Chennai hackers diss snooping on Dawood phone records
CHENNAI: If you ever meet 23-year-old Prakhar Prasad, you’d assume he was just another college student, till you hear his exploits. The tech dynamite, who started hacking when he was 15, has now upped his game and has started pitting his skills against the firewalls of Facebook, Google and other internet majors for which he earns a bounty.
Prasad is part of the elite group of a few hundred hackers in the city who spend hours in front of a computer cracking codes and solving algorithms. For them cracking a virtual security system is a stress buster and more complex the programme the better it is.
Last week ethical hacker Mahesh Bhangale made headlines with his claims that he had hacked into Pakistan’s telecom systems, accessing phone records of Dawood Ibrahim which apparently showed several calls to Maharashtra minister Eknath Khadse. Even as police test the veracity of his claims, the incident brings into question the role and reach of ethical hackers and what qualifies as a security and privacy breach.
While some hail the skills of Bhangale, accessing phone records apparently isn’t all that difficult, according to industry sources and hackers like Prasad feel the real challenge is working in the banking and fin-tech industry .
There is a sizeable presence of ethical hackers in Chennai as they are employed by the numerous fin-tech companies based out of here. Fin-tech firms use the services of ethical hackers to test the security systems of banks.
It is an open secret that data miners and, credit card companies buy large streams of data, including telephone numbers, email IDs, postal addresses, from disgruntled employees in big telecom companies. “As many as 60% of cybercrimes are committed by insiders,” says Vinod Senthil, founder of Infysec.com. This puts systems and personal data at risk of cybercrimes that may range from corporate espionage to financial frauds to murder or even a defence breach.
Telecom companies apparently spend only a fraction of what financial institutions like banks, payment processors, credit and debit card providers spend on their IT needs, particularly cyber security. “If a bank spends say 18%-20% of its annual budget on IT with focus on cyber security, telecom providers spend only 8% for the same,” says a city-based fin-tech firm.
This is particularly dangerous since most people tend to save their bank account details on their phone or email, leaving them easy targets of hackers. But codes to protect the system from malicious users are not always fool proof, and banks despite the high-level of data protection have faced repeated attacks. Some of the Dow 30 majors, including Visa Inc, Goldman Sachs and American Express, have faced massive data breaches resulting in billions of dollars in fines and class-action suits.
The largest bank by assets in the US, JPMorgan Chase & Co was itself the victim of one of the largest data breaches with 83 million accounts hacked. In India, so far there have been no large data breaches at financial institutions like the ones faced by eBay, Target or Heartland Payment Systems, but PSUs, which haven’t adapted as fast to the changing times as private lenders, have been hacked at infrequent intervals.
“The damage so far has been limited to a few lakh so it has not caused as much of an outrage as what’s been happening in these last five years in the US. What would surprise many is that none of the PSUs have so far taken any insurance cover in the event of data breach,” say private and public sector general insurance companies.
Authorities have to take hackers seriously as the damage that they can unleash can run into millions of dollars.And sometimes it’s not just monetary gains that drive them. Ethical hacker Senthil says that one of the new fancies in the hacking world is to tamper with the pacemaker of heart patients and watch them die.
Tech experts say cracking into a telecom system in India would be child’s play. It is entirely possible for novices to have been able to hack into the cellphone of Dawood Ibrahim. Taking such threats seriously, the National Payments Corporation of India, the umbrella organisation of the Reserve Bank of India recently organised an ethical hacking marathon to foster young talent.
“We always have to stay one step ahead. It’s like quicksand in an ever-changing landscape where you have to constantly update your skills,” says NPCI chairman Balachandran M. In this game of cat and mouse, if you want to ace it as an ethical hacker, you’ve to start thinking like a crook, adds.
Source | TimesofIndia