How I became an ethical hacker

Blame it on superhit Hollywood films, hackers across the world have earned quite a reputation for themselves. But ethical hacker Anand Prakash is different. This 25-year-old founder of AppSecure, thinks movies and TV shows are a waste of time.

Tell us a bit about yourself. What attracted you to ethical hacking?

I’m from Bhadra, Rajasthan and live in Bangalore. I did my B. Tech in Computer Science from the prestigious Vellore Institute of Technology. My first hack was in 2008, when a friend challenged me to hack his Orkut profile. I didn’t have any technical knowledge at the time. I Googled, how to hack an Orkut account, and found 10 steps explaining phishing. I followed them and got into my friend’s account. That’s how I became interested in hacking. I also realised how important security is and what can happen if someone’s account is hacked. I decided to make my career in cybersecurity.

What was your first major hack?

My major hack was finding an issue in Facebook’s forgot password system, which would allow anyone to eventually access any of the platform’s two billion accounts. I reported it immediately and Facebook fixed it, apart from awarding me $15,000 for pointing out the vulnerability. It was a very simple hack.

Tell us about AppSecure.

I used to work at Flipkart as a security engineer and soon realised that most startups are not only vulnerable but also unsuccessful in securing client or customer data. I thought of launching my own company to help them detect and prevent data leaks, as well as guide their engineering teams from the get-go, which most security companies lack. So, I started AppSecure in 2016.

It’s a self-funded venture, and we now work with enterprises as well as startups to help them secure their digital presence. AppSecure does vulnerability assessment, penetration tests for mobiles, networks, and web applications and services using techniques I employ during bounty hunting on Facebook, Twitter, Uber, etc. It differs from traditional pen tests as we don’t limit ourselves to start/stop scans on company assets. AppSecure specialises in CMS Security, BlockChain Security and Social Engineering through our own developed platform.

How challenging is it to get clients on board?

One of our soon-to-be clients was very confident about the security of their applications. With permission, we were able to hack their systems in eight to 10 hours. Getting customers in the early days was very difficult because most companies were afraid of us, i.e. white hat hackers. But they soon understood how AppSecure can be beneficial to them in protecting their businesses and customer data from bad actors.

Now, we are growing on a very good scale and trying to secure more companies in addition to the 100-plus brands we brought on board within a year. AppSecure is counted among India’s top startups today.

In what ways do you fail as an ethical hacker?

Most of the time, when we discover a vulnerability in an organisation’s network or cyber presence, we report it ethically. But we have been threatened on many occasions with lawsuits. Some companies never respond to our messages too, which shows how their company is leaking user data.

How did your family react to your choice of profession?

In the initial days, my family was not aware of what I do. They knew I do something and Facebook pays me for it. They thought Facebook pays me for browsing their site! It was only when they read articles about me that they began to understand what I do and how it helps billions of people.

What is a typical day like?

I am mainly occupied in technical meetings or hacking most of the day with my customers. I have been working non-stop over the past seven years and still learning.

What are some of your favourite books and TV shows/movies and why?

The Hacker’s Handbook is one of my all-time favourites. I don’t watch TV shows or movies. They’re just a waste of time.

What are your short-term and long-term goals?

I currently rank among the world’s top hackers for Facebook, Twitter and Uber. My goal is to maintain my ranks on these platforms. In the long term, I want to grow AppSecure exponentially and secure as many enterprises as possible.

How do you keep your skills sharp? Do you practise every day, study new code, etc.?

Practising is the most important aspect of hacking. Without it, no one can discover a vulnerability with ease. To be good at hacking, you need to practise a lot and have patience. I sometimes spend up to two weeks to find just one vulnerability in major websites. I keep myself updated with new technologies by reading about them.

Who has helped you on this journey?

My wife Manisha, who is also a hacker, and my brother Sandeep are the only two people in my life who understand what I do. This has helped me a lot in my journey.