In conversation with cybercop Shubham Singh

Shubham speaks about the challenges faced by people due to cyber crime and how to stay safe

As told to Team Just Urbane

What is ethical hacking and what made you choose hacking as a career?
Ethical hacking is a legal work we do for law enforcement for companies and organizations for a good cause. Hacking is a term used for cyber crimes where hackers get unauthorized access to someone’s social media accounts, bank accounts, etc. to earn money or to blackmail someone. Ethical hacking is done for a good cause like to track criminals, to crack cyber fraudsters or banking frauds, to trace back the criminals. 
Speaking about choosing ethical hacking as a career; after the completion of my 12th grade, I did one course from IIT Bombay through a venture called Wegilant. Initially I started with teaching IT students at one private institute after which I got a chance to work at one police station in Mumbai to help in cyber crime cases.

What inspired you to choose ethical hacking as a career?
When I was in 12th grade, my Facebook account was hacked and while recovering it I got to know about the terms like phishing and hacking. Eventually I developed interest in it and continued progressing. It’s been more than 8 years for me since I have opted for a career as an ethical hacker.

What fascinates you the most about your job as an ethical hacker?
I always had an urge to help society, to help law enforcement agencies and cultivate goodwill and utilize my knowledge for a good cause. Our current police system is not yet that efficient and upgraded to track culprits and hence my experience and knowledge in this domain helps them.

Can you give an insight about what cyber crime is and how important it is to put a plug to it? 
There are various types of cyber crimes, mostly there are banking frauds, UPI frauds, cyber harassment which includes extortion, morphing, threatening and social media frauds which include hacking and misusing. There are data threats also due to email hacking.

IP address and MAC address is the most commonly used term, can you tell us what this is and how does it help you to track those criminals?
IP address comes into play when we are connected to internet protocol; there are dozens of ISPs (internet service providers). IP address is grouped in two types, static and dynamic. Static IP address is the IP address that remains constant but dynamic IP address is something that can be changed. Whenever any criminal activity happens over internet like someone’s social media is hacked, then for tracing the criminal, we call for IP logs from the duration since the time it happened, once we receive the info, we trace who is the ISP provider for the same like Airtel, Vodafone or any local internet provider. Then we send a request to these internet service providers to send us the details of the device which was connected to this IP. Then comes the role of MAC id, then we can trace out the exact router which was being used physically. 

What are the different types of crimes that cyber crime department is entitled to handle?
Voice over IP calling is common for the purpose of extortion and it is a bit difficult to trace back. There are certain applications which give you virtual numbers, e.g., even if you are in India, you can WhatsApp from a number based out of USA or any other country of the world. The servers of these applications is out of India and hence this is a big difficult for our cyber cell to trace out. Most times we are able to trace the internet providers but they cannot provide us the details of the customers due to safety policies of those countries. These two things are extremely difficult for us to trace.

There are certain websites where there are a lot of pop ups, adware, do they carry links to viruses?
There are a lot of websites that are banned in our country but by using VPN (virtual private network) users can access those websites. Chances are that due to these pop-ups and adware, even though unknowingly we download these files, our remote access goes in the hands of the hackers and they can easily misuse the confidential data. This is in short a computer virus in simple terms. To avoid this, we need to have certain add ons in our browser, add blockers as well. 

What are the tools you use for ethical hacking? 
How much ever I wish to, we are not allowed to tell about the tools that we use for ethical hacking. 

Can you explain different types of hacking and its severity?
Logging into something unauthorised or unpermitted is called as hacking. It can be banking account, social media account, WhatsApp account, anything. When we talk about cyber crime, there are a lot of things. Cyber harrassment is one which includes abusing and harassing. Cyber crime includes banking frauds, UPI frauds, cyber harrasment, cyber bullying, trolling, photo morphing, threatning, extortion, identity theft, email frauds, job frauds, e-shopping frauds by creating fake websites. During our lockdown there was a Phone Pay scam, so many victims were getting calls from PM cares funds. A QR code was provided and once you scan the code, the doner thinks that the money goes to the victim but in reality the money goes to these criminals.

Do you think people underestimate the need for social media security right now? Do you sense there is lack of seriousness or awareness about how much people should be aware of social media security?
Yes! Awareness is definitely lacking right now. e.g. there are so many fake shopping accounts on Instagram or trading accounts, a lot of people get easily victimised. 

What is the most common hack do you think people fall prey to?
I think the most common hack is banking fraud where a fake representative calls and they try to gather your debit card information and other sensitive information to misuse it for money.  

Are apps like WhatsApp, Instagram safe to share intimate moments because a lot of people are in long distance relationships?
As far as the security from apps like WhatsApp and Instagram is considered, the user data is end to end encrypted and there is no such case that there is a leak from the company employees or the organisation.

How efficient is our cyber system right now and how is it improving? How efficient is it?
There are different types of policies for every different state; I have worked mostly with Maharashtra state police. In the earlier system, if you are a victim of cyber fraud, you should go to a cyber cell only, but now you can go to any local police station also, there are dedicated officers for cyber cell. Officers from every local police station are being trained to attend cyber crime victims so that it becomes convenient for the people and there is not an increased pressure on the specific cyber cell. 

Are there any specific courses from the government to encourage and grow the number of ethical hackers?
There are no courses from the government yet but there are courses on cyber safety conducted by Mumbai and Pune University. The cyber crime cell of Indian central government has launched a portal where victims can lodge their complains. Victims will be contacted as per the seriousness of the case. All I would tell is to be extremely aware while making any payments and not reveal any personal sensitive information online.