Tech wizards from India are earning millions by discovering security errors in Facebook and Google
You will be surprised to know that ethical hackers from small towns in India are protecting you from getting hacked by finding bugs in big tech websites like Google and Facebook. These unknown heroes are only known in the hacking circles but due to their bug discoveries you may have been safeguarded against a hack attack. Read about some of these bug finders in this article.
Brought up in a small town of Bhadra in western India, nobody expected that one day Anand Prakash would become a multimillionaire.
As a kid, Prakash chose to spend his free time playing computer games in cybercafes rather than playing cricket outdoors with the other boys his age.
While he has was still struggling to find a job at college that is when Prakash chanced upon Facebook’s bug bounty programme that rewards “whitehat” hackers, who test the website for bugs and help protect users’ data.
By testing websites like Facebook and Google for bugs, he has now earned more than 10 million Indian rupees (£112,000) by keeping millions of peoples’ personal data secure in the process.
Prakash, a self-taught computer whizz who learned about hacking by reading blogs and watching Youtube videos found his first bug easily. It allowed people to be discovered online after they had turned off their Facebook messenger service. He was paid 33,000 by Facebook for this discovery.
Prakash has since then reported more than 90 bugs to Facebook alone, and many more to companies including Google, Twitter, Adobe, eBay, Dropbox, Paypal and others.
Facebook paid him another 1 million rupees for finding one bug that allowed hackers to access any of the social networking giant’s 1.6 billion users’ information, which included messages, personal photos, debit and credit card information.
Although Prakash’s findings have made him a rupee millionaire, he says he has never done it for the money. “I’m interested in companies like Facebook and Google because those companies have the most data on individual users in the world.
“I do this work to protect data. If it were just for money I’d do it for companies with fewer users. I’m concerned about user privacy and I am a user myself. I care about keeping data safe.”
Bug bounty hunting is an emerging sport in developing countries like India. In 2015, Facebook received 13,233 submissions from 5,543 hackers from around the world, mainly from small towns in developing countries.
India, Egypt and Trinidad and Tobago, in that order submitted the most reports and the company says the quality of the information hackers provide gets more sophisticated every year.
A whitehat hacker from the small town of Gurdaspur in north India, Rahul Tyagi says many of his friends earn a decent living simply by hunting for bugs on websites such as Twitter and Facebook.
“They earn around 1-1.5 lakh rupees (£1000-1500) a month without leaving their bedrooms.”
To get a job in an expanding population of 1.25billion in India can be tough. Bounty-hunting schemes offer an easy way for young Internet enthusiasts to make a living.
Providing an explanation for the country’s large percentage of whitehat hackers, Tyagi says, “People are just sitting at home with nothing to do. They can’t get a job, so they learn this.”
Although Tyagi’s own motivations for hacking is little different. “It’s about getting an appreciation from the giants of the world,” he says. “Hacking requires a curious and creative mind. And you have to keep learning every day, because the technology is changing so quickly.”
Like many other big names on the Indian hacking scene, Tyagi comes from a modest background. “I was the first in my town to get a computer. I started on Windows 98.”
When he was a teenager, his knowledge of computers got him the reputation of a local techie.
“People used to invite me to their homes to install Windows XP. They’d give me food and sweets in exchange,” he says. “For them it was a big thing – that I knew so much about computers.”
Trying to get a game for PlayStation 1 to work on his computer, his first experiments with computer security was when he was just a child. “I was the only kid in the whole of Punjab who could do that at the time,” he says. “My first hacks were experimental. Curiosity kept me going.”
In the last few decades, Indian entrepreneurs and immigrants have been forerunners in the tech sector. However, no one saw India’s tech boom coming, as the country has a low computer literacy rate of less than 7%. Also, the country’s telecommunications infrastructure was weak and underdeveloped until recently.
Academics have quoted one explanation for India’s success in the IT sector, which is the government’s non-interventionist approach. Former IT minister Pramod Mahajan once said that “IT and beauty contests are the two areas the government has stayed out of.”
With some assistance from the government, India’s cyber security sector could grow even faster argues Prakash.
“The Indian government hasn’t understood how big our potential is when it comes to hacking. The most talented hackers are Indian, the highest number of bugs are reported from here. We need to cultivate that talent.”
Started as an ethical hacker, Trishneet Arora, a 22-year old hacker from the city of Ludhiana in northern India has made a successful cyber security business with his skills.
“Imagine having the power to hack into someone’s bank account and steal a million dollars,” he says. “And imagine saying no.”
Arora believes that the next world war will be won online, and India’s cyber security experts will have an important role to play.
He clarifies that hackers like him are finding new ways to keep patients safe, as hospital software is a particular vulnerability.
“In the ICU the technology [one hospital] was using was a cloud-based machine,” he explains. “I hacked it, I found vulnerability and I shut it down. The person on the operating table could have been killed, and you’d never be able to trace the killer.
“That’s the future of cyber attacks. They’ll breach our security, we’ll breach theirs,” he says. “Getting access to confidential information can destroy people’s’ lives.”
Source: The Guardian