This 23-Year-Old Indian Hacker Is Raking in Big Bucks Finding Bugs

Ethical hacking is no new concept and India has seen a breed of such young enthusiasts in the past. What has changed is the money that comes with it as cyber attacks on businesses across industries have grown multi-fold in the era of digital transformation. Meet 23-year-old Shivam Vashist from north India, a hacker associated with San Francisco-based HackerOne which is a vulnerability coordination and bug bounty platform and boasts of clients like Starbucks, Instagram, Goldman Sachs, Twitter, Zomato, and OnePlus.

Better known by his profile Bull (@v0sx9b) on Twitter, Vashist is a full-time hacker who reportedly makes over $125,000 (roughly Rs. 88.94 lakhs) in a year by finding bugs.

Over the past few years, he has taught his brother the ropes of hacking, helped his father retire with peace and took family on sightseeing tours across the world.

"On average, I am spending about 15 hours a week hacking. However, it varies from time to time, depending on my schedule. Some days, I might be working on something for days continuously, while at other times, I may not be hacking for weeks," said Vashist.

In the Asia-Pacific region, the number of hacker-powered security programmes has grown by 30 percent year on year.

Hackers in the US earned 19 percent of all bounties last year, with India at second spot with 10 percent.

"In fact, HackerOne's 'Hacker-Powered Security Report 2019' shows that $2,336,024 (roughly Rs. 16.62 crores) of the bounties awarded in 2018 went to the ethical hacker community in India," said Vashist.

He started learning more about computers and the ethical hacking world when he was 19.

The family was worried in the beginning.

"However, they came to understand what I was doing over time, and know that an ethical hacker is completely legal, and a viable career. Since then, they have been very supportive," he added.

He earned his first bounty at age 20 from InstaCart, and then MasterCard.

"It was an incredible feeling, I couldn't believe I did it! The rush it gave me left me sleepless for days," said Vashist.

In August, HackerOne revealed that hackers earned $21 million (roughly Rs. 149.42 crores) in just a year reporting vulnerabilities via various bug bounty opportunities as governments' efforts to fix malware increased a whopping 214 percent globally.

Food delivery platform Zomato has paid more than $100,000 (over Rs 70 lakhs) to 435 hackers till date for finding and fixing bugs on its platform.

OnePlus announced this week that it had set up a Security Response Centre that would offer a bug bounty to security experts, who discover and report on potential threats to the company's systems. Rewards for qualifying bugs reports will be in the $50-$7,000 range.

"Hacking gives me a high when I am able to think of creative ways to tackle the challenges and discover vulnerabilities that no one has yet found," said Vashist.

"A bug bounty programme is one of the best ways to do security. The sheer reach of the talent pool of hackers from all over the world is so powerful. I feel that every company should consider having a bug bounty programme in place," he added.

Apple has opened a bug bounty programme for security researchers wherein it will pay between $100,000 to $1 million for finding bugs.

According to Vashist, India is on the digital path but computer security does not get nearly enough attention and there are probably a lot of vulnerabilities in our systems that are left unchecked.

"More cybersecurity awareness is needed. More education about security solutions and reaching out to the community of ethical hackers might be one of the ways to help," he added.

There are only a few companies in India that have a bug bounty programme right now.

"I do foresee that the adoption rate will increase in the coming years," the young hacker said.

OnePlus Unveils New Bug Bounty Programme, Partners With HackerOne to Increase Security Efforts

Facebook, Instagram Apps on Google Play Store Vulnerable: Check Point

Chrome, Edge, Safari Hacked at China's Security-Focussed Event, Tianfu Cup