Meet Anand Prakash, one of India's best known 'white hat hackers'

At a time when the term 'hacker' is synonymous with digital pranksters, iCloud busters, and foreign spies (sometimes even affecting election results as certain Americans would claim), the story of Anand Prakash, a "white hat hacker" (ethical hacker), is refreshing.

Prakash, one of India's well-known hackers, is a bug bounty hunter i.e he finds security loopholes in websites and online applications, reports it to the concerned authority, and gets paid handsomely for it. The 23-year-old is essentially a one-man tech security help desk for some of the most powerful software companies in the world.

"Bug bounty hunting is a collaboration between ethical hackers and companies. These companies start a bug bounty hunting program where they say they will pay these hackers who report valid security loopholes," explains Prakash.

"For example, I found a bug in Twitter using which I could have tweeted from anyone's account without their username and password. So I reported the security bug to Twitter's security team and the team paid out for that bug," he adds.

In 2016, Prakash set up his own security auditing company called AppSecure India. The Bengaluru-based startup, which employs some India's best white-hat hackers, has already worked with multiple companies such as Flipkart, Paytm, etc., to find loopholes in their security system. Prakash's startup has also been listed on Facebook's "White Hat Bug Bounty Program" -- a list acknowledging users who have reported security vulnerabilities.

With India ushering in the digital revolution, from Digital India to Aadhaar to demonetisation, the importance of cyber security -- the need to have a stable and safe system -- has also grown tremendously. Yet, white hat hackers within the country, are yet to be taken seriously.

"If you find a bug in another country, they will recognise you and give you a bounty. The scene is different in India," says Prakash. "Most of the times, bounty hunters or ethical hackers are threatened with legal notices. So when we try to report a security bug leaking data of the company to the founder or the security team of the company, instead of recognising us, they try to threaten us."

Prakash, who featured in the 2017 Forbes 30-under-30 Asia list, believes the best way ahead is to tap into the immense potential that lies within the country, rather than curb these 'out-of-the-box' thinkers. "Instead of threatening these bounty hunters with legal notices, our companies and governments should collaborate with these ethical hackers or bounty hunters," he says.

With tech-related jobs harder to come by, it might be time for the technically gifted Indians to find alternate spaces in the industry. In cyber-security, Prakash has identified such a space where he believes India has a great potential to be a leading force. "All you require is a laptop, good internet and a cup of coffee to make millions," he concludes with a smile.


Updated Date: Feb 07, 2018 10:47 AM

Also See