Why Learning how to Hack can help you; A teenager Hacker tells his story
Shashank Kumar is a lanky college kid who wears a trademark casual T shirt and carries his Mac laptop to most places . He started hacking young. “When I was in Class 9 in Sainik School in Rajgir in Bihar, I joined a hackers group called Indishell . We called ourselves the India Cyber Army ( unofficial of course). We would spend all day online . After 26.11 we hacked Pakistani websites , changing the front page of the government websites to display the message, ‘What you did was wrong’, so when anyone logged on, all they would get were these words. “ he says
“Now I find that was actually stupid . We were not contributing anything to our country - instead we didn't have a life , our careers were ruined, we were very bad in studies” says Kumar, who then decided to quit hacking and start studying for engineering entrance exams instead .
But quitting hacking wasn't going to prove that simple . That year, 2012, the then 16 year old Shashank found himself in Delhi , attending engineering entrance exam coaching classes all day .The classes were boring. Things became worse, when he got jaundice and had to miss two months of classes. “I realized there was no way I would qualify for engineering at IIT. So I decided to switch back to hacking instead of preparing for engineering exams. I was living in Delhi those days as a paying guest. There was no one to monitor me , I stopped attending classes, and used to sit at the computer all day ,” says Kumar.
It was around this time that Kumar first heard of “bug bounty” programmes where companies like Google and Facebook paid hackers to discover vulnerabilities in their systems. By 2013, at the time of his class 12 board exams he had become a expert bug bounty hunter . But all that would soon end. Shashank did badly in class 12 with 69.7 per cent ; his grades didn't get him admission into any engineering college. So the boy was banished , minus his laptop, this time to Kota in Rajathan and 2014 became the year of wilderness. By the end of it he had redone his exams and this time gotten admission into Bachelor of Engineering program at the Vellore Institute of Technology .
And so it was that in May of 2015, nineteen year old Shashank Kumar wrote a letter to the head of Cobalt, the global community for security researchers, that runs bug bounty programs , where hackers all over the world are paid to discover flaws in websites . Shashank had once ranked in the top 10 . But not any more . “ You know my story “ he began. “I had to give up all hacking work for the last year “
That dictate had come from his parents . His father , a bank manager at Grameen Bank and his mother , a housewife , lived in Purnea in Bihar, wanted their son to study engineering at the prestigious Indian Institute of Technology . Spending days ( and nights ) on the computer , scanning systems and websites for vulnerabilities and reporting security bugs to websites like Facebook andblockchain.com was all very well . But was it a career ? Everybody who was anybody in Bihar and had kids who did well , made it to the IIT or to government service in the very prestigious Indian Adminstrative Service (IAS) Becoming a bug bounty hunter wasn't going to help either of these career paths .
Instead Shashank was enrolled at Vibrant Academy, a coaching institute in Kota in Rajasthan. It was a miserable one year . The town teemed with coaching institutes and all that the students did was attend classes that began as early as 6.30 am and went on till 10 at night . In between classes Shashank often got emails to take part in bug bounty programs . “ I could do nothing about them. That was a great opportunity I missed—2014 had a lot of bug bounty programmes, and I could have earned about `1.5 crore if I had worked that year” he says regretfully .
But he was determined to bounce back . “ Today I don’t have any rankings , but I know I could do ( the bug bounty programs) Give me a chance and you won’t regret it “ he continued in his letter to Cobalt . In response he received emails from Cobalt , with ‘invites ‘ to participate in a few bug bounty programs on Paypal and blockchain.com . Shashank did well . He was back !
A few months later , he was approached by online forex trading companybinary.com for security work. “In my first three months of work at Binary.com, I was able to identify, report , and fix 20-25 bugs in the Binary systems . Because of this the CEO was very happy with me and offered me a permanent job with them. In my summer holidays he invited me to go to Malaysia, where the office is , and work with the team. There after I completed my security work everyday, I was also able to sit with the front end developers and learn programming " says Shashank. He loves working at Binary . “You can do what you want in the office, go in whoever you want, leave when you want, as long as you get your work done “ he says .
Last year Shashank Kumar earned around Rs.6 lakh a year at Binary.com. In addition, he earned around Rs.10 lakh last year from different bug bounty programmes. He helped find a bug in Nokia , and was sent 4 Nokia Lumia phones in appreciation. He pays his college fees from his earnings, buys the occasional gadget and invests his savings in the equity market .
Shashank divides his time between engineering classes at Vellore Institute of technology (VIT) and his work . Class attendance is mandatory at VIT and Kumar spends his afternoons in class. Most days , by 6 PM , he is back at his 6th floor hostel room , having had tea and snacks, in the hostel mess on the ground floor. Then Kumar opens up his Mac laptop .
“I spend the first few hours before dinner on binary.com work . “ he explains. The work involves making security assessments of different parts of the trading platforms. Kumar also runs the firm’s bug bounty program . Kumar was thrilled at this opportunity. “I have worked as a bug bounty hunter for so long that it feels good to be on the other side, receiving reports of computer bugs from hackers,” he says. He is responsible for checking the authenticity and seriousness of each vulnerability that is reported.
After dinner at the mess in the hostel , Kumar resumes work on Binary matters . In between he may check his twitter feed . There is an article about a possible compromise of block chain registers , another on a vulnerability discovered by a group of hackers in Information technology company Cisco Systems .
He checks his mail and finds one from the Cobalt hacker platform , a personal invite to a select group of hackers to participate in a bug bounty program from Blockchain.
By then its 2.30 am now and Kumar is still at work. The campus is hushed , many students asleep, some still awake . The night canteen has closed early on at 12.30 pm. Kumar ransacks his supply of midnight snacks , takes a guava juice and some biscuits and resumes work. When he looks up next , its 4 am and time to sleep . He hasn't cracked the bug in Blockchain, that will require many days more of work, but eventually he will.
“Everything I learnt about hacking was by myself “ he says . “you have to google the right terms . Explore the common vulnerabilities in websites and how they can be bypassed as well as the fixes for these . There are thousands of articles on these subjects. As well as blogs written by ethical hackers on how they fixed certain bugs. As you go around around the internet you may go looking for one thing , but you end up learning about other things too “
An edited version of this appears at
http://www.livemint.com/Leisure/XCHxVbc3GoAuaqEGTlllbL/Get-a-Glimpse-Cybersecurity-experts.html
Credit: Sonya Choudhury Dutta
“Now I find that was actually stupid . We were not contributing anything to our country - instead we didn't have a life , our careers were ruined, we were very bad in studies” says Kumar, who then decided to quit hacking and start studying for engineering entrance exams instead .
But quitting hacking wasn't going to prove that simple . That year, 2012, the then 16 year old Shashank found himself in Delhi , attending engineering entrance exam coaching classes all day .The classes were boring. Things became worse, when he got jaundice and had to miss two months of classes. “I realized there was no way I would qualify for engineering at IIT. So I decided to switch back to hacking instead of preparing for engineering exams. I was living in Delhi those days as a paying guest. There was no one to monitor me , I stopped attending classes, and used to sit at the computer all day ,” says Kumar.
It was around this time that Kumar first heard of “bug bounty” programmes where companies like Google and Facebook paid hackers to discover vulnerabilities in their systems. By 2013, at the time of his class 12 board exams he had become a expert bug bounty hunter . But all that would soon end. Shashank did badly in class 12 with 69.7 per cent ; his grades didn't get him admission into any engineering college. So the boy was banished , minus his laptop, this time to Kota in Rajathan and 2014 became the year of wilderness. By the end of it he had redone his exams and this time gotten admission into Bachelor of Engineering program at the Vellore Institute of Technology .
And so it was that in May of 2015, nineteen year old Shashank Kumar wrote a letter to the head of Cobalt, the global community for security researchers, that runs bug bounty programs , where hackers all over the world are paid to discover flaws in websites . Shashank had once ranked in the top 10 . But not any more . “ You know my story “ he began. “I had to give up all hacking work for the last year “
That dictate had come from his parents . His father , a bank manager at Grameen Bank and his mother , a housewife , lived in Purnea in Bihar, wanted their son to study engineering at the prestigious Indian Institute of Technology . Spending days ( and nights ) on the computer , scanning systems and websites for vulnerabilities and reporting security bugs to websites like Facebook andblockchain.com was all very well . But was it a career ? Everybody who was anybody in Bihar and had kids who did well , made it to the IIT or to government service in the very prestigious Indian Adminstrative Service (IAS) Becoming a bug bounty hunter wasn't going to help either of these career paths .
Instead Shashank was enrolled at Vibrant Academy, a coaching institute in Kota in Rajasthan. It was a miserable one year . The town teemed with coaching institutes and all that the students did was attend classes that began as early as 6.30 am and went on till 10 at night . In between classes Shashank often got emails to take part in bug bounty programs . “ I could do nothing about them. That was a great opportunity I missed—2014 had a lot of bug bounty programmes, and I could have earned about `1.5 crore if I had worked that year” he says regretfully .
But he was determined to bounce back . “ Today I don’t have any rankings , but I know I could do ( the bug bounty programs) Give me a chance and you won’t regret it “ he continued in his letter to Cobalt . In response he received emails from Cobalt , with ‘invites ‘ to participate in a few bug bounty programs on Paypal and blockchain.com . Shashank did well . He was back !
A few months later , he was approached by online forex trading companybinary.com for security work. “In my first three months of work at Binary.com, I was able to identify, report , and fix 20-25 bugs in the Binary systems . Because of this the CEO was very happy with me and offered me a permanent job with them. In my summer holidays he invited me to go to Malaysia, where the office is , and work with the team. There after I completed my security work everyday, I was also able to sit with the front end developers and learn programming " says Shashank. He loves working at Binary . “You can do what you want in the office, go in whoever you want, leave when you want, as long as you get your work done “ he says .
Last year Shashank Kumar earned around Rs.6 lakh a year at Binary.com. In addition, he earned around Rs.10 lakh last year from different bug bounty programmes. He helped find a bug in Nokia , and was sent 4 Nokia Lumia phones in appreciation. He pays his college fees from his earnings, buys the occasional gadget and invests his savings in the equity market .
Shashank divides his time between engineering classes at Vellore Institute of technology (VIT) and his work . Class attendance is mandatory at VIT and Kumar spends his afternoons in class. Most days , by 6 PM , he is back at his 6th floor hostel room , having had tea and snacks, in the hostel mess on the ground floor. Then Kumar opens up his Mac laptop .
“I spend the first few hours before dinner on binary.com work . “ he explains. The work involves making security assessments of different parts of the trading platforms. Kumar also runs the firm’s bug bounty program . Kumar was thrilled at this opportunity. “I have worked as a bug bounty hunter for so long that it feels good to be on the other side, receiving reports of computer bugs from hackers,” he says. He is responsible for checking the authenticity and seriousness of each vulnerability that is reported.
After dinner at the mess in the hostel , Kumar resumes work on Binary matters . In between he may check his twitter feed . There is an article about a possible compromise of block chain registers , another on a vulnerability discovered by a group of hackers in Information technology company Cisco Systems .
He checks his mail and finds one from the Cobalt hacker platform , a personal invite to a select group of hackers to participate in a bug bounty program from Blockchain.
By then its 2.30 am now and Kumar is still at work. The campus is hushed , many students asleep, some still awake . The night canteen has closed early on at 12.30 pm. Kumar ransacks his supply of midnight snacks , takes a guava juice and some biscuits and resumes work. When he looks up next , its 4 am and time to sleep . He hasn't cracked the bug in Blockchain, that will require many days more of work, but eventually he will.
“Everything I learnt about hacking was by myself “ he says . “you have to google the right terms . Explore the common vulnerabilities in websites and how they can be bypassed as well as the fixes for these . There are thousands of articles on these subjects. As well as blogs written by ethical hackers on how they fixed certain bugs. As you go around around the internet you may go looking for one thing , but you end up learning about other things too “
An edited version of this appears at
http://www.livemint.com/Leisure/XCHxVbc3GoAuaqEGTlllbL/Get-a-Glimpse-Cybersecurity-experts.html
Credit: Sonya Choudhury Dutta
Why Learning how to Hack can help you; A teenager Hacker tells his story
Reviewed by Etornam
on
2:15:00 AM
Rating: