Meet Bradford's record-breaking computer bug bounty hunter
A student at the University of Bradford has become a record breaker for his work as an ethical hacker.
Nikhil Rane, who is studying MSc in Cyber Security at the University of Bradford, has been honoured by the India Book of Records in recognition of his work as a bug bounty hunter, the term used for someone who identifies security loopholes in a website for companies and organisations but does not work full-time for them.
Ethical hackers’ work aims to outsmart the malicious hackers. He has worked with organisations including Google, NASA and Blackberry.
He said: “I'm truly delighted to have received recognition from the India Book of Records for achieving the highest number of Hall of Fame accolades in bug bounty programmes.
“It's an incredible honour, and I'm humbled by this acknowledgment of my dedication to cybersecurity and ethical hacking. This recognition motivates me to continue my journey in the world of bug bounty and security research.
“I'm grateful for the support and encouragement from the bug bounty community and my family, and I look forward to further expanding my contributions to digital security. Thank you, India Book of Records, for this wonderful recognition.”
When Nikhil, 24, from Mumbai, pictured above, helps companies, the process follows a set formula.
He said: "I produce a vulnerability assessment of the company’s website where I find vulnerability which could be exploited by malicious hackers.
After I have done an assessment, I produce a vulnerability report and a video for the company on how they could be exploited by hackers
"My findings are taken onboard by the company and the potential vulnerability that can be exploited."
He is then rewarded by the company for his work. Nikhil has earned recognition including ‘swag’ gifts and appreciation letters since he started ethical hacking in 2021, including around £13,000 in cash rewards, T-shirts, and a Hacker Coin, which was a thank you gift he received from the United Kingdom’s Ministry of Defence for helping them.
He often sees his name recognised on the websites of the companies he has helped, also known as Halls of Fame. He has received 23 appreciation letters from companies for securing their website. He added ethical hackers often sign Non-Disclosure Agreements (NDAs) before carrying out their work.
Helping big names
Nikhil said: “I have reported vulnerabilities to more than 350 companies across the world including Google, Microsoft, NASA, Blackberry, and several other prominent organisations. I also worked as an ethical hacker trainer and cyber security analyst in India.”
He entered the India Book of Records 2023 as the highest Hall of Fame achiever in bug bounty within the country. Cyber security researcher Nikhil was given a certificate of appreciation earlier this year by the India Book of Records for earning 120 ‘Hall of Fame’ recognitions on websites by helping different firms or organisations, a figure which has since increased to 197 Halls of Fame. He also received an India Book of Records medal for his achievement.
The India Book of Records, which originated in 2006, is the country’s own version of the Guinness Book of Records where people are recognised for a host of wide-ranging achievements.
Nikhil, who completes his MSc in Cyber Security at the University of Bradford in January 2024, works freelance as an ethical hacker, while penetration testers are ethical hackers who are hired full-time by companies to beat the malicious hackers.
He combines his studies at Bradford and his ethical hacking work with passing on his own knowledge of the subject to others through his own teaching.
He said: “I’m totally enjoying it at Bradford. I am learning new things as well. In cyber security, you must learn new things. There are always new things to learn, new cyber-attacks.
"Ethical hackers need to stay ahead, so they know what tools the hackers are using. I try to read as much as I can, on websites about hacking.
“Ethical hacking is a trending topic in today’s world. I’ve paid for my accommodation rent through this (ethical hacking/bug bounty).
“If it’s an organisation’s network testing, it could take a month to do the work, if it’s a website, it could take a week. It is easier for people with experience in this field.
“In India, every person wants to become a bug bounty hunter. You can be working at home doing it. You can work wherever you want.”