Hacker Story - Muhammad Julfikar Hyder
Breaking In My Early Days as a Hacker
My name is Muhammad Julfikar Hyder (@thejulfikar), and this is my story of how I became a hacker. It all began when I was a teenager, fascinated by the internet's ability to connect people from all over the world. As I became more comfortable with technology, I started to explore cybersecurity. Initially, hacking was just a hobby, something I did for fun in my free time. However, as I delved deeper into the world of web hacking and cybersecurity, I realized that this was my true passion.
I remember the day in 2007 when I saw a white TV in my house. It was different from the normal television sets we had at that time, with extra cables and things attached to it. My elder cousins were playing video games on it, and I thought it was just a fancy television. However, one of my elder cousins introduced me to a whole new world. He showed me that the TV was not just a television, but a new device called a computer. He introduced me to the monitor, CPU, mouse, and keyboard, and to my young eyes, it was like magic.
I watched my cousins play games like “Road Rush,” “Age of Empires” and “Commandos.” It was a whole new world that I had never experienced before. However, computers were too expensive for us to own at that time, and our joint family could only afford to buy one computer for my older cousin, Sadek Mohammad, who was the first engineer in Computer Science in our family. As kids, we were not allowed to use or play games on that expensive computer, so I had to wait until 2009 to play my first computer game, which was “Road Rush.” That day changed my life.
The magic box
I discovered that the computer was a box of dreams, like a magic box that could take me on all sorts of adventures. We could ride motorcycles, build our own empires in “Age of Empires,” and fight with enemies in “Commandos.” It was like living in a dream world, and I was hooked. From that moment on, my excitement and curiosity for computers only grew. I wanted to know more about this amazing device that had captured my imagination, and so my journey into the world of computers began.
In 2011, my cousin, Sadek Mahmud, brought home a newer, more updated computer - one with 2 GB RAM and a Pentium Dual Core processor. It was a big leap from our previous computer, which ran on Windows XP. However, it wasn't long until we upgraded to Windows 7, which blew my mind with its sleek and modern UI. That was also the year I was introduced to the internet for the first time. I created my first Facebook account and began exploring the vast world of the internet.
Discovering the darker side of technology
As I was learning about the endless possibilities of the internet, I also became aware of the darker side of technology. Words like "hacking" and "cybersecurity" started to appear in my vocabulary. It was in 2011 that a tragic incident occurred at the Bangladesh-India border, where a Bangladeshi girl named Felani was killed by Indian Army BSF. This event triggered a cyber war between Bangladesh and India in 2012, which brought the word "hacking" to my attention for the first time. It was a stark reminder that technology, like any other tool, can be used for good, but also to inflict harm.
As a teenager in 2013, I got my first introduction to computers and video games. My family had purchased a new computer with a similar configuration to the previous one, and I became hooked on playing computer games, which started to affect my studies. My father was concerned and asked my elder brother, Yousuf Hyder, to intervene. Yousuf decided to schedule my gaming time on a guest account on the computer, but I couldn't resist playing outside the scheduled time. I tried everything to unlock the guest account by pressing random keys and trying random passwords, but to no avail. One day, I remembered seeing the current time on the boot menu and decided to see if I could change it. To my surprise, it worked, and I was able to bypass the guest account lock. This experience helped me realize that I had a talent for critical thinking and problem-solving on the computer.
However, my joy was short-lived, as I was caught by my brother and he removed my guest account access. I knew I had to do something, so I turned to the internet for help. After some research, I stumbled upon a way to bypass the Windows 7 password, which turned out to be vulnerable to password bypassing through the boot to System Recovery Options. By deleting some files and corrupting the system, I was able to bypass the system password with just two commands using the Command Prompt. Although it was a risky move, it paid off, and I was able to access the computer without getting caught for a while. As time went on, I realized that hacking into a system without permission was not only unethical but also illegal. So, I decided to channel my curiosity and passion for technology into more productive avenues.
Hacking learnings
My early hacking days taught me valuable lessons about the power of technology and the importance of using it responsibly. Although I became interested in hacking and cybersecurity, I knew that hacking was unethical and that there must be a better way to use my skills. I decided to become a cybersecurity researcher instead, and that's how my journey into hacking and cybersecurity began.
In 2016, my cousin and I decided to attempt something more daring and used a piece of software called a keylogger to hack into over 20 computers in local cyber cafes. At the time, we didn't fully understand the consequences of our actions and collected over 400 Facebook and Gmail accounts, foolishly not realizing the danger of our actions.
As I delved deeper, I noticed the growing reputation of Bangladeshi hackers between 2012 and 2016. This piqued my curiosity, and I wanted to understand how they did what they did and what motivated them. I decided to become an ethical hacker and started to connect with black hat and white hat hackers on Facebook to learn as much as I could from them. Some of them were even making a living from internet bug bounties, which inspired me to pursue this career. However, I faced many challenges before I could get started, such as a lack of resources and inadequate English skills. It wasn't easy, especially because most prolific hackers kept secret identities, but I persevered.
In 2017, Bangladeshi hackers engaged in cyber warfare against Myanmar (Burma) or India, bringing hacking back into the spotlight once again. It was then that I decided to take learning seriously. I searched the internet until I found proof of concept of SQL Injection vulnerabilities, which I learned in just one day. I used this technique on various websites, extracting their databases and even defacing some of them. However, I soon realized that this approach was not sustainable, and I decided to shift my focus to ethical hacking and bug bounties. I found an online course and began learning with my old, dual-core processor and 2 GB RAM computer.
Following my passion
Although it was not easy, I was determined to follow my passion for web hacking and web security. I became more interested in protecting websites from potential attacks and finding vulnerabilities in them. I printed numerous PDF books on web hacking and web security and read them whenever and wherever I had free time, even on the school bus and in class. My passion for learning about web hacking and web security was unstoppable, and I was willing to do anything to gain more knowledge about it.
I worked tirelessly day and night to improve my skills, even though it was challenging. In 2018, I explored programming again. I was always fascinated by how computers work and what goes on behind the scenes. I started with the basics and learned C and HTML, which gave me a solid foundation to build upon. C taught me the fundamentals of programming, such as data types, loops, and functions, while HTML showed me how to create and structure web pages. The more I learned, the more I realized how vast and complex the field of programming is. But I was determined to keep learning and improving my skills, knowing that the possibilities were endless.
One day in 2018, I stumbled upon a video tutorial on SSRF. Intrigued by the concept, I decided to try it out on a popular e-commerce site in Bangladesh. To my surprise, I discovered a critical vulnerability that could compromise the entire site. Although I was unsure if the company paid for submitting such vulnerabilities, I decided to report it to them anyway. The company rewarded me with a five-figure bounty. I was ecstatic and shared my findings on Facebook. But, you can read about them here.
A younger boy named Saikat messaged me, asking for details about the site and exploitation. I provided him with the necessary information, and we ended up making almost 1.5 lakhs together from that e-commerce site. Saikat then introduced me to a group chat on Facebook, where I met some amazing hacking friends, such as Remon, Saiful, and Hasibul.
Remon (@remonsec) and I began learning bug bounty at around the same time.. In 2020, Remon focused on delving deeper into deep learning, while I continued exploring bug bounty hunting on my own. I aimed to gain recognition from well-known companies and worked on producing excellent reports.
My hard work paid off, and I was acknowledged by big names such as the University of Cambridge, the United Nations, Apple, Lenovo, Harvard University, eBay, the University of Twente, Utrecht University, Avans University of Applied Sciences, Ns1, Coding Ninjas, Blinkit, The European Broadcasting Union, BASIS, and many more in 2021 and 2022. Although I earned a sufficient amount of money, I didn't chase after it. Bug bounty hunting was my true passion, and I decided to pursue it as a part-time career while completing my bachelor's degree in Computer Science and Engineering. My goal was to be the best bug bounty hunter I could be.
Giving back to the community:
After succeeding in the bug bounty world, we decided to give back to the community. I co-founded the Bug Bounty Community Bangladesh with my friends K.M Tanvir, Remon, and my little brother SMH Tahsin. We recognized the need for a platform where like-minded individuals could come together, share knowledge, and collaborate on bug bounty projects. Initially, we had no proper guides or resources, so we established a community where everyone could learn from each other and grow together. Our community has grown to include many talented individuals who are passionate about cybersecurity and ethical hacking. Together, we achieved numerous milestones, including organizing training sessions, workshops, and conferences to promote cybersecurity awareness in Bangladesh. We also conduct bug bounty programs for various organizations to help them identify and fix security vulnerabilities in their systems.
Our efforts have not only contributed to the growth of the bug bounty community in Bangladesh, but we have also helped raise awareness about the importance of cybersecurity in the country. It brings me great joy to see how far our community has come, and I am excited to continue playing a role in its growth and development, inspiring others to pursue their passion in the field of cybersecurity.
However, towards the end of 2022, things began to change. I became busier with my studies, and life took a turn for the worse. I lost my love, my money, and some of my friends. The weight of these losses bore down on me, and I fell into a deep depression that lasted for seven months. It was a feeling I had never experienced before, and it was difficult to overcome.
But with the help of my friends in the bug bounty community, Ansar Uddin Anan and Remon, I was able to pick myself up and start again. I resumed my research, this time taking web hacking more seriously than ever before. I was determined to succeed and knew that I would overcome the challenges ahead.
Reflecting on my journey, I realize that chasing money was never my main motivation. Pursuing my passion for bug bounty hunting was what kept me going. My goal was always to be the best version of myself, and I never lost sight of that. Now, as I prepare to face new challenges and reach new heights, I am confident that I will emerge stronger than ever before.
Would you like to be the next hacker sharing your story? Fill out this quick form and we'll get in touch.