KARACHI, April 08: A 13-year-old hacker from Karachi is schooling some of the biggest technology companies when it comes to cybersecurity.
Ahsan Tahir, an “ethical hacker”, is putting his skills to use by helping tech firms discover bugs and vulnerabilities in their websites which can be used to create security patches.
Tahir, a self-taught security consultant, learnt how to hack by watching YouTube videos, reading blogs, and experimenting on his own at the tender age of 12.
Tahir is a rising star in the cyber security world, spotting bugs for big name companies like Google and Microsoft.
His journey into the security world began after his personal website was hacked, Tahir told NBC News.
Tech Sovereignty: A Quest for Nepal
“I decided to find bugs on my own website,” he said. Tahir then said he found a site “that told me I can hack into different companies to find bugs and they will pay me — or appreciate me — so I started [doing] that.”
Bug bounty programs are already seeping into the mainstream, with everyone from Apple to the Pentagon offering cash for bugs. And a successful hacker can collect anything from $50 to $350,000, depending on how big the company is and how critical the bug is.
“Hackers like Ahsan are literally the next generation of cybersecurity defenders, and the future of the internet relies on them having an easy on-ramp into security as a career,” Casey Ellis, founder and CEO of Bugcrowd, told NBC News. “Digital natives make very good hackers, and the power this group represents to companies trying to safeguard their businesses and users is immense.”
While most kids Tahir’s age may be doing chores to earn extra money, he’s raking in the bug bucks thanks to his security skills. He proudly showed off a new iPhone 7 he purchased after a recent bug bounty payday. Now he’s saving up to buy a car when he turns 18 and can get his driver’s license.
Tahir’s parents aren’t techies, but his father, who accompanied him on his trip to the United States, told NBC News he’s proud of his self-taught son.
A typical day for the teen involves going to school and then coming home and hacking for six hours. Then, he says he’ll do homework — if he has any.
While money is a motivator, Tahir said he also wants to make the internet a safer place and teach other people the skills that have made him a success, largely through YouTube tutorials.
“The more hackers there are, the more bugs [are found], and the more secure companies are. It’s simple,” he said.
When he’s an adult, Tahir said he hopes to continue participating in bug bounties part time, while spending his days working as a software engineer, possibly even starting his own company.
But that’s all a long way away. For now, he’s most thrilled about turning 14 in July, when he’ll get a $500 payday from Microsoft for some bugs he found.
He’s had to be patient, since Microsoft’s minimum participation age in their bug bounty program is 14 years old — but come July, he knows he is guaranteed two things: a party and a payday.
“I am proud of making the internet safer, the world safer,” Tahir said. “Because the next wars maybe will be cyber wars.”