IIT Kanpur recruits teen hacker who exposed flaws on CBSE’s OSM portal

CBSE OSM: Just days after 19-year-old ethical hacker Nisarga Adhikary spotted multiple security vulnerabilities in CBSE's on-screen marking (OSM) portal, the Indian Institute of Technology (IIT) Kanpur has reportedly recruited him for a full-time role at its national cybersecurity center, the IITK C3i hub.

According to the Hindustan Times report, IIT Kanpur’s director Manindra Agrawal said he reached out to Adhikary after reading his blog post, published on May 22, detailing the vulnerabilities in the Central Board of Secondary Education’s OSM portal.

Also read ‘Future built on Class 12 marks’: CBSE scandal pushes parents of next batch to seek answers from schools

Adhikary joins IIT Kanpur as an engineer

Adhikary has joined the C3iHub on a contractual basis as an Open-Source Intelligence (OSINT) and threat intelligence engineer under its cybersecurity team.

Officials said at IIT Kanpur, Adhikary, who completed his Class 12 exam this year, will work on analysing actionable information gathered from publicly available sources and identifying vulnerabilities in websites and applications, which will allow assisting organisations in detecting and addressing potential security weaknesses.

Also read 'Son Im Crine': A teen and techies Vs the CBSE; or how the battle over the OSM portal unfolded online

On the other hand, Class 12 student Sarthak Sidhant also alleged that several eligibility and evaluation criteria were modified between different rounds of tendering. Among the changes highlighted by Sidhant was the removal of clauses related to poor performance.

According to Sidhant, earlier versions of the tender included provisions that allowed bidders to be disqualified for reasons such as poor performance, failure to complete contractual obligations, or financial inadequacies.

He claimed that these provisions were subsequently removed from later versions of the tender. Read More | Inside the blog that brought CBSE's OSM tender under scrutiny

Sidhant reacts to IIT Kanpur’s decision

Meanwhile, responding to Adhikary’s hiring, he posted on X (formerly Twitter) and said:

“@IITKanpur hi though like im open to work lol.”

He also posted on X, tagging the Comptroller and Auditor General (CAG) of India, and said:

“@IndiaCAG i did what your job should be, AG office doranda is near my home, when do i start."

A job appointment typically involves higher educational qualifications and a resume; however, in the case of Adhikary, it was a blog post detailing vulnerabilities in CBSE’s OSM portal.

Also read IIT Roorkee allows candidates below 75% in Class 12 to participate in JoSAA counselling

The IHUB NTIHAC Foundation, also known as the IITK C3i Hub, is a Section 8 company established under the National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS).

The C3i plays a crucial role in India’s cybersecurity ecosystem by contributing to the protection of national critical infrastructure, identifying cybersecurity vulnerabilities across government and private-sector organisations, besides cybercrime investigations, and supporting startup development in the cybersecurity domain.

Following directions issued by Union education minister Dharmendra Pradhan, IIT Madras and IIT Kanpur deputed a four-member team of experts in computer systems and cybersecurity to assist the CBSE board in resolving issues affecting its post-result services portal.