Can you explain the term “ethical hacking”?
Traditionally in computer security there are two types of people: Hackers and Crackers. Hackers are actually the good guys who work with the police agencies to catch the criminals and secure the internet. Crackers are the bad guys who engage in cyber crime. But over the years, due largely to media coverage, even the hackers have come to be looked upon as bad guys. So now there are “white-hat” hackers and “black-hat” hackers. Ethical hacking is a new name for consultants who are hired by companies and given permission to break into the company network to expose the loop-holes and devise counter measures.
What are a cracker’s primary motivations – fame, thirst for knowledge, money?
I think 60 to 70 percent of Crackers are in it for kicks. Being able to do things that others can’t really gets them going. To a certain extent it’s also about fame, because the hacker community is a very jealous community. If someone is able to break into a website, he becomes an instant hero to his hacking colleagues. And there is a very small percentage of people who do it for money; who are paid by, say, a competitor trying to break into somebody else’s secret data or stealing IP or corporate espionage or spying on other people.
When you were 14 you wrote a book – that’s quite an amazing feat. What was your inspiration at that stage?
I started my own website and started posting tutorials. In less that a year, around 60,000 members registered worldwide. And these people used to come back to the website on a daily basis. It was an entire community; an entire online revolution. The response was so good that a lot of people emailed me saying, “Why don’t you write a book?” I realised that, at that point of time, at least in India, there were no books on hacking. So I decided to convert my website into a book. Even today, my books are the only books on hacking in India. Usually, books from Europe and the US come to India, but it worked in the reverse order. They are available the world over and have been translated into seven or eight languages.
You’re making a good living out of this now. What was the flame that got you going on the entrepreneurial side?
I really don’t know… I can’t really pinpoint one such incident that really got me going. But I guess it’s just been in me, that fire has been there to want to do new things, want to explore new avenues and try to build up a career – an entire business - out of ethical hacking.
I realised that awareness is very poor, across all sectors, so there is huge demand for somebody who is able to create awareness and manage security for companies. It’s a huge market that is not really occupied by many players. At the top end you have players like Ernst & Young and PricewaterhouseCoopers, who charge an exorbitant amount of money and not their specialty. They do other sorts of consulting, and as an extra freebie they do security consulting as well. At the other end, you have a few small companies here and there, who don’t give the quality and the efficiency that’s actually required in the industry. So between these two types of companies there is a huge gap, which I am trying to fill.
There are always rumours around that some of the big software companies could be behind various viruses. Do you think there’s any legitimacy to that?
I actually did a small research stint at Symantec, in California. I posed this question to the head of the Information Security Management Group there. He just laughed and refused to answer the question. I personally feel that it’s definitely possible. It’s a great marketing strategy – where you release a few viruses, infect a few million systems and then come up with a counter measure for it. In fact, when I was setting up my business, a couple of guys said to me, “Why don’t you hack into your prospective clients’ website, deface the website, and then a couple of weeks later, walk into their office and offer them the solution?” But that’s unethical.
Share and Enjoy:
