Hacking his way to the top: Singaporean shines in defence ministry’s bug-bounty programme
Cybersecurity manager found nine vulnerabilities in the ministry’s public-facing in just under a month
By Kenneth Cheng
From as young as 14 years old, Mr Darrel would hack websites, games, as well as online contests, netting himself prizes and in-game items.
The IT fanatic, who declined to give his full name but goes by the moniker Shivadagger, has fashioned this into a career — moving on to hacking not just websites, but networks and mobile applications in the initial years of joining consultancy firm Ernst & Young Advisory.
The 30-year-old cyber-security manager on Wednesday (February 21) emerged tops among 264 local and foreign “white-hat” hackers who took part in the Ministry of Defence’s (Mindef) first-ever bug bounty programme.
From January 15 to February 4, hackers were invited to put eight of the ministry’s public-facing systems — including the National Service (NS) Portal — to the test to expose vulnerabilities. In return for uncovering valid bugs, hackers were given cash rewards.
Mr Darrel unearthed nine unique vulnerabilities, scoring him a bounty of US$5,000 (about S$6,600). This was about one-third of the total bounty of US$14,750 doled out by Mindef to hackers.