If you have seen MacGyver –the television series in the late eighties then you will know what the hell I am talking about. MacGyver could do anything with the things around him -even create bombs out of deodorant cans, vaseline and other household stuff.
MacGyver was a non-violent action-adventure hero. Armed with only a Swiss Army Knife, a roll of Duct tape, and whatever materials happen to be lying around, the ex DXS agent was the field operative for the Phoenix Foundation, MacGyver applied common sense and basic principles of science to imaginatively outwit his adversaries.
And there I was watching Joseph K do something pretty much like what MacGyver would have done.
Joseph K casually demonstrated how a small electronic USB enabled Digital Camera can be altered by modifying its flash memory to have a full fledged bootable operating system. With that he could directly access files on the hard disk bypassing system logins and permissions. Yea, he could do the same with a mobile phone or an MP 3 system. It was a cool thing to do.
He took me straight into a secret society- where guys with code names – published how security systems could be hacked. They got their thrill this way. They were harmless though-cause they did it for fame in the virtual world.
There is a whole society and a subterranean society in the virtual world: A world with its own language and culture: A world filled with hackers and crackers: A world with no boundaries or geographical contours.
And Joseph Kodiyil is into Information Security Management and Cyber Crime Investigations. He’s got one hellava comfortable chair at home –where he spends most of his waking hours navigating the neural networks of the virtual world- visiting virtual crime scenes, researching exploits and safeguarding the numerous servers that come under his purview.
It all began…..
In the early eighties, as a twelve- year- old kid, Kodiyil was rewriting programs for his computer games so that he could become invincible- so that he would never lose a game. (That was long before cheatcodes were freely available on the Internet.) He later dropped out of an electronics engineering course to research vulnerabilities and got a job with an Internet Hosting company at Bangalore. He began to record and document exploits used to breach the security system of his servers. He would often capture the data packets used for the attacks and file cases at the Cubbon Park Police station but with no IT Act in place then, the cases were dropped. When the Information Technology Act came into place in 2000, the IG at the Corps of Detectives, Bangalore Police asked Joe to train the first batch of officers to the new Cyber Crime Police station. He is now a Technical Consultant and Cyber Crime Investigator under the IT Act 2000 for the Karnataka Police.
``There is a information war going on the virtual world and crackers are up to date with the present day vulnerabilities. If you are unaware about the vulnerabilities in your system, then there is a hacker out there who may be scanning your systems for exploits to either enter your system to get the information or to use your system to hack other systems. Your system can be used for e-mail spoofing, identity theft, etc. And you have to constantly up date patches and check your IT resources for known vulnerabilities. No system is absolutely secure and there may exist a vulnerability in your system. The best way to check for these vulnerabilities is by penetration testing and vulnerability analysis.”
And he also supports the cyber crime cell of the Kochi City Police to track down people who misuse computers for forgery, defamation, black-mail fraud. For Joseph K this is just another game. A game that he loves playing.
A few Dos and Donts for Corporates and Individuals
1. Make your passwords strong and frequently change them. Don't use a dictionary word or a combination of dictionary words as a password. There are programs to break such passwords in a short period of time.
2. Remove unused or unneeded devices like modems, floppy drives USB ports, CD drive etc in a Corporate environment.
3 Have a good firewall.
4 Keep systems updated and Patched.
5 Routinely audit systems and networks (Know your vulnerabilities)
6 Have proper Policies and Follow Secure Practices.
7 Do Not Download applications or accept software, CDROMS etc. from an untrusted source.
8 Educate users in Information Security Knowledge.
9 Encrypt all Wi-Fi Communications otherwise you are susceptible to War Driving. The open wireless networks are extremely vulnerable and a hacker within Wi-Fi range can easily get into your network. Many Wi-Fi users today use open wireless networks without knowing the risks involved
10 Have backups of critical data and systems.
11 Use a good Anti Virus software. Update virus signatures regularly
(First published by The New Indian Express. Changes have been made)