EHRAZ AHMED, 24-year-old entrepreneur and ethical hacker, had saved the data of about 700 million Indians in 2019. MUSBA HASHMI speaks with him about his journey, work and how data breach is a major cause of worry
His love for anything tech started at an early age when he used to visit the cyber cafes to play an online game or two. It was then when he realised that one need not visit a cyber cafe everytime he wants to play a game like Counter-Strike and that it can be done at home via a desktop and an internet connection. The idea gave birth to his first-ever game server hosting company when he was merely 14.
“After looking at the craze for Counter-Strike amongst my friends, I started a game server hosting company where I used to provide online gaming servers for players to connect and play the game at home. After a few months, I expanded the company by offering web hosting to websites,” Ehraz Ahmed, a Mysore-based ethical hacker and an entrepreneur, tells you.
However, his love for technology didn’t remain the same for long. An unfortunate incident made him lose his interest in his company and also studies.
“When I was Class X, my father suffered a heart attack. It was then my interest in my company and studies dropped. I felt that I would not go far with the company. With blurred and confused thoughts, I decided to put everything on hold. But that was a short hiatus and soon after I decided to start afresh with a new purpose in life. I wanted to stand on my own two feet by doing something better and more significant,” Ahmed tells you.
That wasn’t a dead-end for Ahmed’s curiosity and it grew by leaps and bounds when he came across a Facebook post of a security researcher who was listed on the hall of fame for finding a flaw in Google and was also paid for it.
“It was a Eureka moment for me. The entrepreneur inside me got curious and I started learning how I could do the same and earn. After a matter of few months, my hard work paid off and at 16, I got listed in 50 halls of fame for finding security flaws in companies like Microsoft, Apple, Adobe, Blackberry, Soundcloud and Netflix.” he tells you.
His first hall of fame listing, he says, was on Facebook, where he discovered a cross-site scripting vulnerability that could have allowed attackers to steal your browser cookies. Using this, any hacker could log in to your account without a password.
“I was good at finding security flaws, but I was not making enough money from it. Not all companies offer bug bounty programmes, only a few provide monetary rewards and the rest mention your name for your efforts in finding the flaw,” he says.
In a bid to look for ways to make money, Ahmed found someone trading in the financial markets and that got him thinking. “I started exploring this field. And it took me a while to figure out how it all works. In the beginning, I did lose a lot of money but gradually got hold of the process,” he says.
At 20, he joined an engineering college to pursue a computer science engineering course and simultaneously started a fintech company called Voxy Wealth Management to offer financial advice and analytics to traders and manage their portfolios.
“It was in 2017, during the second semester of my college that I decided to drop out and start a web security company. The reason was during the lectures, I always felt I was not learning enough and that I was going nowhere. Also, I was not getting enough time to manage my fintech company. That is how, in December that year, I launched Aspirehive to offer web security solutions for small and medium-sized companies,” he tells you.
That was not all. After having started Aspirehive, there was one more tragedy waiting for him. “It was in April 2018 when my brother met with an accident. After seeing the family going through financial crisis, he had desires to start a company. Then we started StackNexo to offer all Web Services and solutions through a single platform,” he tells you.
However, with that being on the sidelines, Ahmed once again, in 2019, started finding security flaws in companies.
“I came across news of data breaches in Indian companies, and that is when I decided to start finding security flaws again to help Indian companies. I started finding flaws in August 2019 and by December that year, I had already safeguarded data of over 700 million users which includes name, address, email address, contact number and date of birth,” he tells you. With all this information, Ahmed says, hackers can conduct phishing scams. They can also log in to your accounts once they have all these details.
One of the most challenging situations that he came across was when he found a security flaw in Airtel that could have allowed hackers to steal sensitive user data of 320 million users. “I was afraid back then because I too was an Airtel user. The data breach risk was very high and it could have resulted in major scams. Once, I was able to find it, the challenge was to inform the company. In such cases, one can’t just call up the customer care or send an email to any random address. Through BBC, I was able to inform Airtel about the possible data breach that could have happened because of the security flaws,” he tells you.
Ask Ahmed how he is able to juggle so much work and he is quick to answer — remember why you started. “One should never forget the reason why he had started in the first place. Stay goal oriented, work hard and have patience, things will eventually fall into place,” he says.
This is not all, currently he is still busy in secretly finding flaws and getting them fixed. “The most recent was in a company called Thrillophilia that risked sensitive user data of 2 million users. Thankfully, it was saved,” he tells you.