Rajshekhar Murthy

Rajshekhar Murthy, Founder of MalCon
Rajshekhar Murthy, director, Non-Profit Foundation-ISAC

Rajshekhar Murthy is an Indian Information security expert and social entrepreneur. Born in Kalyan, Mumbai, on 15 May 1981, he is widely known as the Blue Genius[1][2][3] and founder of the International Malware Conference, Malcon.

Early career

Murthy started his career[4] as a freelance reverser in early 1998 before joining as an Information security Instructor in 2003 with Karrox technologies, a training company. In 2005, after a brief stint at GTL Limited, he moved to Microsoft corporation in enterprise support for Active Directory services.

Career

In 2006, he started Indian technology start-up Orchidseven Infosec, a security certification body at Hyderabad. In 2006, with help of two other hackers Biswajit Behra and Kiran Nair, Rajshekhar Murthy discovered vulnerability in over 100 government websites, which was reported in the Indian Express[5] and the DNA Newspaper.[6]

In 2008, there was a visible spat between the ATS chief Hemant Karkare and Rajshekhar Murthy, when the ATS chief dared hackers to break into his gmail ID. This was after Indian hackers were trying to assist in certain cases the ATS sought help[7] on. Murthy reportedly stated in an interview with Mumbai Mirror[8] that this dare would widen the gap between hackers and the law enforcement agencies and quoted "No one is desperate to be associated with the Cyber crime cell. If he is disappointed by hackers, then I would like to know what his team or the cyber crime done to recognize or motivate the community"

In November 2008, he gave India its youngest hacker,[9][10] Shantanu Gawde.[11] His team, along with the company was awarded by the Prime Ministers Office[12] for their contribution.[13]

Social Entrepreneurship

Information Sharing and Analysis Center

Formerly known as ISACM (Information security awareness community movement), the non-profit group formed by Rajshekhar Murthy, discovered and disclosed vulnerabilities in IIT Mumbai, Pizza Hut India, Mumbai University and Jaagore.com websites, exposing over a million e-mail accounts.[14][15]

However, the challenges faced in vulnerability disclosures and Incident response by the affected organisations prompted Murthy to look at the root cause of the issue. Eventually, the foundation was renamed to Information Sharing and Analysis Center (ISAC) after a few months.

Information Sharing and Analysis Center was formally incorporated as a non-profit scientific foundation under Section-25 in 2011, with the primary objective to improve sharing and collaboration between various Government intelligence and law enforcement agencies for protection of critical infrastructure and cyber space.

The foundation, endorsed by various Government organisations[16] such as NTRO has a National level advisory board[17] with notable representations from various organisations such as Honeynet India and Microsoft India.

Advanced Technology Contamination Research Center

As part of its mission, three major projects, MalCon and National Security Database and Technology contamination research were incepted. Under ISAC, the low profile division, "Advanced Technology Contamination Research Center" (ATCRC) was initiated to promote Indian security research.

The division was behind the famed[18] Infected Symbian firmware,[19] released at MalCon 2010. The latest research from ATCRC includes the Advanced malware for Apple products[20] and malware for Xbox Kinect,[21][22][23] to be showcased at MalCon 2011.

MalCon

The International Malware Conference, Malcon was founded by Rajshekhar Murthy in 2010. The first event was held in December 2010 in Mumbai, which generated huge controversies[24][25][26][27] and had its share of media attention.[28] He explained the philosophy[29] for MalCon on its website as "Our Aim is to help the Security Industry as well as Software Industry, understand this fine 'art' of Malware Development (Which covers even exploits) so that they can build better and secure code, as well as work towards mitigating potential new attack vectors.”

In an interview to kerbsonsecurity,[30] he quoted "While a conference can be done by inviting the best / well known security experts who can share statistics, slides and 'analysis' of malwares, it is not of any benefit to the community today except that of awareness. The need of MalCon conference is bridge that ignored gap between security companies and malcoders. They have to get on a common platform and talk to each other. Just like the concept of 'ethical hacking' has helped organizations to see that hackers are not all that bad, it is time to accept that 'ethical malcoding' is required to research, identify and mitigate newer malwares in a 'proactive' way".

Rajshekhar Murthy coined new security term "ethical malcoding"[29] to differentiate between malcoders who work in the background independently or with various security firms for research and those who do it for financial gain; and another term "GuuWare"[29] to describe software's that may have similar attributes of a malware but are used for defensive purposes.

National Security Database

Conceived after the 2008 Mumbai attacks, National Security Database is an official program jointly developed in support with the Government of India by 'Information Sharing an Analysis Center' (ISAC), to identify and maintain a verified list of credible and trustworthy Information security experts who work to protect the National Critical Infrastructure and cyber space of India.

The program was released on 26 November,[31] the same date of the 2008 Mumbai Attacks, at the International Malware Conference, MalCon 2011 at JW Marriott, Mumbai. The program is reportedly planned to be inaugurated by Sachin Pilot, Minister of State in Ministry of Communications and Information Technology.

The program, with an intent to identify valued security experts has multiple speciality domains under Information security, in which professionals can apply for empanelment in the database by clearing a technical lab examination and psychometric test. In an interview with Outlook,[16] Rajshekhar Murthy stated that it is necessary to have people who are not only competent but also have a high degree of trustworthiness and integrity. "The selection process will involve examination of references, technical skills, criminal history, and even psychological assessment to generate a credit report for security clearance.”

The program does not award any certification and provides credible recognition in form of empanelment in the database under specific security domain.

Research

Rajshekhar Murthy discovered following vulnerabilities in major telecom products:

Vulnerabilities Discovered

Research Papers

Exploiting religion and occult science for Hacking[36]

Personal life

Rajshekhar Murthy is presently married (October 2010) and lives in Mumbai.

Notes

  1. "Files from thebluegenius ≈ Packet Storm". Packetstormsecurity.org. Retrieved 19 November 2011.
  2. Blue, The (6 November 2011). "The Blue Genius". The Blue Genius. Retrieved 19 November 2011.
  3. "techgoss.com". techgoss.com. 25 August 2008. Retrieved 19 November 2011.
  4. "Rajshekhar Murthy". LinkedIn. Retrieved 19 November 2011.
  5. File:Rajshekhar Murthy 11Aug2006 IndianExpress Interview Hyderabad.jpg
  6. File:Article Scan DNA GovWebsitesAtRisk FromHackers Sept12-2006.jpg
  7. File:Article Scan MumbaiMirror Cops Seek Help From Hackers 22 Sept 08.jpg
  8. File:Article Scan MumbaiMirror ATS Claims Widens Gap 24sept08.jpg
  9. File:ArticleScan HindustanTimes What The Hack Orchidseven-Indias-Youngest-Hacker 9Nov2008.jpg
  10. Kumar, Vinod (10 March 2009). "India's youngest ethical hacker". Mid-day.com. Retrieved 19 November 2011.
  11. "Meet The Youngest Ethical Hacker of India – Shantanu Gawde | Nmtv". Nmtv.tv. Retrieved 19 November 2011.
  12. http://www.techgoss.com/Story/894S14-Whiz-Hacker-at-12.aspx
  13. "techgoss.com". techgoss.com. Retrieved 19 November 2011.
  14. http://epaper.timesofindia.com/Default/Scripting/ArticleWin.asp?From=Archive&Source=Page&Skin=pastissues2&BaseHref=MMIR/2009/09/07&PageLabel=8&EntityId=Ar00800&ViewMode=HTML
  15. "A group of ethical hackers Hacked Jaago Re and Pizza". iTech Engine. Retrieved 19 November 2011.
  16. 1 2 "Our Ether Warriors". www.outlookindia.com. Retrieved 19 November 2011.
  17. "About Us". NSD. Retrieved 19 November 2011.
  18. "Hacker plants back door in Symbian firmware – The H Security: News and Features". H-online.com. 8 December 2010. Archived from the original on 8 December 2013. Retrieved 19 November 2011.
  19. "Indian hacker Atul Alex plants back door in Symbian firmware ! ~ The Hacker News | Hacking News | Learn Ethical Hacking Training". Thehackernews.com. 4 December 2010. Retrieved 19 November 2011.
  20. "Most advanced and dangerous malware for Apple products – why you should be concerned ! ~ The Hacker News | Hacking News | Learn Ethical Hacking Training". Thehackernews.com. 28 October 2011. Retrieved 19 November 2011.
  21. "Kinect malware secretly takes, uploads photos – Technology – GMA News Online – Latest Philippine News". Gmanews.tv. Retrieved 19 November 2011.
  22. synt4x (31 October 2011). "ISAC (Information Sharing And Anaysis Center)". LetsByteCode. Retrieved 19 November 2011.
  23. "Malware for xbox Kinect created by 15 years old Indian researchers ~ The Hacker News | Hacking News | Learn Ethical Hacking Training". Thehackernews.com. 27 October 2011. Retrieved 19 November 2011.
  24. Samson, Ted (30 August 2010). "Malware Convention – Not a Good Idea". PCWorld. Retrieved 19 November 2011.
  25. r00t says: 3 September 2010 at 4:54 am (3 September 2010). "Introducing the "Malware Conference for Global Evil (and Mass Effect 2)"". Retrieved 19 November 2011.
  26. "anti-virus rants: of logic and malware". Anti-virus-rants.blogspot.com. 1 September 2010. Retrieved 19 November 2011.
  27. "About GFI". Sunbeltsoftware.com. Retrieved 19 November 2011.
  28. "techgoss.com". techgoss.com. Retrieved 19 November 2011.
  29. 1 2 3 "About". MalCon. Retrieved 19 November 2011.
  30. "MalCon: A Call for 'Ethical Malcoding' — Krebs on Security". Krebsonsecurity.com. 24 August 2010. Retrieved 19 November 2011.
  31. "techgoss.com". techgoss.com. 9 November 2011. Retrieved 19 November 2011.
  32. "Comptel InstantLink Cross Site Scripting ≈ Packet Storm". Packetstormsecurity.org. Retrieved 19 November 2011.
  33. "Oracle Siebel Loyalty 8.1 Cross Site Scripting ≈ Packet Storm". Packetstormsecurity.org. Retrieved 19 November 2011.
  34. "Omnidocs SQL Injection ≈ Packet Storm". Packetstormsecurity.org. Retrieved 19 November 2011.
  35. "Nikiara Fraud Management System Cross Site Scripting ≈ Packet Storm". Packetstormsecurity.org. Retrieved 19 November 2011.
  36. Laatst bewerkt 1 (12 August 2008). "Exploiting Religion and Occult Science for Hacking – een knol van Rajshekhar Murthy". Knol.google.com. Retrieved 19 November 2011.
This article is issued from Wikipedia - version of the 9/14/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.