In the past 12 months at least 42 million Indians were hit by cyber crimes and the recorded loss of the same was a staggering 8 billion dollar loss. In such an event and while conducting an estimate, it becomes clear that in order to stem this rot, India needs at least 4 lakh more ethical hackers.
Mohan Gandhi, who passed out of IIM Ahmedabad provides anti piracy solutions through his company Entersoft Information Systems. In this interview with rediff.com, Gandhi speaks about the challenges while dealing with cyber security and also what it is to be an ethical hacker.
How important is it for India to have ethical hackers?
42 million Indians were hit by cyber crimes in the last 12 months, with a total of US$ 8 billion recorded in direct financial losses to Corporate. India is the third most affected nation due to hackers. In terms of cyber attacking abilities and fortification standards of India is far below Israel, USA and China. China filters and monitor almost every packet/piece of information. Unfortunately, India has seen many Government websites, defense and Navy websites being hacked in the recent times. Our country has been traditionally defensive in terms of information security.
Have we identified the importance of ethical hackers?
Corporate India has now identified the importance of ethical hackers and almost every security company has ethical hackers as a strategy to perform ethical covet activities. According to latest estimation by cert-in, India is in need of more than 4 lakh ethical hackers. World has seen how important Intellectual Property in this century. Apple, Samsung and Microsoft of the world use patenting for competitive edge.
Is ethical hacking still considered to be a shady job?
Without real time assessment of risks, India cannot improve its ability to protect its Intellectual Property as a whole. For us to have real time assessment, we need to see offensive part of security. Ethical hacking as a profession was considered as a shady career option. But now, India has realized the importance of security and importance of offensive security.
Countries like Israel, Russia has top hackers in the world. Their offensive approaches helped the respective nations to build systems which are most difficult to hack. I believe in the next 5 years time Corporate India will definitely follow offensive security options. For Govt. and PSUs I think it might take more time due to the dearth of quality ethical hackers in the country.
Could you tell us more about what it takes to be a hacker?
Being a hacker is different and difficult. Hackers always have to know how to tear apart latest technologies. Indians, in recent times have started upgrading their skills to learn the latest hacking technologies. Having hackers will help the country to be strategically strong in IP protection, for national defense and huge public sector projects like UID etc.
Looking at our cyber crime set up, it is clear that there is a lot lacking. Any suggestions?
Being a hacker is a tough job. Indian education system does not see ethical hacking as a great profession since it requires continuous learning. Having in house cyber crime investigation departments and to continuously update latest happenings in the forensic space needs lot of training and time. Given the lack of infrastructure, it is extremely difficult to handle continuously increasing cyber crimes.
There are some good things too happening with the Government. Preliminary discussions have been held on establishment of a multi stakeholder Cyber Coordination Centre which will detect malicious cyber activities in the Indian Cyber space and issue early warning alerts. But, there is always a huge lack of infrastructure and coordination. Cyber Crime Cells should coordinate with ethical hacking companies and private sector to find products which make the process automated. Developing B2C detective and awareness applications definitely reduce the cyber crimes. Another major reason why cyber crime cells are not successful is that Cyber crime set-ups did not raise awareness about minimum knowledge that common people should know to avoid scams. Human intervention is one of the weakest links in the security systems. We cannot inherently separate it from technology. Cyber Crime Cell has done a good job in setting up infrastructure and learning tools to track cyber criminals. But it is equally important to increase awareness about cyber crimes to common people.
The role of cyber crime cells?
Cyber crime cells should perform various awareness activities about cyber laws, cyber scams etc… College events, Corporate events might be good avenues to do this. The growing dependency on Internet makes it necessary for governments to invest in cyber education through inclusion of IT security in college curriculum at an early level. Having good practical cyber security curriculum stops cyber crimes at the root level.
You propose to fight piracy. Could you please elaborate on the same?
As per our analysis, we strongly believe that first 7 days of a movie is very critical for the commercial hit of a movie. A movie once released has got very high chances of getting the Cam-print, which are available to viewers in various formats like CD’s in various local shops, Online Video Sharing Sites and as torrents which can be downloaded onto viewers’ local machines. All these formats would have a direct impact on the footfall of the viewers in local theatres, which would ultimately effect on the commercial success of the movie.
Entersoft strongly believes that the only way to curb piracy is to attack it. The only way you can attack is through Hackers. Our uniqueness lies in the R&D of hacker heuristics and emphasis on offensiveness. The effectiveness is based on proven offensive security methodology. We promised renowned Telugu film director Mr. Shekar Kammula that his movie print will not be online for 14 days.
We have found a systematic methodology through ethical hackers which will attack piracy. We have automated most of the activities. We are soon planning to release a product which can effectively stop piracy for first 7 days.
Is the government doing enough to fight piracy?
India is the fifth largest user of piracy followed by China, Colombia, Russia, Malaysia. Not surprising. 65% Indians do not feel using pirated content is wrong. In India we have good cyber laws and IP protection acts. Government need to provide privileges to parties who fight piracy. For example, providing a good reporting ecosystem helps. For example, we can attack piracy at various levels. At internet service providers, hosting providers, file sharing/hosting websites etc. We cannot block the sites altogether. We cannot restrict the internet. Indian government need more time to implement effective monitoring and blocking. But, if government can provide avenues to easily raise IP issues we can definitely stop piracy. We have to approach ISPs, hosting providers etc separately altogether. Most of the anti-piracy cells are organised groups partnering with Police department or administration. Government has already facilitated cyber laws to protect IP. Online piracy is something which is very difficult to stop. Good laws and continuous help from Police department will help curb piracy at source levels like CD shops, cam recording companies etc. But, given the Indian scenario, private sector should see this as an opportunity. The problem Indian film industry face is its alienation from private sector. A collaboration of Government, private sector and awareness about common citizens can only stop piracy. For Government, piracy to not a big problem to solve, they have many big other problems. I believe that private sector should bring in a change. The problem with private sector and Film and media collaboration is that Film industry is informal and Private sector is formal.