Ankit Fadia, a renowned cyber security expert was only 13 years old when he first hacked a website. “My favourite publication was CHIP Magazine and I wanted to see what I could do, so I defaced their website. Instead of going to the main page, people who accessed CHIP India saw a large portrait of me,” recalls Fadia. “I spent the whole weekend in fear. I thought I was going to get arrested. On Monday, I e-mailed the webmaster saying I was sorry about what I did, and let them know how I did it, and how they could prevent such an attack in the future.” CHIP was so impressed that they offered Fadia a job on the spot.
That was Fadia’s only illegal job. Later he went on to become one of India’s top cyber security experts and a champion for ethical hacking.
Who is an ethical hacker?
As the word suggests, ethical hackers or penetration testers, protect users from Internet thugs, virus, worms, etc that can completely destroy computer systems.
“To catch a thief, think like a thief. That is the principle of ethical hackers, as they have the ability to think and act like a criminal and can read the mind of a criminal, outsmarting him or her to protect systems,” explains Fadia.
“It is a hit-and-trial method. Out of the 100 tools used, only one does the trick.”
Need for security experts
Fadia believes every institution needs trained hands to ensure foolproof safety for their systems and this industry can offer huge job opportunities.
“Every information you browse on the Internet and store in your computer is monitored and saved. All softwares and websites have loopholes that’ll help crackers,” says Sahil Baghla, a BTech student at Lovely Professional University, Jalandhar, who runs the website www.ethicalhacking1.com.
Baghla recalls the case of a student who was sent an e-mail that said he has won $1 billion and he can collect the money from someone who will be coming to India soon. A few days later the student was asked to pay Rs 45,000 as transaction charges, after which the prize money would be given to him. The suspicious student approached Baghla who found out that the e-mail was actually from a neighbouring country and not the US.
Baghla, along with 25-year-old Deepak Sharma, a BTech student of Maharshi Dayanand University, Haryana, conducts seminars on cyber security for students and anyone who is interested.
“Our seminars teach students about how to use the Internet safely. In the coming days, when more and more people will get on the Internet, securing important information becomes essential,” explains Sharma.
Apart from possessing excellent programming and networking skills, an ethical hacker needs to be patient. Ethical hacking is not a process that can be executed with a snap of the finger. In some cases, one may have to monitor the system for days or weeks to get a single opportunity at the jackpot.
Also “this is a niche area, which requires constant effort of upgrading skills, knowledge of latest UTM (Unified Threat Management), viruses and
attacks by the hour,” says Zaki Qureshey, founder of E2 labs.
Men on mission
The word hacking has a negative connotation. Many parents would be wary of having their wards engage in it. Similar was the case with Fadia. “It all started as a mere hobby, so my parents weren’t really worried about what I was doing then. Things started falling in place after I wrote my first book, Unofficial Guide to Ethical Hacking. I finished writing the book in just one month, but my parents didn’t believe me until I showed them the manuscript,” he says.
Lack of information spurned Fadia to start a website and an Internet forum on hacking. Fadia helped the US government to decode Al Qaeda messages. Fadia has also designed ‘Hack Attack’, a board game on computer hacking.
Ethical hacker Rohit Srivastwa is on a mission — making security a common sense. He began an event, Club Hack in mid-2007 to create awareness about cyber security. He has been organising conventions where hackers from across the world come together to share their knowledge.
Like many hackers, 30-year-old Srivastwa’s foray into the field happened during his college days. “Those were the days when I learnt reverse engineering on my own. Then I realised the thin line between the negative and the positive part of hacking. It’s very important for anyone in this industry to understand and obey the difference. One wrong step and you can be on the wrong side of the law,” he explains.
Was he ever tempted to use his skills to get back at someone? “The long and boring lectures of ethics by college professors did the trick. It kept me on the positive side,” he says.
Has his account ever been hacked? “I personally face the attempt of hacking of my accounts at least once a day. Most of these are attempts to recover my passwords on common services for which I get an alert from the service provider. I get a bit more paranoid when it comes to security and thankfully till now I’ve been able to safeguard myself,” says Srivastwa.
Today a lot of companies are hiring ethical hackers, where they’re asked to break into systems and report hacking. “This has become a very popular service industry where hackers get hired by big organisations like banks to find out the vulnerability in their systems,” he explains.
The starting salary for ethical hackers in India ranges from Rs 3 lakh to
Rs 4.2 lakh per annum. But with experience and reputation, his or her income increases.
It is clear that people with these skills will be in high demand in the future and that they are going to have a tough job on their hands. The one great challenge of an ethical hacker is to stay one step ahead of crackers. They’ve got to keep up to speed with what’s going on and how technology is advancing n
(with inputs from Dennis S Jesudasan)