India’s ethical hackers rewarded abroad, ignored at home
BANGALORE: Kanishk Sajnani did not receive so much as a thank you from a major Indian airline when he contacted them with alarming news — he had hacked their website and could book flights anywhere in the world for free.
It was a familiar tale for India’s army of “ethical hackers”, who earn millions protecting foreign corporations and global tech giants from cyber attacks but are largely ignored at home, their skills and altruism misunderstood or distrusted.
India produces more ethical hackers — those who break into computer networks to expose, rather than exploit, weaknesses — than anywhere else in the world.
The latest data from BugCrowd, a global hacking network, showed Indians raked in the most “bug bounties” — rewards for redflagging security loopholes.
Facebook, which has long tapped hacker talent, paid more to Indian researchers in the first half of 2016 than any other researchers.
Indians outnumbered all other bug hunters on HackerOne, another registry of around 100,000 hackers. One anonymous Indian hacker — “Geekboy” — has found more than 700 vulnerabilities for companies like Yahoo, Uber and Rockstar Games.
Most are young “techies” — software engineers swelling the ranks of India’s US$154-billion (RM662-billion) IT outsourcing sector whose skill set makes them uniquely gifted at cracking cyber systems.
“People who build software in many cases also understand how it can be broken,” HackerOne cofounder Michiel Prins told AFP by email.
But while technology behemoths and multinationals are increasingly reliant on this worldclass hacking talent, just a handful of Indian firms run bug bounty programs.
Information volunteered by these cyber samaritans is often treated with indifference or suspicion, hackers and tech industry observers told AFP.
Anand Prakash, a 23-year-old security engineer who has earned US$350,000 (RM1.5 million) in bug bounties, said Facebook replied almost immediately when he notified them of a glitch allowing him to post from anyone’s account.
“But here in India, the email is ignored most of the time,” Prakash told AFP from Bangalore where he runs his own cyber security firm AppSecure India.
“I have experienced situations many times where I have a threatening email from a legal team saying ‘What are you doing hacking into our site?’” — AFP
Ethical hackers Anand Prakash (centre), Shashank (right), and Rohit Raj, who run the Appsecure India Private Limited company, work on their computers in Bangalore. — AFP photo