One of the biggest advantages of living in the second most populous country is that one can find hidden talent everywhere. In today's Techie Tuesdays column, we are profiling Anand Prakash, a security engineer with Flipkart. Coming from Bhadra, a small town in Rajasthan, Anand did not think he would one day be paid to find loopholes in the systems of technology Goliaths of the world.
Anand got straight to work once he got his first computer in Class VIII. He first began finding ways to use his Internet connection for free. Whilst searching for various tricks,Anand stumbled upon one..By using specific settings he could use the Internet as much as he liked and not get charged for it. The ISP service he was using plugged this loophole after one year when a lot of people started exploiting it. This was just the beginning for Anand as he moved on to do bigger things and use Internet more responsibly.
While preparing for IIT entrance exams in Kota, Anand’s interest grew in computer science and he learnt to use different tools to intercept traffic and phishing.He executed these on his friends to test his learning and his interest grew with time.But this led to a slump in his studies. He could not clear the JEE examination and instead joined Vellore Institute of Technology for Computer Science Engineering.
Constant availability of Internet and books gave Anand the perfect environment to quench his thirst for knowledge. "I used to sit in library and listen in to WiFi connections. We had a limit of threeGB/month for every student. And since usernames and passwords were in plain text, I had ones for many accounts. People came to me for them when their data limit wasover.I never misused them though." Anand says.
Anand was always good at coding subjects, but wasn't good at those that involved writing in English. It was already third year and he started panicking about placements. He then came across the bug bounty programme on Facebook. Given his interest in discovering vulnerabilities, Anand thought if he was able to find bugs and win some bug bounty, it might help him get a job. He started reading up on bug bounty and went on to learn the tools of the trade.
Another trigger to get into bug bounty programme was the frustration Anand dealt with while tinkering with security tools. When it comes to network intrusion, most of the work is done by tools. The case with discovering vulnerabilities with web was entirely different.One had to think of different ways to tweak the input to figure out a loophole.
Anand got his first bug bounty to discover a way to find people online, despite the fact that they had turned off their chat. When Anand reported this to Facebook, he received his first bounty for USD 500. Soon, Anand got into it full time and started reporting a bug every now and then to Facebook. Over time he has reported several bugs and various vulnerabilities ranging from posting on a user's wall to several XSS attacks and deleting a user's content. So far, Anand has reported over 80 bugs on Facebook.
Being a hacker always draws curiosity from people. Some people think their only job is to attack sites and sell information. Though Anand has reported a lot of vulnerabilities to online sites, he also got an opportunity to help public directly. While at college,he interned with Cyber Crime Branch of Gurgaon police to nab cyber criminals. In his two months at the police headquarters in Gurgaon, Anand learnt enough to not touch any of the Indian companies, as cyber laws in India are still not favourable.Someone doing a vulnerability analysis on an Indian website without proper permission butwith good intent can be put behind bars.
In the last two years, Anand has discovered vulnerabilities in and has been acknowledged and rewarded by several big IT companies around the world including Facebook, Twitter, Google, RedHat, Dropbox, Adobe, eBay, Paypal, Coinbase, LaunchKey, Nokia, Mailchimp, ManageWP, Gliph, PikaPay, Bitmit, LocalBitcoins.com, Blackberry, SoundCloud, Angel.co, HackerOne, Active Prospect. Recently, he discovered a vulnerability on a food technology platform which exposed the data of over 62 million people. Anand reported the vulnerability and it was plugged soon after.
At present, Anand is ranked second in the world and holds first rank in India by Twitter for discovering the highest number of vulnerabilities on their platform. He also ranks fourth in the Facebook wall of fame 2015 for discovering most number of bugs on the site. Till date, Anand has earned over Rs 1.1 crore in bug bounties and his knack for discovering vulnerabilities led him to his current position with Flipkart.