Tucked away in a dimly lit basement, the face of a teenage boy illuminated only by the light emerging from his computer screen, the place where he spends most of his time, aversive of social interaction and human contact. This is the image most people have of hackers. An image long proliferated by popular culture through shows like Mr.Robot, 24, Person of interest and several others. How true does this visualization hold to Pakistan’s very own Hacking prodigy? Not much.
Shahmeer Amir, a 22 year old Multan native is currently ranked as the 12th best hacker in the world, but if you were to see him, that wouldn’t entirely be visible. A fitness enthusiast, Shahmeer has the swagger and shave associated with that of a social extrovert, things that run contrary to the image associated with hacking. However, he doesn’t consider himself a hacker: ‘It’s a derogatory term really, I consider myself to be a systems security analyst’. This designation sounds a lot more white collar than the underworld of hackers. The computer genius has a point though. Where hackers attack websites and databases with malicious intent, him and his kind locate vulnerabilities and bugs in the programs and online platforms of the some of the world’s leading software companies. Having amassed PKR 1.5 crore in bug bounties, his future in cyber security solutions is certain. Today, along with hunting bugs, he is tending to his cyber security startup named Cyphlon.
But cyber security is not your run of the mill profession. How did Shahmeer end up here after pursuing an education in electrical engineering?
His initial exposure to hacking was through an individual who he later claims turned out to be all-talk. Having been talked into taking certain certification examinations which he could not clear, he was lured into a clerical job by said individual.Disheartened by the experience Shahmeer went on to pursue the art of hacking on his own, scouring the internet for crucial information that may add to his skill. Ultimately he came across bug bounty programs of different firms, designed to reward hackers who report exploits in their programs.
Despite his proficiency, the hacker still believes that no one, including himself is safe from a willing hacker. “I don’t use antivirus software because I know if someone sets their mind to it they’d be able to hack me regardless of my cyber security protocols”. He mentions the fact that owing to the persistent threat of hacking he keeps the webcam, and the microphones on his laptop taped. The prodigal programmer does not feel that his acts are out of paranoia, but genuine concern for his privacy. Additionally, he stores his personal data offline, and the data he needs for work is stored on virtual machines. “You cannot not be hacked” stresses Shahmeer.
While commenting on the state of cybersecurity in Pakistan, he was adamant of the fact that the dependence of local programmers on considerably vulnerable languages makes them more prone to damage. “Programmers here do not generally follow internationally recognized programming security protocols making their products much easier to be infiltrated”. The least these programmers can do, is decrease their reliance on weaker languages like PHP for security standards to improve.
He sees the future of Cyber-Security in Pakistan to be effective along the lines of bug-bounty programs currently in place in Silicon Valley. Referring to the current state of IT security in Pakistan Amir says “Companies here are not comfortable with outsourcing”. And that’s where Shahmeer believes, his startup, Cyphlon can come in – to fill the need for trustable cyber security analysts.
Shahmeer is not the sole hacker making waves internationally. Recently another ‘ethical hacker’ by the name of Rafay Baloch won a $5000 bounty for discovering a flaw related to Chrome and Firefox website address bars.
Does this mean that Pakistan will soon produce its own variant of Stephen Wozniak? Who knows, maybe he’s already here.