Slashdot Mirror
India's Ethical Hackers Rewarded Abroad, Ignored at Home (yahoo.com)
An anonymous reader shares an article: Kanishk Sajnani did not receive so much as a thank you from a major Indian airline when he contacted them with alarming news -- he had hacked their website and could book flights anywhere in the world for free. It was a familiar tale for India's army of "ethical hackers," who earn millions protecting foreign corporations and global tech giants from cyber attacks but are largely ignored at home, their skills and altruism misunderstood or distrusted. India produces more ethical hackers -- those who break into computer networks to expose, rather than exploit, weaknesses -- than anywhere else in the world. The latest data from BugCrowd, a global hacking network, showed Indians raked in the most "bug bounties" -- rewards for red-flagging security loopholes. Facebook, which has long tapped hacker talent, paid more to Indian researchers in the first half of 2016 than any other researchers. Indians outnumbered all other bug hunters on HackerOne, another registry of around 100,000 hackers. One anonymous Indian hacker -- "Geekboy" -- has found more than 700 vulnerabilities for companies like Yahoo, Uber and Rockstar Games. Most are young "techies" -- software engineers swelling the ranks of India's $154-billion IT outsourcing sector whose skill set makes them uniquely gifted at cracking cyber systems.
An "ethical hacker" will only break in if given permission, either directly or via a bug-bounty program. Anybody hacking without a mandate is either grey-hat (if they do inform the target and do not try to extort them) or outright black-hat. That companies do not react friendly to people hacking them _without_ a mandate is not a surprise, as that happens to be a criminal act.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The Indians doing the white-hat hacking are not the ones working for the outsourcing companies. They are like the top 0.0001% of the Indians in the IT sector, the ones that have enough functioning brain-cells to use a toilet without standing on the seat and squatting.
Outsourcing companies hire the cheapest, weakest, stupidest of them that are the only ones that will accept the meager/paltry salaries provided.
That also explains why the ones they do hire don't give a fuck about who they're contracted with. When the shift is over, the shift is over, just hangup, logout, leave, who cares if the problem they were working on is fixed or not, or even if they've told anyone what the status is, or handed over steps taken to the next shift.
Its because Eyes and Teeth have no one else to hate on..
give me now, give me more..
Those whom seek to destroy the industry, destroy themselves for lack of anything else..
Even if bug bounties values sound impressive, if you start thinking about it as salary it often isn't worth it for developers in the west to work on. You can spend a lot of time to maybe find a vulnerability which has a variable pay-out depending on the severity and someone else might submit first leaving you with nothing. Sorry but no thanks.
How about providing some per capita persepective before we all bow down before the great Indian hacker intellect.
The yearly "Indian workers are really good!" round of stories is in progress. Yahoo is taking big bucks from them, like they lap up any cash they can get, including serving up malware to Firefox paid for by Microsoft.
The High Tech World of India
Isn't this basically "writing a mini-van?" ( http://dilbert.com/strip/1995-11-13 )
I mean, come on, they write the buggy code, so they know where the exploits
are - seems like a win-win scenario that they've built for themselves. Kudos.
CAP === 'queuing'
ethics, why is this a surprise? I understand that when you don't have enough food or clean water, that ethics take a back seat, but to my Indian friends that are all making well into six-figures, you'd think they would change.
This is puzzling. One day we are told 95% of indian engineers cannot code, and the other day India has huge number of highly skilled hackers.
I ask because just last month, Slashdot ran a story that 95% Engineers in India Unfit For Software Development Jobs...
I am personally proud of India. Didn't they launch some rocket to Mars at a much lesser cost as compared to the US recently?
Cost is a metric.
There is no unique gift to becoming a cracker (these aren't "hackers"). It is just a willingness to perpetuate destructive behavior. It is very easy to crack software and systems, I use to do it all the time. It is much harder to create.
kudos to India's ethical hackers, and all ethical hackers around the world
Politics is Treachery, Religion is Brainwashing
If they were rewarded, they would end up with jobs. If they had jobs, they would not have enough time to do all of that hacking.
Their are only two ways you get hackers of this high quality:
1) They are not rewarded.
2) Their motivations outweigh their greed. Talking about religious extremism quality motivation.
excitingthingstodo.blogspot.com
This is puzzling. One day we are told 95% of indian engineers cannot code, and the other day India has huge number of highly skilled hackers.
There is a Supreme Court Case where the court said traffic stops must be dangerous because a large number of police officers are injured every year while performing traffic stops. But the logic is bad. Without knowing how many total traffic stops there are you cannot really look at the risk of performing one.
Similarly, even if 95% of engineers cannot code, they can still have more good engineers if there are enough of them--or can have more decent engineers working on this particular set of problems.
It's also worth pointing out that (1) there are a lot of great Indian engineers who are not in India, (2) the 95% number you are pointing to was done by a company with an incentive to skew it one way, and (3) the people finding the bugs may not be a great match for the ideal job candidate but still have basic hacking skills.
Real lawyers write in C++
Yeah, but it ended up hitting a random hot dog stand in Alabama instead
I am surprised there was not a suggestion to allow these 'white hats' into the US on some temporary work visa
Yet more fake news. Basically, some douche bags are trying to smooth the way with more reasons to allow out-sourcing of American jobs. Google, Microsoft, Amazon, and the rest of the tech industry are trying like crazy to lower the salaries of the technical community to increase profits and satisfy Wall Street. Expect to see a LOT more of this BS in the not-too-distant future.
You're still talking criminal on a leash, no matter the brand of the perfume and the make-up you're adding.
That is not what "hacking" once was about, to the point that adding "ethical" to it makes no sense at all. Even the hats mean that you (in)security types have hopelessly confuddled everyone including yourself, with the result that "hacker", "ethical" or otherwise, means exactly nothing these days. And it shows.
S'kiddies, the lot of you.
And yes, your stolen terminology, now entirely empty, is quite related to your collective complete and utter failure to secure anything these last few decades. Your are the Emperor's new clothiers, it's the only explanation that actually makes any sense. So don't go complaining these cheap imitations from India aren't the real thing. They're about as functional and effective as everyone else in the industry, complete with getting the important bits hopelessly wrong.
amazing, companies don't thank criminals for criminal acts, will wonders never cease. FYI they are NOT ethical hackers when hacking a site without permission.
While being an "ethical hacker" might sound glamourous to the untrained ear, the Indian people would do well to get their own house in order first. Priorities, you know.
Here is a suggestion. Get off your little indo-android tablet and start cleaning up the street where you live. Get a pair of gloves, and a plastic garbage bag. Maybe a small garden spade for scooping. Open your front door, step outside, and start picking up the litter, garbage, human feces, and dead animals that make your Indian street so full of "character".
What's that you say, not your job? not your caste? Well I've got news for you buster, it is your job. You approach the world, your job, and software the same way you approach the filth in your street. Why would I hire you to clean up my code when you are too shiftless and lazy to scoop up the mounds of human waste in front of your door and under your own feet?
>Didn't they launch some rocket to Mars at a much lesser cost as compared to the US recently?
They just barely got a small, proof-of-concept probe - and at that, it never got the desired orbit.
NASA, in around the same time frame, got a much larger, far far more complex research package in the proper orbit.
Good on India for pulling it off, but they were doing something vastly different than NASA.
TL;DR: apples & oranges
Ankit Fadia. Google the guy. Much like the Indian companies recognize only charlatans.
And We still say it's AChe Din!!
Are they simply finding bugs from substandard code done by the lowest cost (or best bribing) outsourcer? And do anti-virus companies also have relations with malware writers?
Stupid, potentially sensitive question: How many of the vulnerabilities, do you think (if it can be ascertained) came from companies who outsourced their work to India-based companies?
If you believe in privacy, and believe you have "nothing to hide" at the same time, you're a goddammed idiot
1. Get a job with an outsourcing firm
2. Work on IT project for major international company
3. Purposefully introduce bugs into the software
4. Report (or have a friend report) said bugs
5. Profit!
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
They're probably the same people writing the dodgey code in the first place. Most of the IT outsourcers in India write crappy insecure code.
Didn't they launch a satellite which exploded as well!?