How to hack a hacker - Printable Version
+- ISRA - Professional Information Security Community Forum (http://is-ra.org/forum)
+-- Forum: General Security Corner (/Forum-General-Security-Corner)
+--- Forum: Careers in Information Security (/Forum-Careers-in-Information-Security)
+--- Thread: How to hack a hacker (/Thread-How-to-hack-a-hacker)
How to hack a hacker - vaibhaw.vipul - 02-03-2012 02:21 PM
An article from Telegraph newspaper
How to hack a hacker..... V. Kumara Swamy reports
Set a thief to catch a thief, says the old adage. In the world of computers, it’s not quite the same. On the one hand you have the hacker — who wreaks havoc — and on the other, the ethical hacker — who seeks to prevent such incidents.
“It’s like a cat and mouse game,” says Neelu Tripathy. She should know, for Tripathy herself is an ethical hacker, always finding new ways to block a hacker’s attempts at peeking into others’ computer networks and stealing their data.
It’s not easy, for a hacker in the cyberworld can be from anywhere — operating from a plush apartment in the US, a back alley in Lahore or a government establishment in Central Asia. “What hackers look for is some valuable information that they can use or sell. And there are a lot of computer systems with tons of valuable information which are unprotected. We try and make them safe,” says Tripathy, a security analyst at Tata Consultancy Services, Gurgaon.
Computer hacking is almost as old as the Internet itself, but the problem has increased to such levels in recent times that government departments and private firms are getting more and more concerned about protecting their networked computer systems. One way of doing so is by employing ethical hackers, whose task is to counter the hackers.
“It’s an expanding field. Hackers are getting smarter, and the challenge for the ethical hacker is to stay a step ahead of them, and always be on the lookout for new skills,” says Kanwal K. Mookhey, principal consultant and founder of the Mumbai-based Network Intelligence India (NII), a company that provides ethical hacking services. Mookhey is also the founder of Mumbai’s Institute of Information Security (IIS) that trains aspiring ethical hackers.
Rishab Maskara is an ethical hacker who works with NII. When his friends opted for jobs as computer engineers in reputed software companies, he chose another path for himself. “I got interested in ethical hacking when I was doing my bachelors in computer science,” says Maskara. “I felt this would be the most challenging field, and two years down the line I am glad I took such a decision.”
One of Maskara’s main tasks is to hack into the computer systems of companies that hire him. “I employ a wide variety of skills that a normal hacker would, so that I can break into the computer systems of a company. Once I find flaws, I sit with the companies and work on solutions so that hackers do not access their systems,” he says.
According to the National Association of Software and Services Companies (Nasscom), because of the growing demand for ethical hackers, India needs around 35,000 well-trained professionals every year for the next 10 years. But right now there is an immense dearth of such experts. “Every computer professional cannot become an ethical hacker as it is a special skill and only those with the right aptitude can succeed in this field,” says Mookhey.
Not surprisingly, prospects are excellent for those wishing to take this up as a career. Consider the case of Ankit Oberoi. He started his own company after three years of experience in the field. “Hacking was something that interested me only after data was stolen from my computer and I couldn’t find the right people to plug the holes. I then realised that I could seriously pursue it as a career,” says Oberoi, managing director, Innobuzz Knowledge Solutions, Delhi. Innobuzz offers several courses for aspiring ethical hackers.
These professionals are taught about coding, cyber forensics, network security and other aspects. Training institutes offer both basic and advanced courses, with the latter being taken up by people who want to seriously pursue ethical hacking as a career. While these courses are open to students from all backgrounds, those with strong software skills tend to do well. “Graduates of computer science tend to do really well. Also, these are the people who are likely to take up ethical hacking as a career,” says Mookhey. Both Tripathy and Maskara are computer science graduates.
The job of ethical hackers is to get into the minds of computer criminals, think like them and come up with innovative methods to protect computer systems and corporate networks, says Abir Atarthy, the brain behind NetSoft Technologies, Kharagpur. The institute offers a range of courses and receives around 400 applications a year. “Many think it is an easy job, but only about 25-30 applicants are finally chosen,” says Atarthy. “We look for a strong background in C++ and Java (programming languages), database programming and some knowledge of networking.” The three-month full-time advanced course costs around Rs 15,500.
There is ample scope also for people who do not have a computer science background. “It certainly doesn’t mean that others who are interested do not do well, but a good grounding in the basics really helps,” says Oberoi. Since both forms of hackers learn the same basics, training institutes in India have the extra onus of teaching ethical hackers about the risks of going rogue. “Besides teaching them the nuances of hacking and other techniques, we offer them separate papers on cyber laws in India, so that they know the risks of violating the laws,” says Oberoi, who has trained personnel of many private and government institutions.
“The curriculum also deals with the ethical aspect of the issue,” adds Atarthy. When students are selected, they are made to sign a bond saying they will not misuse the knowledge.
Since ethical hacking courses are yet to be either regularised by an association of the industry or recognised by the government, there is no uniform syllabus as such. But some of the institutes offer a Certified Information Security Expert certification and other such certificates.
While the basic courses last three to four months, the advanced courses could be of nine to 12 months’ duration. Course fees vary from Rs 10,000 to Rs 25,000, depending on the specialisation. Some institutes even offer distance learning courses. Well-known ethical hacker Ankit Fadia also offers a distance learning course (Ankit Fadia Certified Ethical Hacker) through Reliance World outlets across the country.
The professionals, however, have one grouse. Ethical hackers dislike being called so. “Hacking has negative connotations. Hence most ethical hackers prefer to be known as information security professionals,” says Tripathy.
So if you’d want to be an information security professional, it’s time to log on.
WHERE YOU LEARN
NetSoft Technologies, Kharagpur
Institute of Information Security, Mumbai
Phone: (022) 40052628
Innobuzz Knowledge Solutions, New Delhi
Phone: (011) 65905003
Appin Technologies, New Delhi
Phone: (011) 43228888, 43227777
Ankit Fadia Certified Ethical Hacker
Kyrion Digital Securities, New Delhi
Phone: (011) 47085343
and many more........
WHAT YOU EARN
Starting salary: Rs 10,000 to Rs 18,000
Middle level: Rs 30,000 to Rs 40,000
Senior level: Rs 50,000 and above