CHENNAI: At 21, Madurai-based Kishore TK’s story is one which reiterates that success is possible when talent meets passion and perseverance. A month back, this young techie from the city entered Google’s Bughunter Hall of Fame for the seventh time. He is among the few in the state to have entered the Halls of Fame of companies like Google, Microsoft and Facebook, for identifying and pointing out to them vulnerabilities or security issues in their services. With his experience as an ethical hacker who has taken up the security penetration tests of several software giants, he has also visited colleges across Madurai to spread awareness on cyber security.
Kishore’s fascination towards the digital world goes back to his school days in 2010.“I used to spend a lot of time on social media and one day I came across a video about hacking Facebook. I followed the instructions and it led me nowhere; I had to restart my computer multiple times to make it work properly. Later I realised it was hacked. Though it was recovered with the help of technicians, this incident piqued my interest to know more about hacking and programming. When I was in class 11, I started reading a lot about remote administration tools used for hacking. I also connected with friends via LinkedIn and Facebook, who were interested in finding out the loopholes in online security.”
When he got into college, he opted for BTech in Information Security and founded the Kruptos Security Club along with his friends in 2017. Through the club, they were conducting several interactive sessions and workshops on cyber security, for fellow college students.
Gradually, Kishore’s expertise as an ethical hacker also grew and he began taking up the security penetration tests — that are open to the public — of popular multinational technological companies that specialise in internet-related services and products. In 2017, he identified a minor vulnerability in Google’s authentication process and got rewarded $100 through the Google Vulnerability Reward Program (VRP). This helped him enter Google’s Bughunter Hall of Fame for the first time. “Ethical hacking is nothing but intruding a company’s security system or network, with its permission and then identifying threats and reporting it to them. While malicious hackers may exploit these threats, we inform the companies about it and help them improve their online security,” he explains.
As of February 2019, he has reported about 150 bugs or minor vulnerabilities in Microsoft’s services and platforms, through Microsoft Security Response Centre (MSRC)’s Bug Bounty program. “Facebook’s Bounty Program is generally considered to be a tough one to crack. After multiple attempts, I managed to successfully identify two issues and reported it to Facebook. I was given a reward of $500, on each of the occasions. While some companies give you cash rewards, some others like Microsoft give you freebies, merchandises and also an opportunity to take part in their conclaves,” he says. Kishore was invited to take part in Microsoft’s Blue Hat Security Conference in 2018, but couldn’t due to personal reasons. “I will participate in the one that is to be held in Shanghai this year and I will also continue to take more security penetration tests that I find challenging,” he adds. Kishore has recently also been rewarded by companies like AlienVault, PayPal and Flock Messenger for spotting bugs.
Currently, Kishore is heading the Open Web Application Security Project (OWASP), Madurai Chapter, along with his friends Soundarya KSC and Jeevanantham M. “OWASP is an international NPO working towards global software security. Through its Madurai Chapter, we are reaching out to colleges and organisations in the city, to raise awareness about cyber safety. Our aim is to inform more people about the common ways in which unauthorised access to data is existent and how to overcome them. We even give additional inputs on how to use an ATM card securely and how to not install unwanted mobile apps in phones,” he says.
Three weeks back, Kishore initiated a start-up called Web Pika to provide cheaper web hosting and enterprise-class customised hosting solutions to businesses and individuals.