Aditi Singh, a 20-year-old ethical hacker from Delhi has been rewarded $30,000 (approximately Rs 22 lakh) for spotting a bug in Microsoft’s Azure cloud system. Two months ago, Aditi found a similar bug in Facebook and won a bounty of $7500 (approximately over Rs 5.5 lakh).
She explained that both the companies had a Remote Execution Bug (RCE) which is relatively new and is currently not being paid much attention to. It is through such bugs that hackers can get access to internal systems and get a hold of the information.
Singh also said that Microsoft was informed about the bug two months back, when she discovered it and alerted them. But the company did not respond immediately as it was waiting to check if anyone had downloaded the insecure version of the system, an India Today report stated.
The Delhi-based hacker explained the reason behind the RCE bug. She said developers should have first downloaded a Node Package Manager instead of writing the code directly. “Developers should write codes only after they have the NPM," Singh was quoted as saying.
She further remarked that spotting such bugs is not easy and ethical hackers must always be on top of their game so that they can report about them and still be eligible for their payouts. She, however, also emphasised gaining knowledge and learning about ethical hacking first, rather than focussing on just making money.
Singh suggests that before even starting to find a bug, people should ask the support team of that company ask if they are hosting a bounty program, and if that company confirms about such a program, bounty hunters should go ahead.
Bug bounty hunters are mostly certified cybersecurity professionals or security researchers who crawl the web and scan the systems for bugs or flaws through which hackers can sneak in and alert the companies. If they are successful, they are rewarded with cash.
The field of ethical hacking is something Singh stumbled upon while preparing for her medical entrance exam, NEET. Although she didn't crack the exam, she found bugs in over 40 companies including Facebook, TikTok, Microsoft, Mozilla, Paytm, Ethereum and HP.
Her first hacking experience was when she managed to crack her neighbour’s Wi-Fi password. It's been two years that she has been working in this field now, she says.The hacker also shared how people interested in ethical hacking can find multiple resources available online. She added that to get into advanced hacking one must know a programming language. Singh also suggested OSCP, a certificate course for ethical hacking.