Ankit Singh from Uttar Pradesh is a self-taught ethical hacker and bug bounty hunter, who has identified security threats for several tech giants like Apple, Twitter and Yahoo and even the Government of India.
In 2011, after graduating from Class 12, Ankit Singh (27), a resident of Prayagraj, Uttar Pradesh, enrolled himself in a computer science engineering course. However, during the holidays, he came across a book about a well-known ethical hacker in Pakistan and was intrigued by his work.
“The book was an introduction to the different classes of malware. So, I decided to learn more about it,” says Ankit, in an interview with The Better India.
Today, he works as a freelance bug bounty hunter who has identified security vulnerabilities and flaws for various tech giants including Microsoft, Apple, Amazon, among others.
Recently, he participated in a worldwide hacking event which won him second place and a cash prize of over $20,000. He also won 7,50,000 air miles from United Airlines for reporting their security vulnerabilities.
During his four-year engineering course, Ankit would not only study his regular syllabus, but also watch videos on the internet to understand ethical hacking. He enrolled himself on websites such as ‘bugcrowd’ or ‘HackerOne’ to get practical experience in identifying bugs.
“These platforms act as an intermediary between their clients and ethical hackers/researchers/bug hunters from across the globe. Through these platforms bug hunters report critical confidential bugs to the corresponding client organisation by going through the client’s programme policy available at HackerOne or Bugcrowd,” he says.
Ankit went on to create websites on his own with several loopholes, and tried different approaches to identify them. “It requires a lot of patience, but it’s very interesting once you get the hang of it.”
Once he was confident, he would test his approaches on public cyber security pages of various companies. These public domains were created for ethical hackers to identify real-time potential threats.
“Before working on those platforms, I had to submit my resume along with some proof. Then I was allowed to penetrate through their website and identify security flaws. These security flaws may be simple ones that allow hackers to access company information, or damage intellectual property,” says Ankit.
In 2016, he identified his first big bug in a Bug Bounty programme organised by Udemy, an ed-tech company. The following year, he reported a bug for Microsoft and was awarded $7,000.
“I was ecstatic after identifying this bug for Microsoft. The feeling of saving big companies from potential security risks is like none other,” says Ankit.
He went on to work for a few private companies as well as the Government of India. His role with the government involved working alongside the Ministry of Home Affairs and performing security tests for various websites, ensuring the data would not be misused.
In 2020, after spending three years working for other companies, Ankit quit his 9-5 job and began working as a freelance cyber security analyst. He wanted to explore his skills, outsmart himself, and focus on preventing security breaches, for various companies across the world, from cybercriminals.
“I would participate in various bug bounty programmes and also visit public domains of pages such as IBM, Microsoft, Apple, Twitter, Yahoo and more. Once I identified the bug, the company would recognise the same and give me a certification or a cash reward,” says Ankit.
Recently, after identifying security vulnerabilities for United Airlines within their bug bounty acquisition Ankit was rewarded with 7,50,000 air miles to travel. He also participated in Okta Bug Bash, a virtual cyber security competition, and won $20,900. To date, he has identified up to 700 bugs on websites across the world.
(Edited by Divya Sethu)