If a virus is added to your mobile, your mobile can be operated 24 hours a day anywhere. It can also know what is going on in your mobile and can turn on the microphone and camera in your phone when the hacker wants it, without you even knowing it.
.
These are the words of Nikhil Srivastava, India's biggest hacker, revealing the shocking secrets of the world of hacking. A hacker? What is Hacking? Stealing people's data? To blackmail? No, this brother is an 'ethical hacker'. This hacker will save you from becoming a victim of hacking. The reason behind hacking is a bug in the software. Simply put, a bug is any loophole for a hacker to enter. This ethical hacker will hack only for the owner and after finding the bug will tell you that you fix this bug otherwise your software can be hacked in this way. For this he who also gets a reward of lakhs of rupees from that company. This is called 'Bug Bounty'. Nikhil Srivastava has been doing this for years, earning money by writing bug bounties. From Google to Microsoft, all the companies of the country and the world are calling him for bug bounty. But how to get this bug bounty? What can a hacker do? What should you do to avoid hackers? How many bugs are there in our security? And most importantly, how safe are we in this age of 'digital arrest' and cyber fraud? 'Frontpage Insights' talked to Nikhil Srivastava to clear all those questions. So let's take a peek into the world of hacking.
When did hacking for the first time after college Nikhil is basically a Rajasthani native. But father was in Madhya Pradesh Forest Department. While brother's interest was already in computer, i.e. he did computer engineering and got a job in Ahmedabad. New city, new job means house or nothing, so started living in PG. India's biggest hacker was born here. It was 10-12 years ago. Then there was no free Wi-Fi facility like now. Even if someone had Wi-Fi somewhere, it was called Oho. Wi-Fi in Nikhil's house next to PG. Nikhil says, 'That was the beginning of the digital world, so people used to keep their passwords very regular. As I did not have to pay for the internet, I hacked the WiFi of the neighboring PG. Do you know? How many movies have we downloaded? That uncle got a bill of ₹75,000 a month! But that was the first hacking, after that I got interested in hacking, kept learning new things and now I am here.'
Google, Microsoft found bugs for all How to enter the bug bounty? Nikhil says, 'When I started hacking, I was just doing small hacks, then I came to know that there is a thing called Big Bounty. After researching and seeing everything, it was fun, I got interested and decided to bring it and try it once. Learned for some time and then started. In a short time, even for many big companies like Google, Microsoft, they started doing bug bounties and started receiving huge payments. Then it was believed that there is nothing wrong in making this a career. This can earn good money. That's it, I've been doing bug bounty full time since then.'
Entire bank empty in one click! Nikhil continues, 'I've been doing bug bounties for the last 10 years and… now I'm the number one hacker in all of India. Before that, in 2016, I was one of the top 100 researchers of Microsoft worldwide. I have worked with every major company in the world, US, UK, Singapore. You just have to find a bug for them and they will pay you. The first amount I got when I filed a first time bug report was $100 (approx ₹8400). It was my lowest payment ever. If you talk about the biggest bug I found, I did a bug report to a bank, it cost me something like 30 thousand dollars (approx. ₹ 25,31,300). At that time, all the banks were using a common software and due to that bug, a master hacker could loot a lot of money from the bank if he wanted. It took hours to find that bug, but when it was found, the payoff was huge.'
Ahmedabad – Hacker's hangout Which city will have the highest number of hackers in India? Nikhil says, 'Where we are sitting. Ahmedabad is currently the hacking hub in India. There will be at least 300 hackers in Ahmedabad right now. About 1000 if we talk about Gujarat. Learning hacking is also a bit difficult, not everyone can do it. Second, not every hacker is necessarily doing bug bounties.'
Collected all the hackers from all over the world Nikhil is the founder of 'Beside Ahmedabad'. Talking about it, he says, 'In 2019, we started 'Beside Ahmedabad' to create a community of hackers. Which is currently the largest community of hackers in India. If we go to any country outside the US etc, there must be a community of hackers, but here in India there was nothing like that. We do one program a year for Beside Ahmedabad. In which we are calling all the big hackers of the whole country and the world, CTOs of big companies, armymen or government officials who are involved in cyber security. All of them have different hacking programs and lessons. Everyone helps each other for security improvement, hackathons are held, panel discussions are held. The result is that even if everyone is a master here, they get to learn something. Know what is going on in the market right now, all over the world.'
'Satellites can be hacked while sitting here' Come on, you must have heard a lot about mobile hacking and software hacking, but do you know? Even satellites floating in space can be hacked while sitting here! Just this year, in the program we did in Beside Ahmedabad, we invited a guy from Poland, who is the biggest satellite hacker. He explained everything about satellite hacking. Along with this, as I told you, we are also calling the government officials, so this time the officers of ISRO were also with us. A hacker from Poland explained all the points of satellite hacking and asked ISRO to take care, if there is any mistake in your software, correct it. Otherwise even ISRO's satellite can be hacked.'
Do you also want to do a bug bounty? How are bug bounties done? What is the process of your work? How do you find work? Nikhil started talking about his field, 'There are many platforms for bug bounty like Hacker One, Scenec, Bug Crowd. If you want to do a bug bounty you should be onboarded on all these platforms. In which a legal signature is obtained from you that you will legally hack the company's system. You should find the bug from the company and tell the company. The company should determine from the bug how much damage could be caused due to this bug. From that, the company itself pays you. It is their barrier, so much so. If those people become more happy, also give a lot of bonus. I have worked everywhere outside India where there are big companies. Worked in US, Europe, Germany, Singapore, many countries. I have found bugs for many companies in many countries.'
Even in hacking, the more speed, the more money How can anyone find a bug? Nikhil says, 'First of all you have to get knowledge of all these fields. You have to learn from programs like OWASP (Open Web Application Security), since. Apart from this, you will get all the knowledge from 'Hacker's Handbook'. After learning all this you become perfect then go to a platform like 'hack the box' and go there and develop your skills further. After doing this you can do real bug bounty. When a bug bounty is activated, not one or two, but 100-200 hackers are sitting together. It may happen that all of those hackers find the same bug, or 100 out of 100 find different bugs. If the same bug is found by two hackers at the same time, the first one to inform about the bug gets the payment. So there is a rule of bug bounty that you should have speed. If your speed drops, someone else will take the money.'
What if someone blackmails you by finding a bug? How do companies make bug bounties? Explaining this, Nikhil says, 'This works in two ways, first the company calls all the hackers themselves or you come and find the bug. Whoever finds the bug, you get money according to the bug. Alternatively, you should have the company hire a platform like 'Hack the Box' as a mediator, and the platform coordinates with all the hackers to issue bug bounties. If the company does the personalization then there is often a chance of blackmailing, but if you have gone through the platform then those people call all the well-known and trustworthy hackers, but if anything happens, the platform faces them with all responsibility. So this way is safer.'
'There is no such thing as privacy anymore' Recently there was a dialogue in a web series, 'Privacy is a Myth'. There is no such thing as privacy anymore, is it true? Hacker Nikhil says, 'Yes absolutely. That's how it is. Now, if you go to any app, you give all your data there. You never know what happens to your data. It could be that your data is being sold somewhere on the dark web. And in our country, there is no such rule that if someone sells data, he will be punished. Secondly, it is difficult to determine which app is secure.'
Digital gangsters market What exactly is the dark web? Can anyone access? Hacker Nikhil explains about the dark web and says, 'The dark web is a platform. There is a gray area, a different web address for it, a different browser. Everything is underground. All illegal activities take place there. Data exchange, crypto buy and sell all happen there. As for access, if you have even a little digital knowledge, you can do it easily. Now go to Google and search how to open this website, it also teaches you step by step.'
Stupidity gives way to a hacker Talking about the recent years, cyber frauds have increased a lot. What is the reason behind this? Nikhilbhai says, 'There is no awareness among people. If you have seen, fraudsters also make targets by looking at age and area. As such, it makes the elderly, children, women more targets. Because those people become easy targets. There are many cyber crime awareness programs to protect people from all these things. But people don't want awareness either. People don't go there either. People do not want to advance.'
Be careful to avoid hacking or fraudWhat should people do to avoid all this? Nikhil says, 'Cyber police runs many programs for this. Go there, because any new fraud that comes in the market, they will warn you from the beginning. If you know the modus operandi of the fraud then you will not get trapped. Apart from that, one should also have a sense of humor. Do not give anyone access to your phone. Think twice before clicking anywhere. Also think when giving a password somewhere. Now it was new that by scanning the QR code all your data will be lost, by scanning the QR a Website will be opened and if you enter in that website then that website will be accessed on your mobile and everything is open on the mobile, so your All the data!'
Ads will start coming on whatever you sayMany times it has also been felt that if we are talking about something, after a while ads related to that subject will start coming in social media. Are all our conversations being detected? Explaining this, Nikhil says, 'The reason is that all the apps on your mobile are running in the background and your data is being analysed. All your activities, your mood are analyzed and ads are shown to you accordingly.'
Someone else can operate your entire mobile 'Besides, someone can keep an eye on you. For example, if a virus like Trojan horse is added to your mobile, your mobile can be operated 24 hours a day. It can also know what is going on in your mobile and when the hacker wants to turn on the microphone and camera in your phone, you don't even know and all the data is reaching him from your mobile camera. Let him hear everything you say. What do you do on mobile? What do you type in mobile? Everything can be seen. And all this is hidden. You don't even know that someone is watching your phone.'
Image Credit: (Divya-Bhaskar): Images/graphics belong to (Divya-Bhaskar).
