New Delhi: Kanishk Sajnani did not receive so much as a thank you from a major Indian airline when he contacted them with alarming news—he had hacked their website and could book flights anywhere in the world for free.
It was a familiar tale for India’s army of “ethical hackers”, who earn millions protecting foreign corporations and global tech giants from cyber attacks but are largely ignored at home, their skills and altruism misunderstood or distrusted. India produces more ethical hackers—those who break into computer networks to expose, rather than exploit, weaknesses—than anywhere else in the world.
The latest data from BugCrowd, a global hacking network, showed Indians raked in the most “bug bounties”—rewards for red-flagging security loopholes.
Facebook, which has long tapped hacker talent, paid more to Indian researchers in the first half of 2016 than any other researchers. Indians outnumbered all other bug hunters on HackerOne, another registry of around 100,000 hackers. One anonymous Indian hacker—“Geekboy”—has found more than 700 vulnerabilities for companies like Yahoo, Uber and Rockstar Games.
Most are young “techies”—software engineers swelling the ranks of India’s $154-billion IT outsourcing sector whose skill set makes them uniquely gifted at cracking cyber systems.
“People who build software in many cases also understand how it can be broken,” HackerOne co-founder Michiel Prins told AFP by email.
But while technology behemoths and multinationals are increasingly reliant on this world-class hacking talent, just a handful of Indian firms run bug bounty programs.