ETH­I­CAL HACK­ERS

New Straits Times - - World -

half of last year than any other re­searchers.

In­di­ans out­num­bered all other bug hunters on Hack­erOne, an­other registry of around 100,000 hack­ers. One anony­mous In­dian hacker — “Geek­boy” — has found more than 700 vul­ner­a­bil­i­ties for com­pa­nies like Ya­hoo, Uber and Rock­star Games.

Most are young “techies”, soft­ware en­gi­neers swelling the ranks of In­dia’s US$154 bil­lion (RM677 bil­lion) IT out­sourc­ing sec­tor whose skill set makes them uniquely gifted at crack­ing cy­ber sys­tems.

“Peo­ple who build soft­ware in many cases also un­der­stand how it can be bro­ken,” said Hack­erOne co-founder Michiel Prins.

But while tech­nol­ogy be­he­moths and multi­na­tion­als are in­creas­ingly re­liant on this world­class hack­ing tal­ent, just a hand­ful of In­dian firms run bug bounty pro­grammes.

In­for­ma­tion vol­un­teered by these cy­ber Sa­mar­i­tans is of­ten treated with in­dif­fer­ence or sus­pi­cion.

Anand Prakash, a 23-year-old se­cu­rity en­gi­neer who has earned US$350,000 in bug boun­ties, said Facebook replied al­most im­me­di­ately when he no­ti­fied them of a glitch al­low­ing him to post from any­one’s ac­count.

“But here in In­dia, the email is ig­nored most of the time,” Prakash said in Ban­ga­lore where he runs his own cy­ber se­cu­rity firm Ap­pSe­cure In­dia.

“I have ex­pe­ri­enced sit­u­a­tions many times where I have a threat­en­ing email from a le­gal team say­ing, ‘What are you do­ing hack­ing into our site?’”

Sa­j­nani, who has hacked around a dozen In­dian com­pa­nies, said he was once of­fered a re­ward by a com­pany that dropped off the radar once the bugs were fixed.

“Not get­ting prop­erly ac­knowl­edged, or com­pa­nies not show­ing any grat­i­tude af­ter you tried to help them, that is very an­noy­ing,” the 21-year-old said in Ahmed­abad, where he hunts for soft­ware glitches in be­tween his com­puter en­gi­neer­ing stud­ies.

An un­will­ing­ness to en­gage its home­grown hack­ers has back­fired spec­tac­u­larly for a num­ber of In­dian star­tups, forc­ing a lon­gover­due re­think of at­ti­tudes to­ward cy­ber se­cu­rity.

In 2015, Uber-ri­val Ola launched what it called a “first of its kind” bounty pro­gramme in In­dia af­ter hack­ers re­peat­edly ex­posed vul­ner­a­bil­i­ties in the hugely-pop­u­lar app.

This month Zo­mato, a food and should kill our­selves.”

The girls were scared and moved to the back of the train while a stranger jumped to help.

“My friend and I were go­ing to get off the train and then we restau­rant guide op­er­at­ing in 23 coun­tries, suf­fered an em­bar­rass­ing breach when a hacker stole 17 mil­lion user records from its sup­pos­edly se­cure data­base.

The hacker “nclay” threat­ened to sell the in­for­ma­tion un­less Zo­mato, val­ued at hun­dreds of mil­lions of dol­lars, of­fered bug hunters more than just cer­tifi­cates of ap­pre­ci­a­tion for their hon­esty.

“If they were pay­ing money to the good guys, maybe ‘nclay’ would have re­ported the vul­ner­a­bil­ity and made the money the right way,” Waqas Amir, founder of cy­ber se­cu­rity web­site Hack­Read, said.

The in­ci­dent was es­pe­cially galling for Prakash.

He had hacked Zo­mato’s data­base just two years ear­lier, and said if they lis­tened to him then “they would never have been breached in 2017”.

The Zo­mato hack, and panic sur­round­ing this month’s global Wan­naCry cy­ber at­tack, comes as the In­dian gov­ern­ment ag­gres­sively de­nies sug­ges­tions its mas­sive bio­met­ric iden­ti­fi­ca­tion pro­gramme is sus­cep­ti­ble to leaks.

The gov­ern­ment has staunchly de­fended its “Aad­haar” pro­gramme, which stores the fin­ger­prints and iris scans of more than one bil­lion In­di­ans on a na­tional data­base, and has ac­cused those who have raised con­cerns of il­le­gal hack­ing. AFP turned around while they were fight­ing and he just started stab­bing peo­ple and it was just blood ev­ery­where and we just started run­ning for our lives,” Mangum said. AP

AP PIC

A woman and her step­daugh­ter build­ing a me­mo­rial to vic­tims who were stabbed to death in a train in Ore­gon re­cently .

AFP PIC

Eth­i­cal hack­ers (from left) Ro­hit Raj, Anand Prakash and Shashank, who run Ap­pse­cure In­dia in Ban­ga­lore, In­dia, say their skills and al­tru­ism are of­ten dis­trusted in their coun­try.

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.