C compiler would never show that these trojans existed.