Ethical hacking is done mainly to find security vulnerabilities of websites or servers with the permission of website owners or system administrators and responsibly disclose it back to them. Often, websites have bug bounty programmes which pay a reward for finding bugs within the scope of a program. Today, all top companies, such as Facebook, Google and Microsoft, have bug bounty programs and they often pay high rewards for finding critical vulnerabilities. Bug bounty programs allow ethical hackers to break into systems or servers legally.
Many a time, a huge number of critical bugs of high severity are found when a website launches a bug bounty program. So, imagine the condition of websites with no bug bounty programs; their security is in a very poor state. The best of bug bounty programs are where a pool of the best talents audits the server. Ethical hackers will not reveal any sensitive content without a company’s permission.
Very few Indian companies have bug bounty programs. Some of them are Flipkart, Paytm, Ola and Zomato. Of these, Zomato has a really well-managed program and offers big bounty to hackers with valid bugs. I’d found bugs in a few Indian sites earlier. But, although I notified them, they weren’t bothered at all about security, which is the sad reality of the security infrastructure in India. All private and government organizations should have a bug bounty program so that ethical hackers can protect the Indian cyber infrastructure.
Ethical hacking is still taboo in India. Some ethical hackers had claimed that Aadhaar data was being leaked from the servers. But, although they reported it to the government organization that manages it, they did not accept it and even filed a lawsuit against those ethical hackers. Happily, organizations outside India really welcome such findings. In fact, they support the researchers with rewards. India has a big pool of such talented hackers, but the government and large companies prefer to seek protection from outside India for their security.
Recently, the Prime Minister’s website was breached. This could have been avoided if the website had had some responsible disclosure policy. It is high time the government and private organizations in India applauded such researchers. Government cyber cells in India should cooperate with cyber security folks and use their skills in conducting investigations and solving cyber crimes.
With more and more devices getting connected to the Internet, the number of cyber attacks is increasing at an alarming rate. Nowadays, we are witnessing even large corporations getting breached. So, imagine how easy it would be for a hacker if he targets you? Your personal information is always at risk. And remember, whatever you expose on the Internet, stays there forever!
(Athul Jayaram is a consultant at one of the Big Four consulting organizations. He is a technology professional with a good knowledge of IT and cyber security. His key interests lie in web application penetration testing, mobile application penetration testing, server penetration testing and network security assessment. Athul is also acknowledged by Google, Microsoft, Sony, Intel, Nokia, Lenovo, Oracle, SAP, Yahoo and many other top organizations for having found critical security vulnerabilities.)
Disclaimer: The opinions expressed in this article are those of the author. They do not purport to reflect the opinions or views of the organisation itself.