Cyber Security- Ethical Hacking
CMAI Director, Saket Modi Press interview on Cyber Security and ethical hacking
“Being online is not the solution, being online in a safe way is what everyone wants.”
Do you have a Facebook account? A Twitter account? What about Google+, MySpace and every other social networking site there is?
If you’re answer is yes (which I’m guessing it is) then here’s a little reality check for you.
If you’ve ever felt like you’re being watched, that’s probably because you ARE BEING WATCHED. Your every check in, every like, every #instamoment, and every relationship status is out there for everyone to see.
If you don’t believe us then believe the experts.
We got together with young entrepreneur Saket Modi, the CEO and Co-Founder of Lucideus Tech (an organization that focuses on cyber security) to discuss the importance of cyber security, the implications of your personal data being available online and lots more.
45 minutes later, the only thought that popped into our mind was, “Hell hath no fury like an embarrassing FB update gone viral.”
Why, you might ask? Read on and you’ll soon find out.
Tell us a little bit about yourself and what you do.
As you know, I run this organization which only does one thing and that’s cyber security. The only area that we understand is cyber security, and we do everything related to that.
And about me—well, in short, I’m a tech guy. I’m from a computer science engineering background and I’ve always loved computer science in a very raw form. As one thing led to another, I could see that in the field of computer science, security was the question that everyone was asking—at the level of a corporate, of a bureaucracy, of the government, everywhere. And I was deeply interested in security always and that’s the reason why I like doing it and I jumped into it.
But the one thing that I love about what I do and what our job is is that security isn’t a different vertical of computer science, but it’s a more scientific, in depth, grass-root knowledge that you need to have of computer science. And computer science taken to the next level is what creates the hacker or the “ethical hacker” as I would like to call it, and that’s the most interesting part. So for someone who is very passionate about computer science, this is the right place for him to be. And that’s exactly what I was and what my team is.
Why is cyber security important? What do people need to know about cyber security?
Every two days, we produce the amount of data that was produced from the beginning of human civilization till the year 2003. Now this is enormous, it’s huge. It’s something which the human race and society have never seen. And, such a huge amount of data is being produced, being analysed, and it’s being stored. Earlier, during the IT revolution, the question that everyone was asking was, “How do I get on the internet?” Now, with so much date online, the next big question that everyone is asking is, “Okay, we’re online, but what about the security of the data?”
If you see the trend of hackers in the last 30 years it has changed. The first virus which was discovered or invented by a couple of Pakistani computer science pranksters was done for fun; making the computer do something that it’s not supposed to do. But today, hacking is a state sponsored activity. You have the Mandiant report saying that the Chinese government has buildings and buildings of professional hackers whose only job is to take down, and see the data of different countries and what not. So this is now a very serious issue, because hackers have shifted to a serious space. And when that has happened, you now need organizations which answer to the need of organizations that need the privacy, the confidentiality of the data that they have. And that’s the reason why cyber security is so crucial, and suddenly everybody needs to talk about it.
Being online is not the solution, being online in a safe way is what everyone wants.
So what is the real problem?
The problem is really at the enterprise level, the corporate level. People aren’t just coming and saying, “Can you build us an application?” They’re saying, “Can you build us a safe application?”
And that’s where we come in.
Today if you see the connectivity of individuals, almost 2.2 billion people are connected over the internet. That’s more than one third of humanity. This connectivity implies that a massive amount of personal data, which people take for granted, is shared on Facebook and Google. What they forget is that Facebook and Google is not the “government”, they’re not an NGO. At the end of the day, they are profit making private organizations and you’re risking your personal data on their servers with the assumption that Google is not going to read your mails, but that’s not true. So there needs to be awareness and a kind of culture needs to be embedded into people where they understand that it’s not safe when they use such platforms for their personal information.
Today governments are using personal information from platforms like Facebook to calculate or predict an individual’s preference, political or otherwise. How can I, as an individual, protect myself from this?
You’re scared about the government taking data from Facebook or Google to do what we call an “IT emotional analysis”, but here’s the bigger problem—your data is readily available on Facebook and Google. And Facebook and Google are already using your data to make the same analysis. The ads that you see on the right hand side, on Gmail or on Facebook, are all a result of an analysis of your profile. And what’s more is that they are legally permitted to do that because you’re using their website free of cost. Remember when you’re using something free of cost; you’re the product that is being sold there. So Facebook is selling you and Google is selling you, and it’s a fact!
What people don’t understand is that the government is elected to serve the people. But your data is in the hands of private organizations. And who is private? Its agenda is to make profits; its agenda is not social service. I’m not concerned whether the U.S. government is watching me, because Google is already watching me! How can you allow your private, confidential information to be with Google in the first place? You cannot. And that’s the bigger problem which people generally tend to forget about.
So what is the solution?
The solution is very simple. When you put any kind of information on the internet, be it Gmail, Facebook, Twitter, YouTube, anywhere, always think about it from the angle that this information is absolutely public. That this can come out at any time or on any public forum, and could go viral. So if you feel that this information that you’re posting or sharing is not something that you, under any circumstances, would like to come out in the public eye, don’t share it. Not using the internet is not a solution today, but using the internet knowing this and knowing what could happen is the solution.
Okay. Now let’s talk a little about you. You refer to yourself as an “ethical hacker”. But why would someone see you differently from a “hacker” or a “hacktivist”?
First of all, the major difference is that I have a face! I can be called anytime and I can be contacted. Secondly, when I say that we do something called “ethical hacking”, we do have the option of becoming hackers and going out there and doing revolutions, but we choose this path of ethical hacking.
I’ll give you an example. When you live in a house, you have a watchman that stands outside. Now that watchman carries a gun with him, but would you be scared of that watchman? No. Now the guy who is guarding your home has the power to point the gun at you and shoot you, but he doesn’t do that. Why is that? It’s because of trust.
At the end of the day, every single thing that you can think of boils down to trust. And we are in the business of actually pointing out threats to people so that they can secure themselves. The very ground on which we breathe on is that “trust” factor, and if that is breached, we can never expect the client to come to us. So for us, that brand integrity of being there with a “face” and a “white background” so that our future clients can believe us and then give us the next job is what defines our existence. That’s the reason why we’re there and that’s the basic difference between us and any kind of a hacker.
Your company has launched a new app called Lucidroid. How is it different from other applications?
The first difference is that this application is non commercial. We don’t give it to anybody and everybody, so if you want to have Lucidroid,you cannot.
Secondly, the basic difference between this app that we have created and other applications like FindMyIphone etc. is that this application is very stealth. The main property of this app is that if you embed this app into a phone, the owner of the phone will never come to know that this app is installed in his or her phone. It’s hidden. I can put this app on your phone and boom! I have lifetime access to your GPS coordinates, to you call records, to your SMS details, to your browsing history, to your phonebook, and all this is live.
I can click pictures from your camera, I can record on your microphone, I can do a lot of things on your phone and the most interesting part is that you will never come to know that I’m doing any of this on your phone.
You spoke about cyber security, let’s talk about cyber terrorism. How can governments safeguard a nation from cyber terrorism?
If I had to say it in one line, it’s very simple: You have to make security the culture of a nation. If you’re using a password for say, Facebook, and Facebook starts asking you that your password should have one special character, one number, one upper case, one lower case, trust me, it’ll be a pain for every person who is using that application. Because who is going to remember that password right?
On the other hand, the normal password will work for you because you remember it. So you take the previous kind of password as an added burden on yourself. But it should not be taken as a burden. Now, when 9/11 happened, the check in timings of every flight became 45 minutes prior to the departure of the flight and you had very strict protocols to eject before you enter the flight. Right? People today, don’t take this as a burden. You don’t grumble about going 45 minutes earlier, you know that you have to. You know it’s not an option. Because you know that your security is at stake, so you have to go there. And you don’t take that as a burden, it’s a lifestyle, a culture.
Exactly, in the same way, people need to be made aware of what are the implications and consequences of having bad security policies in place in your personal life, your professional life, everywhere. When they know that, that is when they start understanding that remembering a password with one character, one number, upper case and lower case is not a pain, but is in fact a good thing for them in the long run, because it is much more difficult to crack into that password. The answer lies in making security a culture rather than using firewalls etc. That doesn’t really help in the long run!
So what is the need of the hour?
As you must know, on the 6th of July there was an Indian Cyber Security Policy that was released by the government of India. Now that policy says that India needs 5 lakh security experts, and currently, we possess only close to 22,000 security experts. Clearly there is a huge demand-supply gap in this situation.
So you need more security experts in those terms and only then will we be able to go ahead and do something. So you need to look at capacity internally, do skill enhancement workshops and only then will something happen.
How do you keep yourself updated in this space? How do find a way around the new tricks?
You really need to be updated with everything that’s happening in that world. You need to keep learning from the mistakes because that’s the only way it happens. And of course, you need a very good R&D team, a young R&D team I would say, because this field is so dynamic that it changes everyday. So you definitely need a young and dynamic team so that they can be, as we call it, the “head of the security curve” and give the right kind of protection. And that’s where Lucideus comes in. The goal of Lucideuswas to become someone that only does cyber security. And since we only do security, I would say that our only competence is cyber security. So when you come to us, you know that you’ve come to the right place.
As a young entrepreneur, do you think that young people today are driven?
You know, I have personally trained more than 10,000 young people across the country. And let me just tell you that we are sitting on a time bomb. There is such an enormous amount of talent that is waiting out there, only because they are not getting the right platform. When people say that you don’t get the right kind of people from engineering colleges in tier 2 or 3 cities, and you only find that talent only in the IITs, it’s a complete myth. The only difference between the IITians and the non-IITians is that they don’t get the right platform.
There are hungry youths across the country that are waiting for the right platform, where they can dive into the world of their passion. And they really want to do things with their life. Other countries have seen their peak, it’s time for India to see its peak. And it has to happen right now because there is some amazing stuff happening out there.
CMAI Expert Group on Combating Cyber Crimes and On line Protection
1. NK Goyal, President CMAI Association of India
2. Mustafa Saidalavi, CEO DISC Foundation
3. Vineet Kumar, Chief Technology Officer, Jharkhand Police Click here for Bio-Data
4. Panjwani, Advocate, Supreme Court of India
5. Mr. Anjan Bose, Cyber Security Expert