This Manila Start-up Will Hack Your Computers If You Pay Them
Cryptors claims to be the first of its kind in Southeast Asia
PHOTO CREDIT: Getty Images
The story of Cryptors, a Philippines-based start-up bug bounty platform, reads quite like a Robert Ludlum novel: it all began with an underground hacker organization in a Manila university, a security breach, and a case of mistaken identity.
Founded in April 2014 by Alexis John Lingad, Nionel Ibarra, and Roselle Gabuya, this start-up harnesses the services of “white hats” or ethical hackers to find vulnerabilities in a system or website. Bug bounty programs, in essence, reward individuals for discovering and reporting software bugs. And while this isn’t exactly a new concept—popular ones in the United States include HackerOne and BugCrowd, to name a few—Cryptors claims to be the first of its kind in Southeast Asia.
Cryptors’ business model addresses both sides of the fence: the organization and the hackers.
An organization can choose a subscription plan, launch its website onto the platform to enable the “army of security researchers” to find bugs and send reports, and reward the hackers who find critical bugs in the system.
Hackers keen on taking on the challenge need to register on the platform and electronically sign a non-disclosure agreement. They then choose an organization to hunt bugs from, submit a bug report and recommendations to that organization, and be rewarded with “reputation points” to be used in world rankings, as well as monetary compensation or merchandise.
Even as a kid, Cryptors co-founder Lingad always wanted to be a spy. In high school, he was a varsity chess player, a Filipino martial arts practitioner, and a youth leader. At night, he’d browse the Internet trying to learn ethical hacking techniques and applied what he learned on websites offering practice laboratories.
By age 16, he was hired by Garin Technologies U.S.A. as a web security analyst, and was also invited by the Philippine Army to become a cybersecurity researcher. Lingad also became the Philippine Hacker Games Champion, beating professional and Ph.D.-holding hackers.
While in university, Lingad formed an underground hacker organization, whose goal was to raise cybersecurity awareness among students. Members remained anonymous and would only interact on his website via a group chat function. One day, the student entertainment site was hacked by a group claiming to be “Anti-Cryptors,” putting the identities of the students at risk.
Lingad and his group soon worked on retrieving the site and were successful. He revealed his identity to let the public know that Cryptors was not just an “urban legend in the campus.” This led to some school organizations filing a case against him, claiming Lingad was also part of the Anti-Cryptors and that he only hacked the site to be famous.
After the incident, Lingad read books on entrepreneurship in hopes of turning his passion into a business. He registered Cryptors with the Securities and Exchange Commission (SEC) and wrote a book entitled “Cyber Defender: The Power of Hacking.” He also conducted seminars, where he met more and more ethical hackers. Because of this, Lingad was able to integrate this large community into the bug bounty platform.
Cybersecurity is not a luxury
Cryptors’ target market are organizations that need to secure their websites, as well as individuals who want to learn and earn from bug hunting. It derives its revenues from subscription plans for organizations using the platform, premium tutorials for hackers, and seminars about cybersecurity for schools and organizations. Hackers can earn from organizations that offer rewards based on the severity of the bugs they discover.
In 2016, Cryptors was supported and mentored by software development company 8layer Technologies for about six months. This year, Cryptors is launching its crowdfunding project to raise P100,000 under Philippine-based platform The Spark Project.
One of the main challenges that Lingad now faces is the perception of cybersecurity as simply an add-on to the website, instead of a necessity. Most organizations, he opines, do not prioritize cybersecurity and only think of it as a luxury. Cryptors tackles this issue head on by conducting seminars around the Philippines. At the end of the day, Lingad says, “Even if you are protecting something or none at all, cybersecurity should be a priority. Otherwise it’s like you’re opening the doors of your building to anyone without guards and security cameras.”