Bounties and Breaks: ‘Hall of Fame’ rise of a Kashmiri ethical hacker

At a time when Kashmir is grappling with digital deception and duping, raising awareness about cybersecurity through education and community programs is crucial, reckons valley’s tech talisman who fixed Apple and NASA systems.“Organisations and governments,” he emphasises, “should invest in cybersecurity infrastructure and training to equip people with the necessary skills and knowledge to protect themselves online.”

Muneeb Amin Bhat, a 22-year-old cybersecurity researcher and ethical hacker from Zungalpora, Kulgam in Kashmir, has made significant strides in the field of cybersecurity. His journey began with a deep curiosity about technology and gadgets at a young age. Overcoming the challenges of limited internet access and frequent power outages, Muneeb taught himself the intricacies of hardware, networking, and programming.

He has worked with over 60 international organisations, including Apple and NASA, identifying critical vulnerabilities and earning spots in their respective Halls of Fame. Currently pursuing a BCA in cybersecurity from IGNOU, Muneeb continues to contribute to the security landscape, advocating for responsible disclosure programs and cybersecurity education to safeguard digital environments. He talks about the significance of ethical hacking in a candid chat with Free Press Kashmir.


Can you share a bit about yourself and your background? What sparked your interest in technology and gadgets?

Absolutely! I’m a cybersecurity researcher and ethical hacker from Zungalpora, Kulgam in Kashmir. My fascination with technology began at a very young age. Growing up, I was always curious about how things worked, especially gadgets and computers. This curiosity led me to experiment with hacking into my friends’ social media accounts and local Wi-Fi networks—not to cause harm, but to understand and help secure them.

These early hands-on experiences and the thrill of solving complex puzzles sparked my passion for technology and cybersecurity. Over time, I realised the potential of using my skills for good, and that’s what set me on the path to becoming an ethical hacker.


How did your interest in technology evolve over time? Was there a specific moment, experience, or mentor that played a significant role in shaping your passion for tech?

My interest in technology evolved significantly over time. The real turning point was in 2012 when my father bought our first computer. This opened up a world of learning for me. I spent countless hours on Google and YouTube, learning about hardware, networking, and programming. Movies like “The Matrix” and “Live Free or Die Hard” further fuelled my passion.

While I didn’t have a specific mentor, the online community and various tutorials were immensely helpful in shaping my skills and passion for technology.


Let’s talk about hacking. Can you explain what ethical hacking is all about? How does it differ from non-ethical hacking?

Ethical hacking is all about identifying and fixing security vulnerabilities in systems, networks, or applications to prevent malicious attacks. It is done with the permission of the organisation and aims to improve security. In contrast, non-ethical hacking is unauthorised and malicious, often leading to data breaches and other cybercrimes.
Ethical hackers follow a code of conduct and work within legal boundaries to enhance cybersecurity.


What led you to become an ethical hacker? Was there a particular experience or realisation that made you transition into this field?

I transitioned into ethical hacking gradually. Initially, my experiments with hacking were driven by curiosity and a desire to understand how things worked. The pivotal moment was when I received my first bounty for identifying a security flaw. This acknowledgement made me realise that ethical hacking could be a legitimate career.

The thrill of solving security puzzles and helping organisations secure their data cemented my decision to pursue this path professionally.


Can you share a time when you did something online that you later realised might not have been a good idea? How did this experience shape your approach to responsible behaviour in the digital world?

In my early days, I once hacked into a friend’s social media account just to see if I could. Later, I realised the potential consequences and the importance of privacy and consent. This experience taught me the importance of responsible behaviour online and respecting others’ digital spaces. It also reinforced the need to obtain proper authorisation before testing any system’s security.


Once you decided to use your skills for good, how did you learn about the right way to use them online? Was there a mentor, resource, or community that helped you develop your ethical hacking skills?

Once I decided to use my skills for good, I turned to online resources, communities, and various cybersecurity forums. While I didn’t have a specific mentor, the collective knowledge and guidance from the online community played a crucial role in developing my ethical hacking skills.


How do companies typically find and fix security vulnerabilities? Can you explain what bug bounty programs are and how they work?

Companies often find and fix security vulnerabilities through vulnerability disclosure and bug bounty programs. Bug bounty programs invite ethical hackers to identify and report security flaws in their systems. When hackers find vulnerabilities, they submit their findings through a structured process. If the vulnerability is confirmed, the company rewards the hacker with a bounty, which can range from $50 to $200,000 depending on the severity of the vulnerability.

This collaborative approach enhances security while providing recognition and compensation to ethical hackers.


You’ve had a significant impact on improving security for numerous companies, including Apple, Oracle, Intel, McDonald’s, and USAA. Can you walk us through the vulnerability you discovered in Apple’s systems, how you identified it, and how you worked with their team to resolve it?

Sure! For Apple, I discovered a critical vulnerability in their iCloud system that could have compromised user data. I identified the vulnerability through testing and analysis using my skills and some custom tools I developed. I then submitted a detailed report to Apple’s security team, outlining the issue and potential risks. Apple’s team was highly responsive.

We collaborated to address and resolve the vulnerability, and they recognised my efforts by including me in their Hall of Fame and awarding me a reward.


What was the process like, from initial discovery to final resolution? How did Apple’s team respond to your findings, and what was the outcome?

The process started with identifying the vulnerability and documenting it comprehensively. After submitting my findings to Apple’s security team through their responsible disclosure program, they promptly acknowledged and validated the issue. We then worked together to develop and implement a fix. The outcome was successful, with the vulnerability resolved and user data secured.

Apple’s acknowledgement and inclusion of my name in their Hall of Fame were gratifying and validated my efforts.


Recently, NASA acknowledged your contributions by inducting you into their Hall of Fame for bolstering their system security. What was it like to ethically hack and secure NASA’s systems, and what did it mean to you?

Ethically hacking and securing NASA’s systems was a significant milestone in my career. The opportunity to work on such a prestigious platform was both challenging and rewarding. Discovering and reporting vulnerabilities in NASA’s systems was an honor. Being inducted into NASA’s Hall of Fame validated my efforts and reinforced my commitment to cybersecurity. It was a proud moment, showcasing the impact of my work on a global scale.


Even with dedicated security teams, tech giants like Apple, Google, and Facebook can still fall victim to data breaches. What steps can we take to minimise our online risk and stay secure, particularly in regions like Kashmir where cybersecurity awareness is limited?

To minimise online risk, individuals should adopt good cybersecurity practices such as using strong, unique passwords, enabling two-factor authentication, regularly updating software, and being cautious about phishing attempts.

In regions like Kashmir, raising awareness about cybersecurity through education and community programs is crucial. Organisations and governments should invest in cybersecurity infrastructure and training to equip people with the necessary skills and knowledge to protect themselves online.


How can we protect our personal information and navigate the digital world safely, despite the ever-present threat of cyberattacks?

Protecting personal information involves several key practices: Using strong, unique passwords for different accounts. Enabling two-factor authentication for an added layer of security. Keeping software and devices updated to patch vulnerabilities. Being vigilant about phishing attempts and suspicious links. Regularly reviewing privacy settings on social media and online services.

By adopting these practices, individuals can significantly reduce the risk of cyberattacks and navigate the digital world more safely.


What steps do you think institutions and companies in Kashmir can take to improve their security measures?

Institutions and companies in Kashmir can improve their security measures by: Conducting regular security audits and vulnerability assessments, implementing comprehensive cybersecurity policies and protocols, investing in cybersecurity training for employees, collaborating with cybersecurity experts and ethical hackers for continuous monitoring and improvement and raising awareness about cybersecurity best practices amongst the general public.

These steps can help build a more secure digital environment and protect against potential threats.


What advice would you give to young people in Kashmir and beyond who are interested in exploring careers in technology and cybersecurity? How can they get started and make a positive impact in this field?

My advice would be to: Start with a basic understanding of computer hardware, operating systems, and networking. Engage in self-learning through online courses, tutorials, and other sources. Participate in cybersecurity communities and forums to gain insights and support. Stay curious and continuously update knowledge to keep up with the latest trends and threats in cybersecurity.

By following these steps, they can build a strong foundation and make a positive impact in the field.


Finally, what message would you like to share with organisations in Kashmir and readers everywhere about the importance of responsible disclosure programs and dedicated security teams?

I would like to emphasise the critical importance of responsible disclosure programs and dedicated security teams. These initiatives foster collaboration between organisations and ethical hackers, allowing for the identification and resolution of security vulnerabilities before they can be exploited maliciously. Organisations should encourage and support ethical hacking by creating transparent and rewarding disclosure programs. By investing in dedicated security teams and promoting a culture of cybersecurity, we can collectively enhance the safety and security of our digital environment.

Click to comment
To Top