News APP

NewsApp (Free)

Read news as it happens
Download NewsApp

Available on  gplay

Rediff News  All News  » Getahead » Ethical hacking: Meet the James Bonds of cyberspace!

Ethical hacking: Meet the James Bonds of cyberspace!

Last updated on: September 28, 2012 18:40 IST

Image: Image for representational purposes only
Photographs: Courtesy Careers360 Rashmi Menon, Careers360

Traditionally, hackers have played havoc in the digital era, giving them a bad name. But a new breed of professionals are using their hacking skills to protect data and fight cybercrime.

A little help from 24-year-old Sunny Vaghela goes a long way in helping the Ahmedabad police during investigations.

It all began with an MMS case at his university where he was a third-year engineering student.

"The university and police approached me to find the student who uploaded the video on a social media website where he had created a fake ID," recalls Sunny, now Founder and Chief Technical Officer of TechDefence Consulting, which routinely assists in investigations involving cybercrime, a growing menace .

Fighting cybercrime

The recent password thefts at Yahoo and LinkedIn are examples of cybercrime on a global scale.

Closer home, our own government's website was disfigured as well as that of several politicians. Computer Emergency Response Team -- India (CERT-IN), a government nodal agency, acknowledges that even popular consumer programmes and browsers are vulnerable to hacker attacks.

With more people and organisations becoming digitally savvy, information and data security is slowly but surely emerging as a lucrative career option. However, there is a shortage of trained professionals in this field.

Ethical hacking is legal

It is not a surprise that this breed is viewed with suspicion as the media has sufficiently highlighted the exploits of malevolent hackers.

However, ethical hackers take prior permission from companies, organisations or individuals, and use their skills and knowledge of technology to expose loopholes and vulnerabilities in digital data and systems. They recommend solutions and submit reports, explains Sunny, who points out that ethical hacking is legally recognised.

Further more, hacking is often referred to as "penetration testing".

Please click NEXT to continue reading...

'An ethical hacker focuses on one IT domain'

Image: The BIOS team from Amrita Vishwa Vidyapeetham attended an event by forum Positive Hack Days or PHD in Moscow recently
Photographs: Courtesy Careers360

What ethical hackers do

The role of ethical hackers or Information Security Experts (as they are called in India) is to protect data and track unauthorised or malicious hackers, especially in sectors like IT, police services, defence, insurance and banking.

"An ethical hacker usually focuses on one IT domain such as networking, operating system or cloud computing, and becomes an expert," says Sangeet Chopra, Chief Technical Head at Cybercure Technologies.

If a system is hacked into, ethical hackers resort to tests such as vulnerability assessment testing, application penetration testing, network penetration testing, security analysis, reverse engineering, malware analysis, security auditing, and also security management.

Good guys versus bad guys

"The hacker is the cyber James Bond, saving the system from malicious hackers who are trying to use their superior knowledge for illegitimate gains," analogises Yogesh L, member of Random Hacks of Kindness (RHoK), an international community of professionals, which refers to its members as innovators and uses technology to create usable technology solutions for real-world problems.

Besides security, ethical hackers can also help in creating new applications from the existing technology that could find its way to end users.

A knack to hack

Chopra, Sunny and Bangalore-based IT-professional Dolly Koshy got interested in the field during their school days.

"My parents locked the computer with a password because exams were near. Since I wanted to check a social media site I had to crack into the system. Eventually, I hacked into it and got access to my computer," recalls Chopra.

'A certification adds weight to your resume'

Image: Image for representational purposes only
Photographs: Rediff Archives

Getting certified

All ethical hackers are not engineers. Chopra did a BSc before taking up ethical hacking as a profession.

But how important is a certification in this field?

Chopra shares that many professional information security consultants believe that certification is not necessary to take up ethical hacking as a profession, though technical knowledge is imperative.

On the other hand, a certification adds weight to your resume, feels Vaghela.

EC-Council, an international body is authorised to provide certified ethical hacker (ECH) certification.

Expanding your skills

The Hyderabad-based Entersoft Information Systems is one of EC-Council's accredited centres in the country. Nithyanand, co-founder of Entersoft, believes that having programming knowledge in C/C++ would prove to be advantageous in getting a better grasp of the course.

The IIIT-Allahabad provides a two-year MS degree in cyber law and information security.

"The course teaches students about information security and the legal implications in it," says Sunny, who conducts Certified Cyber Security Expert (CCSE) course.

In this field, practical knowledge is a must and certified courses have virtual labs. Here, students are allowed to perform all kinds of experiments on fake websites.

Dolly, nearly at the end of her 40-hour Certified Information Security Expert (CISE) course (Level 1), is learning how to prevent possible hack-attacks in her computer system but also to protect her system once it is hacked.

"I have come to realise how vulnerable you are on the Internet," she says.

Sunny Vaghela, Certified ethical hacker and Founder & CTO of TechDefence Consulting says that in the field of ethical hacking, every day is a new challenge. Excerpts from an interview:

Hackers get into the profession young. What about you?

I got curious in Class 9 when my e-mail account got hacked into. I began to explore but did not know there was potential for a career. So, I did Electronics Engineering but continue to myself by doing new courses.

So, how do you do ethical hacking for a client?

There are essentially two types of penetration testing (alternative name for hacking). One, white box testing, where the clients gives me privileges that the company's system administrator would get. I receive all passwords of firewall and other security softwares, and need to check if these are safeguarded enough. Two, black box testing where the company does not give me access or reveal passwords.

I only have the IP address through which I hack into the company's system. Then, I identify vulnerabilities in the security system and exploit them, then give a detailed report on how I managed to hack in and what steps needs to be taken to resolve the security lapses.

Black box testing is more in demand because companies need not divulge any info to us, that is, third party vendors. So, ask for black box testing first, then conduct white box testing to detect any coding errors. Companies often ask ethical hackers to train their employees so that they can handle and analyse any attacks in-house when updating their technology in future.

What do you like about this profession?

I enjoy solving new challenges, and in spite of being a certified ethical hacker, I am constantly learning new things.

'Security and secure coding is a must in today's world'

Image: Image for representational purposes only
Photographs: Rediff Archives

Cyber forensics

An upcoming vertical, the main purpose here is to crack into computer hardware, e-mails and other digital databases to retrieve data and establish evidence and digital signatures in criminal investigations. The government has made it mandatory to have cyber forensic reports submitted in any investigation.

Cell phone penetration

Smartphones have enabled several new uses through the concept of mobile apps, which are connected to the Internet. Many don't realise the need to protect their cellphones with anti-viruses as they do for their laptop or PC.

"These applications may have loopholes that can be compromised when installed," says Nithyanand. Hacking techniques like SIM cloning or caller ID spoofing are used to hack into a known number from anywhere in the world and call you.

"To overcome this problem, penetration testing must be done when the application is developed. Besides this, we can analyse a log on, how and when the phone was hacked based on forensics," he adds.

A collaborative profession

RHoK, an international community of hackers that pool in their resources to collaborate on world-scale projects, has been organising weekend hackathons since 2010 in India where expert ethical hackers are invited. An eBlood bank was an outcome of one of them.

Hackathon mania!

Corporates like AT&T, Google, Microsoft, Yahoo! and SlideShare, online hacker communities and universities routinely host 'hackathons', events where students and professionals can showcase their prowess and skills, network, win prizes and even find potential employers!

Usually teams are asked to hack into the company's software and create innovative technology.

Campus buzz

Amrita University, Coimbatore, has been holding hackathons for students since the last two years, and will be hosting CTF (Capture the Flag style of ethical hacking) in the future.

Teams will be given vulnerable machines, where they have to identify loopholes, fix them and capture the flags in other vulnerable machines. Teams who do this successfully, are awarded points.

Sheshagiri Prabhu, organiser and member of Team BIOS, feels that more universities should host hackathons, as hands-on experience is the best way to learn computer security and for students to enter the software industry.

"Security and secure coding is a must in today's world," he says. Team BIOS has been actively participating in international hackathon contests, like the one by international forum Positive Hack Days in Moscow.

Women players take to the field

Image: Participants at India's first all-women event Developher Hackday Linkedln inDelhi
Photographs: Courtesy

Women hackers

Recently, SlideShare (acquired by LinkedIn a few months ago), held its first hackathon exclusively for women hackers and programmers in the US and Delhi simultaneously.

The organisers were pleasantly surprised to find eight teams of two each participating and all made innovative presentations at the end of the event.

Adobe employees Bhavana Sardana, a computer scientist with the print technologies department and Reena Agrawal who works the InDesign, won the event in Delhi for developing Fixcity, a hack on live traffic conditions using Google Maps to improve the world during the daily drive to work.

"Learning new technologies is our passion and hacking is a nice way to learn new ones. It felt great to demonstrate our  applications to the judges. They were very impressed looking at the demo and their feedback made us feel really delighted, says Bhavana, who won the  SlideShare-LinkedIn DevelopHer Hackaday event

"We used Dreamweaver, Phonegap and Eclipse to develop the app," she adds.

Networking with recruiters

"There are many women developers in Bangalore and Hyderabad but we haven't noticed many in Delhi. We thought this might encourage more women in technology," explains Priyanka Rowthu, Asst Manager-Recruitment, SlideShare. In turn, it helps the organisers in recruiting skilled participants.

"Apart from a strong academic record, having a technical blog or showcasing interest in technology gives the candidate an edge, during recruitment," shares Priyanka.

Pay scales

Unlike other industries, the pay scale in this field entirely depends on your knowledge, skills and initiative. According to Nityanand, Rs 2 to 3 lakhs per annum is the pay package for freshers. However, Rajat Garg of Cybercure Technologies says depending on the projects, an ethical hacker can earn about Rs 5 to10 lakhs.

Stay ahead of the bad guys

"Constantly your knowledge as soon as the technology updates itself. If you stop learning, your knowledge will be obsolete in no time," Sunny advises.

Where to study?

Careers360 is a complete education and career magazine offering campus and course reviews, career features, scholarships, expert advisories, entrance exam preparation & solved papers, admission alerts and more.