There is speculation that World War III will take place over computers. Well, it is true that the Internet has simplified our life, but we tend to skip the threat of data breach hanging like a sword all over our heads. A data breach can happen through bugs or by hackers.
In 2018, the world’s largest social media company, Facebook, was hacked, exposing the personal information of 50 million users.
The attackers exploited a feature in Facebook’s code to gain access to user accounts and potentially take control of them.
It is at this time “ethical hackers” with their creative minds help companies to retrieve the stolen data and ensure that no such hacks happen.
“It is difficult to understand the mindset of hackers,” says Anand Prakash, a renowned ethical hacker from India.
Anand has been scouring security loopholes on various websites.
Table of Contents
From Phishing To Finding Bugs
His hunt for the bugs started in 2013 when he spotted a security flaw on Facebook. He was awarded US$ 150 for spotting the bug.
“That was the first time I was rewarded for my work. Before this I used to do my work for free or for a certificate,” adds Anand.
As of now, Anand has been rewarded more than Rs 3 crore for informing major MNCs about the bugs.
“It all started in 2009-2010 when Orkut was dominating the social media platforms. I was challenged by my friend to hack into his account, which I did after following steps on how to hack an account,” Anand shares going down the memory lane.
“It was not even hacking, it was basically phishing,” Anand corrects himself.
Anand has played an important role in protecting our Facebook accounts in 2016. He pointed out a bug with which one can easily take control of any Facebook accounts.
He discovered that Facebook had left out rate limiting on their ‘forgot password’ endpoints on beta.facebook.com and mbasic.beta.facebook.com. This particular bug took him just 15-20 minutes to discover, and he was paid $15,000 for the disclosure.
He also discovered a bug on Facebook through which he could have posted through anybody’s Facebook timeline including its founder – Mark Zuckerberg. He was also rewarded US$ 12,500.
Anand has not only found bugs on Facebook, but also on most widely used cab aggregator – Uber, microblogging site – Twitter, and dating app – Tinder.
On Uber, he spotted a bug through which he could have got infinite free rides. He has also earned massive payouts from Twitter and Tinder.
“I generally focus on these websites because they are mostly used and they are already secured. It always becomes a challenge for me to find a bug,” Anand explains.
Facebook and Twitter are one of the most hacked social networking websites in the world.
India’s Cybersecurity
India is no foreign to cyber attacks. In 2019 itself more than 300,000 cyber-security incidents were reported in 2019 – a steep increase from 50,362 incidents in 2016.
In the same year, hackers managed to broke into a leading healthcare website and stole 68 lakh records of doctors and patients. There was also a cyber-attack on a nuclear power plant, raising a serious question on India’s cybersecurity.
“No organisation or government agency can claim that they are 100 per cent cyber secured,” informs Anand.
“However, what a company or a government body can do is to be more careful and cautious about the online data,” Anand says, “The government should hire more ethical hackers and not rely on traditional tools to safeguard its citizens’ data.”
According to Anand, the government should also introduce cybersecurity classes in engineering courses to invite more aspirant hackers to learn the intricacies of hacking as they will help the country during the cyber attacks.
Throwing light on Aadhaar he says that the government has deployed enough cybersecurity measures to protect data of millions. However, he says that there is still room for improvement.
Touching on India’s booming startup, he says that companies have started investing heavily on their cybersecurity. “Five years back, I had reported a bug, they would have ignored it. But now, the equation has changed drastically,” says Anand. However, he points out still there are companies who still needs to beef up their firewalls and protect the data.
Currently, Anand is a founder of Appsecure, a company that provides end to end security solutions to keep your business safe and secure.
“I would recommend them to start focusing on one or two coding languages. People have a misconception that hacking is difficult. It is not. They should learn about basic security loopholes. The best part is all this information is available on the Internet,” Anand concludes when asked on one “mantra” that he would like to share to aspirant ethical hackers.