The recent ransomware cyber-attack which targeted a series of large corporations and multinationals on a global scale has increased the focus on the issue of cybersecurity. India is home to an army of ‘ethical hackers’ who earn vast sums of money protecting foreign corporations and global technology leaders from cyber-attacks. However, at home in India these hackers are largely ignored – which poses the question is their unique skillset misunderstood or distrusted?
One ethical hacker, Kanishk Sajnani disclosed that he informed a major Indian airline that he was able to penetrate their website and could subsequently book flights to anywhere he wanted in the world for free. You would imagine the company in question would’ve expressed their gratitude to the hacker for highlighting the glaring ease at which he was able to infiltrate their system. However, Mr. Sajnani didn’t even receive so much as a thank you for his efforts.
India produces more ethical hackers than anywhere else in the world. The definition of an ethical hacker is that they break into computer networks to expose rather than exploit weaknesses in systems. The latest figures released from Bug-Crowd, which is a global hacking network indicate that Indians raked in the most ‘bug-bounties’ – which are rewards paid by multinationals for flagging security loopholes.
Social networking colossus Facebook has long utilized this pool of hacking talent – and in fact paid more to India researchers in the first half of 2016 than any other researchers. So who are these ‘ethical hackers’? Most are described as young ‘techies’ – software engineers swelling the ranks of India’s lucrative $154 billion IT outsourcing sector whose skill set makes them uniquely gifted at cracking cyber systems.
However, whilst major technology firms all over the world adopt a policy which incentivizes these hackers and in many ways have become reliant on their world-class hacking talent – only a handful of Indian firms run bug-bounty programs. The general consensus amongst companies in India- seem to be that information volunteered by these ethical hackers is often treated with indifference and suspicion from the tech sector in the country.
Anand Prakash, runs his own cyber security firm called App-Secure in India, and the 23-year-old security engineer/entrepreneur has earned a cool $350,000 in bug-bounties. In one instance he said Facebook replied almost instantaneously when he notified them of a glitch. But here in India, he says 9 times out of 10 his e-mails are ignored. In fact when he does receive a response it’s usually from legal representatives of the company in question enquiring as to why he hacked into their system.
Sajnani, who has hacked around a dozen Indian companies, said he was once offered a reward by a company that dropped off the radar once the bugs were fixed."Not getting properly acknowledged, or companies not showing any gratitude after you tried to help them, that is very annoying," the 21-year-old told AFP from Ahmedabad, where he hunts for software glitches in between his computer engineering studies.