Ethical hacking may sound a contradiction in terms, but India has a sizeable number of ‘ethical’ hackers bringing smiles to foreign companies. They penetrate a company’s computer and network system after finding out the weak points and flaws in its security. Then they provide the feedback to the company, which in turn fixes the error or flaw in software or hardware — so that ‘malicious’ hackers (or black hats) are prevented from exploiting the defect to steal, destroy or manipulate the company’s data. Social networking giant Facebook runs a ‘bug bounty’ programme, offering fincial rewards to ethical hackers for detecting flaws in its system security. Last year, it made the highest bounty payout totaling Rs 4.84 crore to ethical hackers from India. The top three countries submitting the highest number of reports about defects in Facebook software were India, Egypt and Trinidad and Tobago. One ethical hacker from India helped Facebook find a bug in its login system which if exploited, could have led to uuthorized access to a Facebook user’s messages, photos and debit/credit card details. Other IT giants including Google, Twitter, Adobe and eBay too are tapping into Indian brains to iron out flaws and keep designing more secure systems. They must do so, or else lose customers.
With cyber attacks becoming more frequent and destructive, public and private enterprises all over the world are waking up to the security risks involved in networking their IT-systems. The fine line between ethical and malicious hackers is getting blurred as tiol governments and non-state agencies, including terrorist groups, are keeping hackers in their payroll to breach IT security systems and break into networks to steal information or carry out sabotage. If hackers from Chi can break into US government systems and steal classified information, the threat to India can be imagined. As data is increasingly stored and accessed all over the Internet (referred to as ‘Cloud’), homes and offices are seamlessly getting connected by smart-phones. It is possible for a hacker to break into a targeted person’s smart-phone, hijack his car’s control system, clean out his bank account or sneak into his office IT network. Likewise, a country’s power grid, intelligence agencies’ network, stock market or missile control system can be taken down by hackers operating like enemy cyber warriors or terrorists. A report by the leading cyber security company McAfee has estimated the annual cost to the global economy from cyber-crime to be at least 400 billion dollars. It has also identified India as a highly vulnerable country witnessing attacks on more than 3 lakh of its websites.
The country’s economy is becoming heavily IT-dependent, the Central government too has begun an ambitious scheme to provide services on the IT platform. However, India’s information highways point westward, carrying the data of crores of its people. It also has little control over the IT and Net hardware transporting all this information. Cyber-security is therefore a big challenge for India, a fact that Prime Minister rendra Modi has spelt out clearly. Last year, India was placed fifth in a list of countries facing high numbers of domain me system (DNS) hijacks. Taking advantage of weak passwords, software loopholes or malware, the hijackers altered the DNS configurations of targets so as to monitor or manipulate their internet data flows. According to SSCOM, India will need at least 50 lakh cyber security professiols by 2020 to meet local and export market demand. At present, the country only has about 50,000 such professiols, despite several IT institutes providing courses like ‘Certified Ethical Hacker’ (CEH). Even IT privacy activist Edward Snowden, who blew the lid off US global surveillance programs, was trained in ethical hacking in India. The country is currently turning out only around 15,000 ethical hacking professiols mainly due to lack of proper infrastructure and recruitment guidelines. Yet the most talented hackers are recognized to be Indian, while hackers from this country are locating the highest number of cyber security flaws in the world. The irony is that with this vast domestic talent lying mostly untapped, the Indian government has to turn to American and Israeli expertise to meet threats to its cyber security. India’s army of ethical hackers should be used by its government and industries as cyber defenders.