Like many hackers, Sri Lankan-born Isira Adithya was a child prodigy, building LED bulbs and selling them to his teachers when he was just 11 years old. But he has never used his skills for nefarious purposes.
“Hackers,” says Adithya, “are people who refuse to take technology at face value. They probe, test, and dismantle to understand what’s inside and how it behaves. This can be used for security research, building better systems, or, in the wrong hands, for malicious gain.”
His was a dual track to fully understanding this, starting when he was gifted a laptop by his parents for passing a scholarship exam when he was ten years old. “For me, hacking is an irresistible need to see how things work,” he comments. “I was curious about machines and systems from an early age, not just computers. I wanted to know how cars function, how helicopters fly, and how electronic equipment operates.”
By the time he was 11, he started learning how to hack computer games on his laptop; but he remained interested in hardware ‘hacking’. Before he even got the laptop, he broke a DVD player by trying to reroute the audio output to custom speakers. At age 12, he built a small four-motor drone. “It took many failed attempts, but eventually, it hovered,” he explains. But he soon began to concentrate on computer hacking.
Some hackers are driven by a simple but irresistible urge to take things apart to see how they work. But for Adithya it was the whole nine yards: break and remake to do something unintended. “It’s a desire to make something work in a way that wasn’t originally intended. There’s something deeply satisfying about bending systems beyond their design. When I had my first laptop, I wanted to change the boot logo. With my phone, I wanted to replace the default operating system. That desire to push boundaries never really stopped.”
He started to teach himself game hacking when he was 11. “I realized I was a hacker when I modified a PC game for the first time,” he explains. “Faced with difficult challenges in games, instead of trying to beat them in the usual way, I wanted to explore how the game itself worked and how I could manipulate it. These were offline games, so no one else was affected, but it opened my eyes to what hacking really meant.”
A year later, and from age 12 to 14, he started to explore Wi-Fi hacking. His family had a guest renting a room in the house “who knew about computers”.
“He was older and helped guide me,” continues Adithya. “Back then, the internet was expensive, so I asked him to download YouTube videos about Wi-Fi hacking for me. I studied them repeatedly, and one day he challenged me to hack into his mobile hotspot. After running a brute force attack for about two days, I finally cracked the password. The adrenaline rush was unforgettable. I also had fun messing with friends during computer lab sessions at school.”
It seems as if the excitement of the challenge and the rush of success was the primary motivation for his early hacking, even though – like most childhood hackers – he enjoyed showing off to friends. Having gained these skills and reached this level of competence, he could have chosen to use them for his own financial benefit (become a black hat); but he didn’t choose that route. And it seems as if the discovery of bug bounties was a major cause.
“From the beginning, people around me told me to stay away from hacking because it was illegal and had no future. But I kept going. Around 2018–2019, I discovered videos about bug bounty hunting. The idea that you could legally hack real-world applications, get paid and be recognized, felt like a dream. It still took me two years before I earned my first bounty in April 2021. That moment, legally hacking into systems of world-class companies and getting rewarded was surreal. I knew then that ethical hacking was my path.”
During this period, he began programming in Python and learned Linux. At age 15 he took part in CTF challenges on the TryHackMe platform and was ranked among the top ten in his native Sri Lanka. A year later, he solved his first XSS challenge on the Intigriti bug bounty platform and started serious bounty hunting.
He got his first bug bounty in April 2021, at age just 16. He used the ensuing earnings from bounties to fund his further education – while also buying his first car. He wanted a degree in computer security and enrolled with the NSBM (National School of Business Management) Green University in Sri Lanka.
The Green University has a transnational education partnership with the University of Plymouth in the UK, allowing him to take the Plymouth degree course while still studying in Sri Lanka. He graduated with a first class honours degree from Plymouth – and bought his first house when he was just 21. All of this was funded by a concurrent but successful career in bounty hunting.
Isira Adithya could be described as a second generation hacker. The first generation typically got into hacking through the economic necessity of finding an inexpensive method of using the internet to join similar minded folks – which was very expensive at the time. This was no longer such a driving incentive with the young Adithya.
His motivation was the same driving curiosity of all hackers, coupled with the desire to change systems – not specifically to improve them, but to make them bend to his will. He didn’t have any early desire to profit from his skills, but his ability to do so coincided with his discovery of bug bounties. From that point onward, he was able to make a comfortable living doing good rather than harm through the bounties he earned.
The business advantage of bug bounties is to improve products by allowing businesses to understand and fix bugs before they can be found and used by black hats. The social advantage is rewarding hackers for their skills in an ethical manner – the creation and maintenance of ethical hackers.
Related: Hacker Conversations: Kunal Agarwal and the DNA of a Hacker
Related: Hacker Conversations: Rob Dyke on Legal Bullying of Good Faith Researchers
Related: Hacker Conversations: HD Moore and the Line Between Black and White
Related: All Hacker Conversations
