Did you know that a Pakistani hacker is the third most top ranked bug hunter in the world? And that same Pakistani has been ranked by HackerOne (a vulnerability disclosure company in California) as the 11th most top-rated hacker in the world currently?
That guy is Shahmeer Amir, a Multan-born Pakistani national who has earned $150,000 in total bounties by reporting bugs to 300+ global organizations. Some of these organizations include Facebook, Microsoft, Google, Yahoo, Twitter, LinkedIn, Dropbox and many more. All of this in just 2 years time.
Shahmeer Amir – the 3rd most top-rated bug hunter globally
And whats’s more. He’s currently in charge of coming up with initiatives to better secure the Pakistani cyberspace from internal and external threats. If that wasn’t enough, he has also been invited to the DefCON event by HackerOne, the biggest hacking conference on the planet.
Pretty impressive resume wouldn’t you say? And he has achieved all this at the ripe young age of 21!
ProPakistani recently sat down with the hacker-extraordinaire, and trust me when I say that we were most curious about how an exceptional talent as Shahmeer Amir’s has come along so long without as much as a spotlight from the Pakistani media.
Q: Hi Shahmeer. Let us state right off the bat how excited we are to interview you. Can you tell us and our readers about your early life and schooling?
I was born in Multan, moving to Karachi with my family when I was 13. I did my primary education from the Rangers Public School, and subsequently did my Intermediate in Engineering from a Government Degree College in Gulshan-e-Iqbal. After that I finally did my Bachelors in Electronic Engineering from Hamdard University on scholarship.
Q: How did you get into hacking? Was it natural for you or did you accidentally discover it in your later life?
I was always interested in learning about computers from as long as I can remember. I remember when I had a Pentium 3 computer, I always used to encounter different problems while using it. It could be software issues, BSODs, Registry errors etc and I used to solve them by Googling solutions and fixing them by myself. That was how my technical problem solving skills nourished.
One day at my University, there was a seminar on Cyber Security going on. My curiosity got the better of me and I attended it. I’m glad I did, because even though I didn’t know it at the time, that was a turning point in my life.
I started my formal research after that. I learned using online resources and tried to learn more about this field. It was hard, considering I was from a non-core computing educational background. But with dedication and hard work and of course, my motivation to learn more, I found myself diving into the world of white hat hacking.
Q: Let’s take a moment here. When you talk of white hat hacking, is this the same as ethical hacking?
Yes, it is. In fact, my primary role has been to discover exploits in products and services that we use in our everyday life. After I identify a security risk, I contact the people behind the product and they resolve the complaints. As an information vulnerability researcher, they acknowledge my efforts and even pay bounties after successfully resolving the exploits.
Q: I’m curious about the bounties though. And I’m sure our readers are too. Can you share some details regarding them?
Well I have reported bugs for 300+ global organizations, Facebook, Microsoft, Google, Yahoo, Twitter, LinkedIn etc. I have earned about $150,000 in total bounties and donated about half of them to emerging causes around the world and people that contact me individually.
Q: That’s pretty impressive Shahmeer. But I must say, you’ve proven to be quite philanthropic with your efforts as well. I was thinking if we can take a detour and focus on the non-hacker side of you? Like what are your favorite movies or TV shows?
Well, I don’t have a favorite movie, but I like The Shawshank Redemption. As for TV, I like Prison Break and Person of Interest a lot.
Q: What is your view about the state of cyber security education in Pakistan?
I think that there should be more of such Cyber Security training centers in Pakistan that are legitimate ones and that actually help youngsters develop a skillset rather than fool students, I myself have been a victim of counterfeit education and self learning was my only chance
Q: I’m seeing a theme here about breaking out. Sounds like something a hacker is always thinking. Person of Interest was amazing in its depiction of artificial intelligence and how they can control the world.
My favorite character was Root by the way.
Q: How apt. Seeing as she was a superb hacker in her own way. You’ve got a favorite personality or book?
I like The Kite Runner by Khaled Hosseini and as far as personalities go, I’ve always been inspired by the fighting spirit of Muhammad Ali.
Q: Thank you for a most candid interview Shahmeer. As we conclude this interview, let our readers know what you’re up to currently.
Nowadays, I’m in Lahore, managing my own cyber security startup Cyphlon with a team of 6 people besides me, under the stewardship of Plan9, Punjab IT Board (PITB). We regularly discuss ideas about how to solidify the defenses of the Pakistani cyberspace and IT companies.
Q: One last question. What’s your advice for people here who want to venture in your footsteps?
Hackers in Pakistan should focus on learning more initially than earning. That’s my belief anyways and it has helped me immensely.
I see many researchers going towards earning $$$ before they even know the basic architecture of a web application, Don’t make the mistakes I did in the past, I had to earn my respect back by working twice as hard. Work hard, learn before earning and donate generously, it will help you achieve countless blessings.
To find out more about his work, check out these resources: