Kanishk Sajnani is an ethical hacker who doesn’t drive any personal gains from hacking. By now, he must have hacked into more than dozens of Indian companies. He booked himself in an Air India flight from New Delhi to San Francisco for just Re.1. By this amazing skill of his, he could have travelled the world almost for free. But did he? Surprisingly, he din’t. Kanishk informed the CEO of the company about the loophole in their system. After a week he received a call from the manager asking him to present with a proof, which Kanishk did!
He found a similar vulnerability in SpiceJet’s Mobile application too. When he tried to tell them about the loophole, their financial systems in the back-end were obviously not able to detect any payment irregularities. When he cancelled the ticket booked, he even received the refund of Rs. 2,000. Kanishk could have not only travelled the world but also could have earned easy money through hacking. With Cleartrip, he could have booked Flights, Hotels, International holidays, Trains, Restaurant dates, Massages, Cultural events, Sport Activities, anything absolutely free of cost.
In conversation with Kanishk Sajnani:
Q. When did you discover this amazing skill of yours?
I started out on my own ( bit by bit ) learning things from the Internet. No books to refer or teachers to learn such stuff from. I would download the required tools/software & start experimenting. Initially, it was a bit scary. I was afraid that this Hit & Trial method I used might land me into some legal trouble. Eventually, I was able to understand everything. I found my first ever vulnerability in Faaso’s application. It was a Jackpot. I was able to lookup the details(Debit card, Addresses, Order History) of any customer just through their email address or mobile number. Furthermore, I was even able to order anything for free. I literally owned the application thereafter.
Q. How and when did you end up learning hacking?
I never enrolled in any professional courses. In June ’15, I downloaded some tools & started to play with the API’s. Eventually, everything became clear and much simpler. Around June 2015, I started learning about internet security. Every other day, a story about how someone hacked into something and got rewarded for the same would Pop-up. I thought I could use these additional skills to my advantage too.
Q. Tell us about your educational background. Which school did you go to?
I did my schooling from Delhi Public School, Bopal (Ahmedabad). Right now, I’m studying Computer Engineering in a local college affiliated to GTU.
Q. How did you end up hacking into Spicejet and book yourself a ticket? You were just trying something new or you knew this was possible?
I’d always think – Just like ordering free food, is it possible for someone to travel across the world for free too? That’s when I decided to actually find out.
Q. When you told about the loopholes in the various companies’ websites you hacked into, how did they respond to it?
They were all very unprofessional. Some didn’t even acknowledge the loopholes that I found out in their systems.
Q. You could have simply travelled the world, atleast a few good places. Why did you choose to come clean?
Ofcourse I could have but, I’ve been raised like that only, to choose ethics over temptation.
Q. What changes do you suggest to avoid cyber crimes in our country?
There are various fields we need to work on. Some of them are like-
- Cyber Laws need to be changed.
- Ethical Hacking needs to be more appreciated.
- Companies should opt for Bug Bounty programs.
- Security should also be considered as important as product development.
Q. Do you have any role model in the field of technology, someone you look upto?
Not someone in particular. But there are certainly a lot of people out there to get inspired from.
Q. What are your future plans? Where do you see yourself in the coming few years?
I’m actually not sure. I have varied interests. The only thing I’m sure of right now is that ‘It won’t be just another boring 9-5 Job’. There’s no point being a sheep in a herd.
Q. What piece of advice would you give to young talented kids who know hacking, to keep them focused and away from cyber crime?
Use your skills for good. Otherwise there’s no difference between you and a house burglar.