half of last year than any other researchers.
Indians outnumbered all other bug hunters on HackerOne, another registry of around 100,000 hackers. One anonymous Indian hacker — “Geekboy” — has found more than 700 vulnerabilities for companies like Yahoo, Uber and Rockstar Games.
Most are young “techies”, software engineers swelling the ranks of India’s US$154 billion (RM677 billion) IT outsourcing sector whose skill set makes them uniquely gifted at cracking cyber systems.
“People who build software in many cases also understand how it can be broken,” said HackerOne co-founder Michiel Prins.
But while technology behemoths and multinationals are increasingly reliant on this worldclass hacking talent, just a handful of Indian firms run bug bounty programmes.
Information volunteered by these cyber Samaritans is often treated with indifference or suspicion.
Anand Prakash, a 23-year-old security engineer who has earned US$350,000 in bug bounties, said Facebook replied almost immediately when he notified them of a glitch allowing him to post from anyone’s account.
“But here in India, the email is ignored most of the time,” Prakash said in Bangalore where he runs his own cyber security firm AppSecure India.
“I have experienced situations many times where I have a threatening email from a legal team saying, ‘What are you doing hacking into our site?’”
Sajnani, who has hacked around a dozen Indian companies, said he was once offered a reward by a company that dropped off the radar once the bugs were fixed.
“Not getting properly acknowledged, or companies not showing any gratitude after you tried to help them, that is very annoying,” the 21-year-old said in Ahmedabad, where he hunts for software glitches in between his computer engineering studies.
An unwillingness to engage its homegrown hackers has backfired spectacularly for a number of Indian startups, forcing a longoverdue rethink of attitudes toward cyber security.
In 2015, Uber-rival Ola launched what it called a “first of its kind” bounty programme in India after hackers repeatedly exposed vulnerabilities in the hugely-popular app.
This month Zomato, a food and should kill ourselves.”
The girls were scared and moved to the back of the train while a stranger jumped to help.
“My friend and I were going to get off the train and then we restaurant guide operating in 23 countries, suffered an embarrassing breach when a hacker stole 17 million user records from its supposedly secure database.
The hacker “nclay” threatened to sell the information unless Zomato, valued at hundreds of millions of dollars, offered bug hunters more than just certificates of appreciation for their honesty.
“If they were paying money to the good guys, maybe ‘nclay’ would have reported the vulnerability and made the money the right way,” Waqas Amir, founder of cyber security website HackRead, said.
The incident was especially galling for Prakash.
He had hacked Zomato’s database just two years earlier, and said if they listened to him then “they would never have been breached in 2017”.
The Zomato hack, and panic surrounding this month’s global WannaCry cyber attack, comes as the Indian government aggressively denies suggestions its massive biometric identification programme is susceptible to leaks.
The government has staunchly defended its “Aadhaar” programme, which stores the fingerprints and iris scans of more than one billion Indians on a national database, and has accused those who have raised concerns of illegal hacking. AFP turned around while they were fighting and he just started stabbing people and it was just blood everywhere and we just started running for our lives,” Mangum said. AP
A woman and her stepdaughter building a memorial to victims who were stabbed to death in a train in Oregon recently .
Ethical hackers (from left) Rohit Raj, Anand Prakash and Shashank, who run Appsecure India in Bangalore, India, say their skills and altruism are often distrusted in their country.