PODCAST ON CYBER CRIME

i don't think we've created such a

relevant and scary piece of content in a
long time this is our episode with saket
modi the co-founder and ceo of a company
called safe securities from beginning
his journey out of an engineering
college in india he's now based out of
silicon valley where he's helping
governments international organizations
and obviously all sorts of tech startups
with their cyber security problems with
cyber crime on an all-time rise
throughout the world with hacking
becoming a very very mainstream skill as
well as a mainstream problem it's the
age of what i call the cyber batman
which for me is saketh modi and his team
of 200 plus engineers who are helping
people secure money secure their systems
secure their privacy and secure their
reputations
this particular podcast is one of the
freshest pieces of content we've
released in a while please watch it till
the end remember if you don't want to
check out the entire podcast then
highlights of this episode are already
uploaded on trs clips our new youtube
channel and also remember to follow the
runway show on spotify where is spotify
exclusive which means that every episode
will be available on spotify 48 hours
before it's available anywhere else in
the world a very important piece of
content for you in the modern day this
is saket modi on the runway show
[Music]
sagan modi welcome to the ranvi show
super pumped and a little scared of you
honestly
your friends runway don't worry you got
you covered uh you know some people
might call you a hacker some people
might call you an entrepreneur some
people might call you an ethical hacker
dude how would you
define yourself what do you do
i'm a geek and a nerd that's really who
i am okay i actually don't like putting
adjectives in front of the word hacker
you know i'm very comfortable if
somebody calls me a hacker i actually
think it's a it's a badge of honor and
we can get into it if you want uh on
what do i mean when i say that but uh
who am i somebody who
loves
diving deep into anything that i i
set my eyes and touch
and feel
and uh that's what has been my life
since the very beginning i want you to
share two stories the first one is a
story you told me in our waiting room
about the time you went viral on twitter
and national tv and the second story is
your origin story man how did you begin
this whole hacking process because i've
had conversations with you at this point
in your life and you have a very
elaborate brain so let's begin with the
viral story and then go to your origins
yeah
you know it makes me feel like dr zeus
with an elaborate and how descriptive
you are with that but let's come to the
two questions you asked the first one uh
you know i run a business to business
b2b startup so i i understand very
little about virality that you are the
champion of and uh
and this was like i think three years
back where i was on national television
where i had the i.t and the law minister
with me
and uh very unfortunately he was not
given the brief about the background of
the work we do for the government and
you know aligned to their mission of
transforming the country in a digital
way the digital india you helped the
government with a lot of their cyber
security based oh yes absolutely so when
you look at beam when you look at upi
when you look at some of our most
critical infrastructure whether it's
airports whether it's banking whether
it's the power and uh you know the grid
side of things uh we are responsible for
majority of the key names that you would
know about in each one of these sectors
and we protect them so unfortunately the
minister was not briefed and
i guess he was running back to back on
meetings so he he just came in and he
was given a brief that here's this
hacker who's this young dude who's gonna
come and show a live hack so within the
first five minutes of the show he
actually started by saying that if you
dare to show a hack on this show this is
live television i will have you behind
the bars and keep this in mind he was
not just the i.t minister he was the law
minister of the country also and as if
that was not enough he says you see
those two people standing there i've got
them in case you do anything mischievous
it happens right now right here
so that's where the program started and
uh i still remember my parents telling
me that you know when they were watching
it like oh my god what's happening you
know it's like that bollywood movie
movement you know that you don't know
what's going on it's definitely not
scripted like anil kapoor
have you seen it yeah i have and i love
that movie and you you got it right so
so
so something like that and uh and and
you know the whole show happened and i
did show some live hacks out there
and and the message was very simple that
you know technology
is really not
evil it's really not good it's really an
amplifier of anything that you want as a
person right i went through some of your
you know videos while preparing for this
interview and i was amazed to actually
get so much knowledge from your videos
runway which is you're using technology
in a positive way unfortunately there
are a lot of people who use technology
in a negative way by stealing
information of people by misusing their
trust on technology uh by snooping in
into conversations and doing some very
raw thing wrong things like frauds etc
etc and that's not good so my message
was actually pretty neutral i because i
told you my only definition is i'm a
geek and a nerd and uh i i technology is
one of those things that i'm reasonably
you know good at because i'm a computer
science engineer and uh
the audience got that so at the end of
that show when it was you know aired and
uh to my pleasant surprise it was aired
seven days back to back every day in the
evening
like literally and i for the first time
felt what is the meaning of you know
going viral on twitter and i had not
seen such violent and such um
such nasty comments against the minister
because uh because the twitter
understood that i was not doing it with
any intent which was malicious it was
not to do fear-mongering in fact if if
you will see that show which is still
live which is still on youtube uh you
will see it was a lot of very positive
reinforcement saying guys we can't go
away from technology because it's like
going back to the stone ages but not
using technology with awareness is the
problem that most people face because of
which there's so much frauds that happen
so that's what happened when we're
uh i want to also hear your origin story
but maybe for some context related to
this story and just who you are yeah
what scares you about technology going
forward and what should scare audiences
the two questions the first part is
i'm very very blessed and fortunate in
my life when we're
you get scared about things where you
have wrong assumptions or wrong
understanding with if you think about it
the people who are not scared of ghosts
are the ghostbusters
the people who are not scared of snakes
are the ones who know about snakes
reasonably well
so
what does
technology or you know things about
technology that scare me nothing in fact
i don't know anything in my life that
scares me i'm very fortunate that way
because i understand that at the first
principle level let's put it like that
so when you do that it's like it's like
i'm very comfortable and there's nothing
that scares me
data backed what i can tell you and i
think that's what you're trying to get
to that can technology be used for wrong
purposes the answer is an absolute yes
when albert einstein came up with the
formula of equals mc square he wrote a
letter to the president of the united
states saying that this formula itself
is so powerful which can
those days they used to have bombs which
could bomb one ship
and he said that if you use this formula
for destructive purposes which it
happened in the future we saw hiroshima
and nagasaki for the same
you will not destroy ships you will
destroy an entire port
and even cities and the reason i'm
saying that is it is the same formula
which gives us today
usable reusable nuclear energy which is
now used to power a lot of our houses
etc etc but it's the same formula which
actually created the atom bomb
technology is exactly that the moment
you use it for the wrong purposes
there's a lot of wrong that you can do
the moment you use it in a positive way
you actually create a very positive
impact so
i mean i'm saying it will be used for
bad it will be used for good uh i hope
it's used more for good than bad but
that's that's my views around you know
the fear of technology ranveer and what
your organization does is basically
provide security to the everyday person
and the everyday business to protect
those people or that business from the
dangers of technology that are very
possible in the modern day so you're
sort of making
an armor and maybe weapons for those
people to protect themselves absolutely
so that's the most simplest thing and
you put it very beautifully
what we basically try and do
we
know that there are too many armors
already out there for cyber security
when it comes to businesses
what we actually do and i'm going
slightly deeper here where we take all
signals from all armors let's take an
example
any large bank right and we work with
the largest banks on the planet whether
it's in new york or it's in navi mumbai
we we work with
some really large banks so they have
anywhere between 100 to 150 cyber
security products in their environment
they'll have an antivirus they'll have a
firewall they'll have a dlp sim blah
blah blah what we do is we take signals
from all of these products
put them together in a centralized data
lake we've created algorithms with mit
in boston so we've been doing a lot of
joint research with mit for the last
three and a half years where we predict
hacks
so we say what is the likelihood that
there will be a ransomware attack in a
bank in the next 12 months and it's pure
application of machine learning and data
science that we apply to be able to it's
almost like an oracle which can predict
and if you think about it there are a
lot of industries which do it for
example the insurance industry it only
works on predicting hurricanes it works
on predicting
you know whether somebody will die at
some point or not and when you take the
the the probability across a particular
sample set of users you can actually
predict that look will a particular
event happen in a given sample set of
audience so let me get this straight you
yourself understand how to hack systems
okay that's established yes now i know
that you're an engineer you're from iit
you're from iit bombay well that's a
funny thing i was a visiting faculty
okay and then we got incubated from iit
bombay okay so iit bombay is the
shareholder of the company and of course
we spent a few years there i'm from a
college in jaipur it's a college called
l m iit this is ellen mithal's dream to
make an iit god nice
so because you have an engineering
background yes you probably perceive the
world and your subject extremely
mathematically and you're a coder so
again that whole mathematical
inclination is reinforced now you
yourself and your team of hackers
i would say your team of people are
capable of hacking understand uh okay
these are probably the weak
uh points in the world's internet map
yep and you say that if we had to hack
some places it would be these places yep
that's why the evil hackers will try
hacking yeah uh and somehow you're able
to quantify the data in your own mind
and build out algorithms and build out
systems which will protect exactly those
weak points you put it extremely
beautifully you're absolutely right and
when we what we do there is that
and going back to a very cliche
line
so so definitely you know we are the
people who actually for many years have
been even ethically hacking these big
banks and big airports and big
e-commerce companies to show them
vulnerabilities and loopholes
which they need to quickly patch before
a hacker can actually intrude into those
systems which are out there is it a part
of your sales game
hey by the way we hacked your system
well you you know what that has happened
in the past
that that has happened because and by
the way a lot of times our customers ask
us for the same because when they say
that okay show me how competent you are
you actually go ahead and and of course
you do that with permission with
authorization we sign an nda we sign the
authorization to try to breach them in a
given time frame of you know say seven
days or 14 days and we actually run a
campaign
where we try to intrude into their
systems we'll intrude through so a large
bank will have say 25 000 systems right
so you can actually include through one
system
and then do something called lateral
movement because the system is connected
to the vpn which is the internal network
and you can hop from one system to the
other to the other till the time you get
to that particular system which is
storing the databases
where transactions happen so this was i
think
last month
where we demonstrated to a very very
large bank in europe
how to transfer money from any account
to any account
live so we transferred money from the
ceo's account
to the head of securities account in
real time
and they're like oh my god is this real
and we showed them that and this is very
normal so we probably you know get to
see this like all the time on how so
it's it's like for a lot of people who
don't come from my world it might be
like hey is it even possible i thought
systems were supposed to be protected i
wish it was that idealistic on when you
look at systems and security so i was
reading your wikipedia page which said
that you hacked your school system to
get some chemistry paper uh answers and
then you basically were able to cheat on
an exam is that true is that a true
story that's how you've gotten hacking
i i've been a geek and a nerd always all
throughout yes uh i was in my school
where
i went ahead and
basically hacked into chemistry because
i was a terrible student and this goes
back to the second point if you want i'm
just going a little bit into my story
sure my report card used to have more
reds than blues
i was a terrible student but there were
three subjects which was mathematics
computer science and physics which i was
almost always top of my class like those
were my subjects those were things which
i always enjoyed right speaking about
your bad grades i just want to say don't
judge a fish by its ability to climb a
tree but go on
well
you you're right in that way because uh
those were things where i was not
interested and i was a fish very clearly
who did not want to climb that tree and
that's the reason why there were so many
reds in my in my report card whenever my
parents used to go to the school and
like oh my god this is not good and but
because there were a few subjects we
were really good at chemistry was one of
those subjects where i used to like back
to back to back to back to back fail
like every time i never wanted to learn
those complex formulas and things around
that and this is right before the board
examination where my my teacher and you
know literally i got this thing from the
principal of the school saying if you
don't go ahead
and pass this exam
you'll not be allowed to sit for your
boards you know there's something called
pre-boards so you know this you do those
things so i had to do something and that
something was not study
so so we you know i was there in the
they used to type the computer paper in
the computer lab but my teacher was very
smart she went ahead and she locked it
was a microsoft word paper so you know
you can lock a microsoft word file with
password um we used to play a lot of
counter strike back then uh in the
computer lab so we you know it was easy
to actually get an access to the file
get it on my system to get on my pen
drive got it to my home system and
simply ran like very freely available
there's something called brute force
tool and what's brute force in a very
simple way if you think about passwords
it's always a combination of lowercase
uppercase special characters and numbers
so a brute force tool simply tries all
combinations possible so we'll start
with a and then a a b a c a d and
probably do like you know tens of
thousands of attempts every second
so you know at some point it will crack
the password so it was really that
simple uh download a tool give it a big
dictionary or a library of words or just
let it do random you know permutation
combinations and then try to basically
leave it for i left it for like eight or
nine hours and i got the password so it
was really that simple i did go and
confess to the teacher i said ma'am look
this is something that has happened and
uh
you know just for you to know this is
something which
uh which i didn't intend to do but uh
but i i still did it because uh i had i
i wanted to pass the exam and this was
right before the exam so you know it was
very legal when i say legal because i'm
telling her right before the exam room
this is the last exam before the boards
and uh i went to her like 30 minutes
before the exam and she was like
you're telling me now are you serious
and then she's like you know do whatever
i'm i'm okay i still scored like 65 out
of 100 in that because who wanted to
learn all the answers like too long i
like dude no that's not me
so there's no red flags because i didn't
suddenly become the topper from being
like you know very bad student uh but
yeah that was my first uh tryst with uh
real hacking and uh and and using that
and of course i did reasonably well in
the board so all good why did you tell
them
that's your ethical part of the ethical
hacking coming out actually not and i'll
tell you why and this might be
counter-intuitive i actually thought
that
it's like covering your base
you want to think of it like this right
at that time right before the boards 30
minutes before the exam etc etc it was
not supposed to be something which i
mean she could do a lot with right she
was she was like she was a very sweet
lady and she was very very knowledgeable
etc etc and
the good part would be i thought i'll be
in a good books because she's like look
he came and he told me and because he
was just 30 minutes back i like hey you
have to do things back to back to back
and you know you have 5 000 things to
take care of when your subjects exam is
starting out so i actually thought it
was a part of the plan
because when you do that
in a way you are just uh you know
removing any risk uh from from the fact
because i could tell her that look i
told you and then i sat for the exam and
uh and then the thing she was
disappointed with was like then even
then why are you not scoring the highest
mark so like that's what she was
disappointed with i like ma'am at least
passed right i said okay do the best in
the board so i actually i actually think
that was the reason why why that
happened so what i'm assuming is that
you kept working on your hacking ability
through college through the years and
then you figured oh
an application of my work is actually
helping the world with cyber security uh
somewhere maybe your entrepreneurial
side kicked and you said okay this can
be monetized
and uh that's how you went down the
business route
yeah so uh i've been very fortunate i
have two degrees one i'm a computer
science engineer the second i'm a marvy
from calcutta
so
when you talk about your mba degree
that's what it is right so
i was i was deep into anything that i
would do ranveer so uh computer science
when i was deep into it i would go to
the first principles of how does it
really work right at the bits and bytes
in the register level where you have the
nand and the zor and the uh you know
different kinds of gates interacting
with each other and like forget computer
science i'm actually talking electronics
right microprocessors exactly so so how
does how does different kinds of
registers interact what is machine
learning code like really to the first
principles of how computer science works
but that's not the only thing i was
doing right there's a lot of other
things right i mean i had my own table
tennis team we were playing nationals i
had a band of my own i was playing
national chess i was there's a long list
of because anything that i was doing
uh the common theme was always that i
was deep diving into it like really
going deep in which i was enjoying doing
so if i was not an entrepreneur right
now and i was playing chess or as a
table tennis player i'd be equally
thrilled and excited so i was very lucky
in that way however
this became one of those things where
because the opportunity was very large
and it was almost like a green field
where it was like cyber security still a
160 billion dollar industry growing at
16 year-over-year so it's not a crazy
big industry but at the same time it is
among the top three fastest growing
industries on the planet so again the
engineer and the geek in me data driven
said that it's a great place to be
because uh if i can go deeper into it
and make certain things which
which can really move the needle and
it's not just cyber security the good
part of cyber security is it's actually
first principles of digital anything to
do with technology will always need
security and the future of
our metaverse uh our fidget world which
is physical plus digital
is always going to have this premise on
which it will grow and that is called
cyber security so i was i was like look
it makes a lot of sense
if i'm gonna be spending 20 hours a day
for many many many years to come it just
makes it's like this right if you roll a
ball on a mountain like a big ball is it
easy to do it is it tough to do it the
answer will be depends on the direction
you're rolling if you're rolling the
ball downstairs you probably need to
stop it because it'll be too fast if
you're rolling it up there's so much
more work you have to do so it's the
same with career in my way because it
was almost like this i i was fortunate
to be in a career where there's so much
of tailwind
where it's like all i have to do is not
do something stupid and if you don't do
that there's a high probability you end
up making something which is a which an
organization of the future
and can be potentially a very very large
and impactful organization
and on a day-to-day basis with how cyber
security is evolving with how hacking is
evolving with all these russian and
chinese hackers out there supposedly
does your world get more and more
exciting every day and is it more and
more challenging do you also have to
kind of polish your weapons constantly
short answer absolutely yes and that's
the thing about cyber and the world of
cyber right
if you think about it
we went from being
uh
it's like
two-dimensional
movies to three-dimensional movies and
now your five-dimensional movies right
we have sensory organs blah blah blah
the dimensions keep expanding if you
think about it
the physical forms of
attacking warfare was always very very
two-dimensional you have a third
dimension where you have this air also
and you get the air force etc etc but
but it's actually something which you
can see in a map suddenly when you talk
about cyber
the amount of
like the damage that you can do in the
multi-dimensional facet because every
key
ammunition or weaponry in today's day
and age is also enabled by cyber so
there is a dimension where all kinds of
weapons that you would be seeing in the
near future if they're not cyber driven
they're a thing of the past it's not
accurate by cyber driven you mean
connected to computers or the internet
or both
no i'm saying the computer will become
the weapon
okay it's like cyber warfare no i'm
saying the computer will become the
weapon means
what in your view is a tesla
car
a lot of people will say it's a car
which is automated
if you really look at that it's actually
a computer which has four wheels and
it's a very different way of looking at
it runway right so i am saying when you
think about weapons
the real
ip the intellect property out there
today in a ak-47 is the fact that the
speed at which the bullet comes out when
you pull the trigger
i'm saying the ak-47 of the future
will be a computer that you'll be
carrying in the form of an ak-47
but the fact that you can lock in the
target by say a few miles far away
and do profiling of people that you want
to selectively shoot
you can decide the speed depending on
the the wind the altitude the pressure
it auto detects the target that you are
programming it to look at and then auto
shoots itself you don't need to put a
trigger in fact that's what drones are
and and that is a computer which is
making the attack
it's not a weapon which is a little bit
of automation and that's the difference
in mindset that i'm talking about that
when you talk about the future that's
the reason why it's so scary because
when you talk about any one of these
dimensions and this is only the physical
side there's a virtual side to it
because to coordinate between all
weapons you need that to be on a network
if not on the internet because the no
army will ever be on the internet
because it just exposes them there's a
dmz between their own network and
everything else and that becomes the
problem why because if you have one
intruder who comes in into one piece of
that network
you basically have the visibility of the
whole network which is out there so it's
almost like alan turing and how
basically somebody's able to crack the
encryption which he did with for the
german code uh during the world war
like almost the world was over because
they were communicating using those
encrypted ciphers and encrypted channels
and if you're in it
you could just hear everything and
understand the strategy out here that's
how cyber can be in a physical warfare
because when you're inside there is just
this humongous amount of stuff that
you're able to do with with things and
that's only physical and then of course
you have the actual
digital warfare if you know for example
when the standoff with china happened
recently
what most people don't realize the
action was not happening at the borders
it was happening on our websites there
were more than one million websites one
million which were hacked on both sides
because there were 16 year old hackers
who were very patriotic and wanted to
breach into the other countries on both
sides not just one wow and they will
hack into the website and put a flag of
india or flag of pakistan or flag of
china whenever these wars happen and
this is just a brand new trend on how
hacks are gonna evolve in the near
future so hackers have sort of become
the new soldiers of the country in some
ways
well considering the amount of respect i
have for soldiers i don't want to put
all hackers there because you want to
keep this in mind while a hacker might
have a skill to do something wrong most
of them don't they just use tools we
call them script kiddies but assuming
that there are obviously a number of
them which are really technical who
really go to the first principles to
understand how hacking works remember
having skill is not equal to being a
soldier it's almost like this right i
can fight very well doesn't mean i'm a
soldier there's a badge that you carry
as a soldier because that means you have
some moral responsibility you're working
in a framework because you're very
skilled doesn't mean that you decide
when you go and intrude the territory
there is a synergy there is a
cohesiveness in which you are working
with a plan with a strategy
and there is an end outcome that you
want to go after in this case uh if
there's an independent hacker who's
trying to do that that doesn't sound
like that's the reason why i don't want
to degrade a soldier when you when you
call them a hacker but yeah they're
trying to contribute
saying go for it we are with you so yeah
gotcha man saketh modi i've got so many
questions dude um
do you think that
i mean i'm sure that the governments all
over the world know about the power of
skilled hackers as you said you know
people who actually understand the abcs
the government definitely is picking up
some young talented kids and telling
them to work for
them to you know help with security or
to maybe cause attacks on other
say rival countries i don't know dude
what do you have anything to say about
this because we do know and joe rogan
keeps talking about this
that a lot of the
um you know so there's these infamous
pages in uh usa which actually drive
political campaigns or they kind of
affect other people's political
campaigns badly like the whole hillary
clinton thing that happened in usa they
say was driven by russian hackers so is
there like an india versus china version
of this happening where chinese hackers
actually trying to affect indian minds
because that's what a lot of
geopolitical experts believe
that
for example
we see a lot of say woke culture which
is making its way in india
uh now if you go into the social dilemma
documentary which says that social media
affects your thoughts
uh they say that a lot of the work
culture people here which are usually
extreme left-wing extreme and again i'm
not aligned so i'm not i'm not accusing
them but that's how they are extreme
left-wing overs and overly sensitive
all about cancer culture
historians and geopolitical experts
believe that this entire section of
people is actually extremely affected by
what chinese hackers in the chinese
government is doing to the indian
internet so what do you have to say
about this whole spectrum of things
because i'm sure you've had these
conversations before in your life
i have uh
with your permission i will take a step
back because what you're asking is tell
me about the impact of these various
kinds of hackers and because you touched
on various kinds of hackers
let's start with the definition of
what's a hacker
right let's just because i want to put
it out there so that people understand
because you spoke about a group which
influences your mind
then there is a group which directly
hacks into your whatsapp
jeff bezos his whatsapp was hacked right
then there is this group which hacks
into you know your beam payments and
take money from it right
and then there is a group which goes
ahead and basically does nothing but
just posts uh things online and tries to
create a ruckus out of a lot of stuff
right there are various kinds of groups
if you think about it what we call as
threat actors but what is the common
thing between them because if i call
everybody a hacker there might be a
little bit of confusion so let me take a
step back and let me just give you like
a three-minute explanation on in my view
what's the meaning of a hacker sure
in my view the meaning of a hacker has
nothing to do with the conventional
meaning of hacking if you asked me the
greatest hacker of our time
in the last hundred years has been
albert einstein and i'll explain you
what i mean by that oxford dictionary
says the meaning of the word hacking
is to make something do that it's not
designed to do
so if you take a toothbrush
and clean the mirror with that
that is hacking the toothbrush because
the toothbrush was not designed to clean
the mirror but guess what you were able
to use the toothbrush for something else
which was not designed for that is the
meaning of hacking
how does it apply for technology when
you go to a website
and keen some queries on the website by
which you were supposed to get an access
to your own inbox
but you got an access to somebody else's
inbox
that's hacking it was not designed to do
that but it happened
you got an access to somebody else's
whatsapp messages it was not designed to
happen like that but you made it happen
so that's hacking from a technology
context
but hacking in general has nothing to do
and why did i say albert einstein is the
greatest hacker of our time
hacking simply means that you go so deep
into any subject
for me you're a youtube hacker because
you know so much about the right way of
utilizing youtube
knowing your audience what works what
doesn't work because that's hacking
right i mean youtube in general doesn't
accept expect 99 of the people to know
all of that but you know about it albert
einstein knew so much about physics and
mathematics that he could see things
in ways people could not see it and
therefore he was able to hack
and come out with equals mc square and
some of the most phenomenal insights
that we have seen in the in the history
of our mankind and therefore i call him
a hacker
so now let's come to your question right
so let's get that out of the way that
hacking for me simply means somebody you
can dive deep
and really know the first principles of
how something operates and based on that
you're able to go ahead and make things
happen so now that we understand what
hacking really is let's talk about types
of hackers we actually generally
categorize them into a few categories
let's start with the first one which you
referred to which is
state-sponsored hacking
a lot of people don't really know this
but
among the top five funded programs of
north korea
is to build an army of hackers
there's a group called lazarus for
example
which was
if you talk about hacking india there
was this big
uh
hack which happened at cosmos bank in
pune
where real money was stolen out of the
bank and it was a very interesting story
where
you they took over the bank in a way
where you could go into
any atm
put the debit card off the bank
and withdraw any amount of money you
want and the balance will not deduct
that's the level of sophistication that
we are talking about and they lost
millions of dollars
in a span of a few hours and this hacks
like this generally happen on a saturday
afternoon because you have saturday and
sunday where the bank is not working
and then you have monday which
which is the next day and it's already a
lot of time between which you can siphon
off the money you can take the money
away etc etc there's a lot of psychology
behind good hacking
yes there's a lot of science and
psychology behind
good hacking i like how you put the word
good in front of hacking
i'm looking like a good money heist fan
so
i'm starting to understand it's like an
art and you have to use your brain even
from an empathetic point of view in
terms of where can i hit the person in
their weak spot absolutely and that's
what excites me the most about hacking
because
that's what i'm saying that it is
arguably one of the most intellectually
simulating fields you can ever be on
because it's designed to do things which
people are not designing things to do
so coming back state sponsored hackers
that's one example where cosmos bank
the atm switch got hacked and because of
that a lot of money got siphoned out as
if that was not enough that was saturday
afternoon and of course the authorities
were alerted and but the money was
already gone as if that was not enough
on monday morning they suffered a second
hack
where they had a few million dollars
being wired through swift to a bank
account in hong kong
and that was like back to back two hacks
on a bank
which was expected to be
pulled from this group in north korea
and the money was all gone and this is
just one example if you go through
something called the mandiant report
which was actually pretty popular a few
years back it made a documentary about
hackers
employed by the chinese government
in huge setups and you're talking about
thousands of full-time hackers whose
only job is to intrude into different
countries
get sensitive information out
and use that to the advantage of china
whenever the time is right and i can
keep going on and on and on and on there
was this massive attack called not petya
which had a reported impact of 10
billion dollars
where if you know for example merch
which was which is one of the largest
shipping companies in the world
lost over half a billion dollars in cash
because all of their systems the
employees walked into their office
and
morning
they're right next to a
beautiful looking lake was their
headquarters
and the systems are all working in the
morning 11 am
all the system starts becoming red
the screens one by one by one start
automatically turning red and when that
happens people don't know what's
happening don't know how it's happening
they're all calling the i.t support and
guess what his own system is red
wow and he has no clues what's going on
and this was a shipping company
where there were perishable goods which
were coming into the into the port
and you had the the the barrier the
barrier which was now shut and the
system which could actually take that up
was shut down so you actually had a
traffic jam of many many many miles
with these big shipments which were
supposed to get to the ship before a
particular time otherwise the whole good
would perish
and you actually had like again hundreds
of millions of dollars of actual impact
that that company saw unfortunately this
year again through a sp and that was
done by allegedly russian
state-sponsored hackers
right there was another example where
unfortunately
we had an infant die this year in a
hospital because of a ransomware attack
that was also executed by
state-sponsored hackers that were
accused and i keep using the word
accused because ranvir you will see it's
extremely difficult to really find out
who did what they did because in in the
internet it is so easy to spoof your
identity i'm going to come to that
slightly later but for now those are
some examples
of
arguably multi-billion dollar campaigns
that governments are running
to be able to go ahead and and try to
get information from the arts because
you know data is a new oil and
everybody's digitizing themselves so if
you know the digital infrastructure of a
country there's a lot of damage you can
do but that's only one category so you
have a question i would assume that when
you said ransomware hackers it's like
holding someone to ransom that you
either give me money or i will do this
that's for ransomware but the example
you spoke about where the traffic jam of
ships was created not ships the the
trucks which were going to come in to
put their
uh to put their goods on the ship is
that also ransomware attack where you
say that either you give us money or all
your goods will be well this was also a
ransomware where and this was even more
deadly and i'll tell you why ranveer
what happened in that case was because
of this it's called not petya
what happened was when you get a red
screen
you actually get a message which says
transfer 300
to this particular
bitcoin wallet
and send an email
to this email id
that the money has been transferred
and once you send us the particular
transaction id and say this is what i
sent the money i will send you the key
to decrypt your data
you know what happened in that case
because that became so popular the
authorities seized
and completely blocked the email id
so you can transfer the money on a
bitcoin wallet you're trying to send
email to the hacker but there's no email
that gets to the hacker because that
email address is now seized
and is not being used so technically
there was no ways to recover your data
which was out there as if this was not
enough
the next stage of ransomware attacks
these days is called something called
docswear
what is a docs where in a very simple
way and where
you will go in ransomware is where i've
taken all your data on the phone
encrypted it and i'm telling you you
know what if you don't give me this much
money i will delete your data explain
what encrypted is for the audience
encrypted in a very simple way if i was
trying to talk to you right now in
german
it would be encrypted something i can't
understand yeah it makes sense to
somebody who knows german
but it doesn't make sense to you because
you don't know german like think of it
like a code language like you know
secret language yeah it's very very
simple where it's a language which you
don't understand it means encrypted in a
very very simple way there is a key key
means somebody who knows that language
will know what you're talking about if i
suddenly start talking a particular
language
it will be like oh my god what's
happening right and that is the meaning
of encryption right now coming back
because it was encrypted the way
ransomware works it'll come to your
system or you'll come to your phone and
it'll encrypt the data out there
and basically say that you can't read
that data anymore because it's encrypted
only i as a hacker can read that data
send me 20 000 rupees 50 000 rupees
whatever different numbers and if you
send me that money i will be able to go
ahead and then
send you the key
using which you can decrypt it
means that encryption will go away
so in this case because
you know it was it was obviously
the email id was seized there was no way
to retrieve it but the hackers have gone
to the next level of something called
docswear
as you know
losing your data is bad but you know
what's worse
if i have access to every picture of
yours
and your contact list
and i tell you that ranveer i have all
your pictures your actual pictures
and they're all nice pictures
but i will make a morphed picture of you
where you will not be happy to see what
you will see there
i will put that picture in your stack of
original pictures
and i will send those pictures to every
single contact on your phone
[Music]
can you imagine how deadly would that be
i've had people
crying
ultra depressed to come to me with the
fact that oh my god what do i do my
world's gonna come to an end because
somebody has access to certain things or
is blackmailing with me with certain
things
and they're saying they'll put it out to
my family to my friends to everybody and
unfortunately there's no ways to go
ahead
and and recover that or try to get that
back forcibly the good part is the the
indian id act actually helps you if
somebody's trying to do that to a girl
etc etc there are some very very very
very strict you know penalties the
person will go to the jail if they
continue doing that or they even try to
do it once to a girl or even to a guy
but that's a different topic coming back
to what you ask that's called dark swear
where you're saying that hey forget
about deleting the data i will use the
data
to go ahead and then
uh you know threaten you till the time
you pay me money or do certain things
that i want you to do who are the
targets of these kind of attacks is it
like powerful people is it someone's ex
where someone's like yo i will mess up
your world so i've seen all of the above
so unfortunately
it's basically somebody who wants to
take revenge
and that can be between countries it can
be between companies it can be between
individuals
so this is like
the modern day version of paying a
gangster money to go and beat up some
old business rival or old rival so this
brings me to the next category of
hackers
called and their hacker as a service you
know sas software as a service
you have hacker as a service
there are lot of underground forums
runway where you can go
and hire a hacker
and you know what how easy it is
you go to these deep and dark web
forums
so you use something called the tor
browser
to go to the deep and dark web
it's a particular browser you need to
use you just don't use that that's going
to be a whole section okay
we will talk about that but the point
there is when you're at the dark web and
there are thousands
of these
hacker as a service hire a hacker
website where all you need to do is go
and give the instagram id
or the facebook id or the email id of
the person who you want to get hacked
the hacker will take that instagram id
good part they don't take any money
they say thank you for submitting the
request
we will come back to you in the next few
days
they will come back to you with a
screenshot
of the inbox of that particular
instagram id
just to prove to you look i've got an
access to the inbox
only once you're convinced
that yes it looks like somebody really
has an access to the inbox
are you expected to give the money using
bitcoins
it's only like cash on delivery
you see the product and then pay the
money that's what is happening here
so the moment you transfer the money on
bitcoins you will get a dump of all the
messages everything on the on the thing
sometimes it might even give you the
access with the username and password of
the person there are various ways to do
that
as if this was not enough you will then
get a survey form
how was the experience
wow
if you recommend your friend
my service i'll give you a 20 discount
next time
it's like this this crazy organized
industry in the deep and dark web
and unfortunately this is a reality now
the most surprising thing is how much
money does it charge
the average amount of money is between
300 to 500 which is just
20 to
35 000 rupees
how do those hackers actually hack into
someone's instagram account so there are
various ways to do it and that's the
reason why i said there's no one
particular way right so
the more popular ways are really trying
to do something like impersonating your
session
what that means is and that's the reason
why like never ever ever ever ever
click on a link that somebody sends you
on your instagram direct message the
easiest way and this is where again you
spoke about social engineering in the in
the beginning and that's why it's so
exciting if i sent you a message on
instagram or in read and i say ranveer
it looks like
the video that you shot here you're not
looking great
click here
you know the odds of people clicking on
a video like that
especially if it's coming from somebody
who you know and it's very easy to forge
an email for the message from the name
you can make a fake id you can there are
too many ways to do that right so the
moment you get that message and you
click on it it takes one click
one click that's it
to basically give your cookies out have
you ever noticed this one where when you
switch off your phone
and you restart your phone
do you have to re-login into instagram
no
you don't have to because your sessions
are saved
even your ip address changed maybe you
went from
wi-fi to your cellular network uh
sometimes you didn't switch on the phone
for three days even then you don't have
to re-login
why because there's a session which is
created with that particular app
which is saved it's the same with
browsers you don't have to re-login into
gmail once you close your laptop you
open it again
gmail just pops up because there's
something called cookies on browsers
which gets saved cookies are simply long
strings of random characters and they
get saved to identify that runway gave
me the right username and password and
this browser
belongs to runway so it has
authenticated you and therefore it can
say that this is runway so even if the
ip address changes when you change the
wi-fi to cellular even if you know your
location changes even if you
shut down and open your laptop even in
that case it says it's still you so i
don't need to give you a re-login which
is out there so hackers
when you click on a link a lot of times
they're able to impersonate and steal
those cookies because they're just text
long text fields which are out there
they're able to steal it and they will
install those cookies on their browser
so the
instagram server on the other side or
facebook or gmail server on the other
side will start thinking hey this is
runway talking to me and therefore let's
go ahead and just uh
you know figure that out and you know
put things together so that's that's one
example the other example like
it might sound very very stupid uh but
is very simply phishing emails like you
you get phishing emails which are
arguably one of the top reasons why
people get hacked where you'll get an
email from netflix saying
you know 20 discount on your next
renewal click here and the moment you
click there it'll take you to a page
will ask you for the username and
password and you actually enter the
username and password and the moment you
do that boom it's gone to the hacker and
and you know there's a lot of bad things
which can happen after that right so so
again impersonating your session by
clicking on link
giving your actual password where you're
not supposed to and that's the reason
why you look at the green lock on the
top left of https because that means the
data is encrypted and it's going to the
right place it's a different story that
you can have a phishing
website with https also unfortunately so
be very careful about the url and the
third piece what i've seen unfortunately
a lot of people do is uh
they give access of their account
to so many people who are not protected
themselves
and in that process it's like both of
these things if it's not happening to
you as a user it's like okay how many
people have an access or you're storing
your passwords on you know on a notepad
and i've seen so many people oh we'll
store the password that's not good so
that's that's generally the reasons why
i've seen most of the social media
accounts hacking and if there's one
recommendation if i have to condense all
of this together what can help you to
stop things like this happening and
people don't realize the power of that
is something as simple as two-factor
authentication two-factor authentication
takes the probability of your account
to be hacked down by over 90
zero
it is such an important such an
important thing to have in your account
you should always have a two factor
authentication because even if your
password's gone a lot of times if your
session is
fishy you know it automatically comes up
as two-factor authentication and um
even if you're giving your password to
somebody at least the two-factor code
comes on your phone or you look at an
authenticator and that's something very
very important so that's my
recommendation on the social media side
of things so what is your cta to the
average everyday person so my
call to action for
anybody who's listening to this would be
something which is non-technical and
i'll explain why i say that
i think it's a psychological shift that
you have to make when you go on the
internet
we
do a lot of things on the internet any
action
on the internet
with certain assumptions which are not
right
when we see a call
which says on the top end to end
encrypted
we think there's nobody who can listen
into that
when we write an email to a particular
recipient
we think nobody can read that
when we go to our inbox on instagram and
write a message to somebody we think
nobody can read that
all of that's wrong
start by thinking anything that you do
on the internet on your cell phone on
your laptop on your oculus the new vr
world that we should we will talk about
all of that
assume it's public
[Music]
the moment you start with that
you are a very different human being on
the internet you're a different human
being who's using technology and i've
seen that being the fundamental problem
with most people because they think i'll
give you an example right because of
course so many people come to me when
their instagrams are hacked or facebook
is hacked you know this
one of the simplest thing that instagram
does which i think is a great feature
if your account is hacked
for say three days
and there are people who
hacked your account
writing mails or writing messages to say
500
you know accounts around the world do
you know this in one click
all of those messages will disappear
in one click of instagram that's how
they've designed it and it's a great
feature
because it stops the spread of
you know bad messages and nasty messages
because unfortunately when accounts get
hacked there's a lot of nasty stuff that
gets posted not just publicly but even
privately to your contact list etc etc
now imagine this
there are people who are actually
sitting in instagram
which have a 24 7 access to every
message that you write
this was a very
not so
comfortable press conference which
happened with uber
many many years back this is when
they had their ex-ceo
uh
travis and uh
a lot of bashing of uber this was
pre-ipo days and a lot of bashing of
uber was going on in a room where people
were like hey you know what the culture
is not good you got to be more
respectful of you know
the work that people are doing and the
company needs to be more transparent etc
etc
it was an evening dinner with people
having drinks people having food
and one of the vice presidents a very
senior person at uber
banks the table and stands up and says
guys
enough of this and this is a room full
of table full of journalists with some
of the top publications he says enough
keep this in mind that all of you have
an app called uber on your phone
and i know exactly where you guys go in
your evenings so don't talk about
transparency don't talk about canada
because i don't think you guys are
practicing that in your own life
can you imagine at how many levels
that's wrong hmm and the problem is when
you download an app
you don't realize what the app's doing
to your phone
what the app so your phone even when it
doesn't take any permission so you know
apps take permissions we all know that i
hope we all know that and you generally
say okay okay which is not required
anymore you can actually give
permissions for limited time right of
course uber will not work if you don't
give it the permission to access your
location which is a fact but on the
other it's not actually a fact you can
still enter the address manually but
assuming for simplicity you want to give
it the permission but don't give it an
access for 24 hours
you can go to your settings privacy
and disable the location access
of uber
of your phone because it's accessing
your location 24 hours
there's a documentary i'm happy to send
that to you and you can put that in your
link
it actually went ahead and tracked
android
and how closely does it track you
and do you know this your android phone
and also your iphone now
can track with more than 98
accuracy when are you sitting when are
you standing when are you driving when
are you walking when are you
all of that stuff
and you know why it's not because of the
permissions
that you know about it's not about oh
can i see your camera can i see your
pictures and you disable some of that
and you feel safe
there is no permission for your
accelerometer for your for your
gyroscope for your proximity sensors
these are all sensors within your phone
so when you pick up the phone
and you keep it in your pocket and slide
it in your pocket
basically these sensors know that the
phone is sliding in a particular
velocity in a particular angle
and it knows the height at which it's at
and if you combine that data together
it's actually possible to accurately
predict the exact activity that you're
doing
now imagine this if you're somebody who
likes running every day
or who likes to go ahead and uh you know
do it go to a particular restaurant and
you're sitting for food a lot of time
i'm starting to profile you on who you
are
and the moment i start profiling you and
i love seeing this line which says
humans are not as smart as they think
they are
we are actually living in a very very
large probability if you think about an
auto driver or uber driver
while it might be a random uber that you
take today which you will not take
tomorrow
the sum total of what money that an uber
driver or an auto driver make on an
average on a daily basis is actually the
same can you imagine how does that
happen right because
there are enough number of people who
take opportunistically and uber that you
will be taking and when you do that some
to total with the people who take it
regularly you can actually come to a law
of averages and you can come to say that
this is what the probability will look
like for a sum total mass that's data
science for you coming back why i gave
you that example was when you look at
the whole process around uh
you know putting this together around
the apps
and the amount of permissions that these
apps take
the permissions are only layer one even
after the permission there's so much
that the app knows about you that the
phone knows about you that you don't
know about so is the solution is the
call to action take your phone
throw it in the in in the yamuna river
the answer is no it's not i carry a
phone right so it's not that but i carry
it knowing what it's tracking me and
that's what creates a difference between
me
and 99.9 of people who use the cell
phone
so i know what it's tracking i know what
it's not tracking
if i don't want to be tracked there's a
lot of times where i'll just leave the
phone in the room
and i will just be without the phone
i'll be without the laptop we do a lot
of stuff which is with the three letter
agencies around the world
and out there you know we just leave our
cell phones we leave our laptops because
there's so much which can go wrong when
it comes to cell phones and laptops or
anything when it comes to technology
which is beyond what you would know
about
so that's my call to action the big one
around saying start thinking that
everything that you put on the internet
on your phone on emails is already
hacked
the moment you start there
your behavior changes on the internet
and then there's no question of going
ahead and clicking a picture that you'll
not be proud of tomorrow even if you're
just sending it to one person it does
not matter
so that's my big call to action then of
course technically have two-factor
authentication keep your operating
system updated make sure that you know
you're not clicking on random links uh
there's a ton of those which we can go
ahead and if you if you want a longer
list of this because i get this question
in almost every podcast i go to i we
actually created a free of cost app and
if that's of any interest your people
can download it it's called safe me
it actually has more than 100
three-minute videos in english and in
hindi it's got like 100 000 downloads
etc etc which basically goes ahead and
gives you
how to secure your whatsapp
how to secure your facebook and what are
the five tips to
secure your facebook account in the
right way and then it has a quiz so you
can take the quiz it has some question
if you do that it gives you a score of
how secured you are so i mean that's a
longer technical list if somebody's
interested but i would say the number
one the more important one is really
using the internet thinking that
everything's hacked maybe you could just
touch
upon
um cyber warfare a little bit and how it
concerns the everyday person super quick
you know you don't need to go too deep
into it
just in terms of what should we be
aware of as everyday citizens
and uh maybe a supplement question to
that is are you working with like the
indian government to help strengthen
this country's uh
cyber security
sure so the two questions from me let me
go in the reverse order of what you
asked are we working with the government
yes we are we are very fortunate to be a
part of
certain specialized types of assignments
and we've been doing that for a very
long time whether it was the launch of
the beam app where it was
upi whether it's various kinds of you
know national critical projects which
are out there
we've been very fortunate to be
associated and even certain things which
are confidential uh for various kinds of
agencies so yes that's been happening
it's been happening for a few years now
let's come to the first question about
cyber warfare and let's understand that
when you talk about cyber warfare and
there are a lot of definitions of cyber
warfare when you look at cyber warfare
from the side of nation states
trying to hack into you
in most cases what i've seen is they
don't give a damn about citizens unless
you are somebody who has information
which can affect the national security
which can affect the budget of the
country or things around that so a lot
of
i would say china trying to hack me is
actually not founded on some real
rational facts or data because frankly
speaking china doesn't care about
somebody sitting and having varapara in
mumbai and trying to hack into their
phone right because they have
arguably more important things to do so
when it comes to nation states that's
not too much of an issue however there
is a cyber warfare which you can talk
about which are non-nation states so
just to give you some perspective
last year when you talk about cloud and
you know using compute power
86 of hacks happened
on
normal users
not for their data but to mine
cryptocurrencies
so the point of making there is that a
lot of hackers
trying to get access to your laptop to
your cell phone
will not be to do anything with your
data it's almost like you know i'll make
more money by mining cryptocurrencies
because at the end of the day when
you're a non-hacker
with non-state-sponsored hacker you have
maybe a financial objective right or
motivation on why you're doing this so
it is seen and it's obviously becoming
you know the law of diminishing returns
it was obviously much more lucrative a
few years back and because the number of
bitcoins are limited to 21 million and
there's only a few million left to be
mined gets more and more difficult to
mine it uh they need more and more
compute power so that compute power
comes by hacking into a lot of these
innocent devices innocent cloud
workloads and a lot of that happens so a
lot of times when if your
computer suddenly becomes super slow
there is a good chance that that might
be because a hacker is doing some
cryptocurrency mining
using your compute computation power
which is out there on your laptop or
your cell phone and then there's always
the third fight type unfortunately right
and we've seen a lot of high net worth
individuals high net worth individuals
come to news a lot of hacks happen which
don't come to the news but unfortunately
we spoke about hacker as a service where
personally if somebody has a grudge
against you they would want to see how i
can hack you how i can get into your
instagram how i can get into your you
know whatsapp messages etc etc and that
happens all the time so uh so so i would
say that's what people
should be worried about should be
careful of not that china is trying to
hack your russia is trying to hack you
as an individual that's not too much of
a worry and you definitely want to spend
you spend 12 years of your life to
prepare for your real life in your
school you do that right unfortunately
cyber security education
is never it's never there i mean how did
you learn how to use gmail
i bet it was from your friends right
yahoo mail when you started youtube
right there's no course right now that
of course people try to create courses
but there's nothing formal being taught
for arguably one of the most important
dimensions from the lives of young
people today there is no structured
content to go ahead and say okay you can
use whatsapp but use whatsapp with these
three or five things in mind because of
what and how things are i'll give you a
small example like on whatsapp by
default it's very unfortunate that
people don't realize that their chat
backup
is enabled all the time
you know the scary thing about that
you can't delete your chat backup
so if you want to delete whatsapp right
now
your chat backup would still be there on
their servers and there's there's no
option that whatsapp gives you to delete
your chat backup
i
disabled my chat backup in 2014.
seven years there's no chat backup does
it cause some issues when i change my
phone the answer is yes but it's totally
worth it
right because when you have chat back up
and you know you now see a lot of these
cases of high profile celebrities and
you have these big screens in these news
channels with a yeah chat backup is kind
this was the chat backup and you know
through which how is that happening
because the chat backup was available
which was enabled by the person so
something as easy
as disabling your chat backup which is
an option deleting is not whatever is
there is there
and it will eventually come in when the
data protection act comes in india etc
etc that's a different story and
hopefully comes very soon but on the
other side
the the mobile app gives you the option
of disabling the chat backup moving
forward so people should do that
immediately but that's just one i can
give you a longer list is there a lot of
my videos which i stole you and save me
and it genuinely can make an impact on
securing you on the internet speaking
about whatsapp um you said jeff bezos's
whatsapp got hacked now jeff bezos is a
multi-billionaire with a great
intelligent team he's an intelligent man
himself
and i'm sure he had thought about cyber
security even before his whatsapp would
have gotten hacked for amazon for
himself
how does
someone like that was that powerful how
does their whatsapp get hacked
so
there is a very famous saying in the
world of cyber security
there are only two types of people on
the planet
one who know that they've been hacked
the other who don't
you know what that means everyone's been
acting
and that's the point which i'm trying to
make here
the way technology is designed
there are a lot of things called zero
days
which you would not know about think of
it like this
jeff bezos is the world's richest man
now
the world's richest man
for a second assume has all his money
inside
a vault
and he has a lock to lock the vault
right
now he's very smart he can spend a lot
of money to get the most expensive lock
on the planet which he does
and then locks it my question to you
can that vault be hacked
probably has to be no yeah
especially by the people who made it
now
suppose the people who made it that's
what i think
shah jaan did right they cut out the
hands of people who made taj mahal
because he didn't want to make it again
some people kill people who actually
make walls why because they don't want
any secret to be you know there but
if there is somebody extremely smart who
has made 50 more vaults
will have a little bit of understanding
of how this vault is made
and can i say
that person
might be able to crack the vault the
answer is yes
now if the person is able to crack the
vault with all the money and the power
and the access in the world will jeff
bezos be able to do anything if a person
is able to crack the wall to go inside
and steal the money the answer is no
this is exactly what happened to him
when he it's like me i'm using whatsapp
and i just told you like 10 things to do
for a better hygiene
can you ever get to a point where you
will never be hacked or you can never be
hacked the answer is no there are ways
to hack into systems
even when it's not connected to the
internet so the point of making there is
jeff bezos was using an application
which had something called a zero day
exploit which nobody in the world knew
about and if you want to buy these
exploits they're sold for crores of
rupees
so obviously considering how high
profile he is there's somebody
interested to hack him who paid crores
of rupees to that vault maker
not whatsapp but somebody who knows how
whatsapp works for example how the
operating system works for example and
paid a lot of money because it's
something very complex and he got that
exploit
executed that how do you execute it
simple you embed the exploit inside a
picture
and you send the picture to the target
so you get the picture
you all download the picture you see the
picture so by default my phone doesn't
download any pictures
simple hack right that's when you
understand you so so you simply download
the moment you download you think you're
executing that picture
you're downloading the entire code of
the picture even a picture is a code you
can right click a picture and open it in
a notepad
you'll actually see
that every every pixel is coded with a
particular number
and that's what creates a picture
but that's a notepad so i can add more
code to that also and there are ways to
execute it depending on the operating
system and the framework etc etc so when
you do that ranveer
jeff bezos fell for that
and a lot of his private pictures
were leaked on the internet and was was
hacked and he couldn't do anything about
it
that's the world's richest man for you
but
if he would have used whatsapp thinking
it can be hacked
he would not have an issue
when his phone gets hacked
that's the reason why i said that is the
pinnacle of using or the real cta out
here everything else can be bypassed
unfortunately so don't send nudes don't
do any naughty on your whatsapp or
instagram
uh you know be careful with how you're
using apps i think that's the moral of
the story okay before we move into the
twitter section because i promised the
audiences on this podcast that we're
gonna address this topic we have to talk
about the dark web and before i let you
continue i just want to chip in here to
the people listening to the long form
version of the podcast if it gets too
heavy we have a separate youtube channel
called trs clips so uh guys ensure you
subscribe to trs clips and we've kind of
built out the channel like a
nice user experience for people who want
quick information rather than listening
to the entire episode
mr saket modi
tell us about the dark web uh for
someone who doesn't understand what it
is what's the potential of it how does
one use it what's the current legal
status of the dark web all over the
world is there a future to it because
the last i heard that a lot of people
have stopped using it because of some
government regulations
but uh i mean that's that's the whispers
and i'm and i'm a complete rookie when
it comes to knowing about the dark web
so you're the expert so but let's
understand right
dark web doesn't always mean bad
i'll explain you this
google so if i asked you what is the
internet for you runway
what would you say
you say anything that pops up on google
any website that you know xyz.com dot
net dot org dot in whatever the point
i'm making there is ranvier that
there's a lot of information which is
indexable
by search engines in general means
normal people can go through it
however if you see that
chunk of information like your youtube
is accessible by everybody right
if you put all youtube all accessible
from google everything together
it's less than one percent of
information which is actually on the
internet so any information
which is not crawlable
by search engines
i'm putting it simplistically here just
so that you know we have a wide range of
audience
any information which is not crawlable
is something what we would call as dark
web
now
dark web is everything bad of course not
if i'm sending an email to somebody that
doesn't mean it's a bad thing no because
that's also part of the dark web it's
not crawlable by google
so
that's the first definition of dark web
isn't it not everything is dark in dark
web let's put it like that
you basically have various kinds of
systems and i'm talking systems because
i'm not saying laptop i'm not saying
servers all of the above
they are connected to each other using
routers
which is basically your internet service
providers right so it actually gives you
an access where you become a part of
this mesh network
where if i want to talk to you
on the internet on a cell phone you have
an ip address i have an ip address and
one ip talks to the other
so everybody has its unique identity as
ip addresses and then ips are talking to
each other in a very simplistic way
that is a particular form of a mesh
network to make communications happen
but coming back why i'm saying this to
you is that
if you think about the overall
mesh
you can create as many meshes you want
i can create an internet right now in
fact a lan network is also internet
right because you have 10 10 laptops
talking to each other
the
tor browser the tor project basically
created an internet of its own
once like how you have internet explorer
google chrome tor is its own
program it's its own application
internet explorer and google chrome are
browsers
which give you access to a particular
internet
which popularly known as internet
tor is
browser also
like google chrome tor is also a browser
but the browser is only the face
what tor has created which is more
significant than the browser is the mesh
is the network
where if you have to go to a particular
website and there are no dot com website
it all ends with dot onion
so you will see abcdfg dot onion
and there are like millions of websites
there
to be able to go there if you have to go
to google.com
your ip directly talks to the google ip
when i say directly it takes multiple
hops
but google knows what is your ip when
you are trying to talk to google.com or
gmail.com
the way tor is designed its mesh network
is
your ip because you always have an ip
when you are connected to the internet
you have to be connected to be able to
go to that deep and dark way which i am
now talking about the tor network
your ip will bounce between 20 to 50
different hops
where your identity will be matched
and then when you reach finally to the
website
where you're somebody selling drugs
somebody might be selling fake passports
somebody might anything that you would
think about they say that they even
stream child pornography and live
murders on the dark web so here's the
thing it's a place where it's very
difficult to trace the identity of
anybody you know that saying right i
think it was freud which says that if
you want to know the real face of a
person cover his face
and then they will tell you who they
really are
i am saying here is an ecosystem of
people
whose faces are always covered
you cannot find out who the person
unless a person decides this is who i am
it's not easy to trace back or vary so
when that happens
i'm not surprised
that you know all sorts of stuff whether
it's child pornography whether it's uh
you know unfortunately a lot of bad
things would happen so that is because
again the identity is
is is concealed out there so so yeah
it's like this it's like any shady
part in a city
right every city has a part
where you have all the wrong things
which go on
and it won't be one it'll probably 25
wrong things which go on because the
police doesn't have an access there
because the kind of people who stay
there are very accustomed to it they
don't have a kyc account with a bank
it's it's like that right so it's the
same thing on the internet and that is
in general what is referred to as dark
web dark web is everything but i know
what you were talking about so i took
you there also and that's what it means
how does one access the dark web like
because you can't download the tor
browser off of
internet explorer no you can absolutely
down you can of course and it's illegal
to download the tor browser yeah and
that's what so it might be a new
regulation that i'm not familiar with so
i've uh you know that's one thing that i
did not hear that you cannot download
the tor browser and by the way you don't
just download the top browser for wrong
reasons it's actually a great tool to go
ahead and hide your identity why do you
want google to know every time what
you're searching
why do you want you know facebook to
know every time where you're logging
from
so it's actually a good tool
for
making sure you're anonymous
and people are not tracking you
so it's not like tor is only bad users
as i told you in the beginning
technology for me of any kind is an
amplifier
if you want good you can amplify good
what you're doing if you want bad
unfortunately a lot of people amplify
bad and that becomes a problem ranveer
you want to talk anything else about the
dark web that's interesting for the
audience to know well remember the
hacker is a service example that i give
yeah that actually happens on the dark
web you have a lot of these forums you
have dark web has its own wikipedia dark
web has its own it's like a parallel
world
to be a part of these forums it's very
interesting no matter what amount of
money you pay if you want to be a part
of a dark web forum you know what's a
process
you can't pay any money to get in
the only way you can get into the dark
web forum is if you can get and the
different types of forum with different
roles but some popular ones is what i'm
talking about
you have to get at least x number of
people existing in the forum to vouch
for you that you're an authentic hacker
there are barters
so i've seen people talk about hey you
know what i have access to these 25
servers of this big e-commerce companies
do you want to trade that for 25 servers
of a big bank
wow
so so if you think about that and and
it's all trust based
so it's like people build their
identities over time they will use a
pseudo name right
you know yellow nikki flying 23
so many of these funny names that the
aliases that people will come out with
and over time they build a reputation
they build a credibility in the dark web
forums or what and how
you know people have and there are
dedicated forums on hey you want to hack
into a particular country you want to
hack into a particular type of industry
you want to hack into instagram you know
there are full-fledged discussions which
would go on there whose only job is to
go ahead and you know try to
collaborate
for hacking with each episode of this
podcast i do have to deep dive into
other people's heads and worlds
and from what i can tell about your
world is that you're in the middle of a
lot of volcanic eruptions everywhere you
know the world of cyber security it
seems like this this going down all
the time
and as one of the ethical people in this
world your job is to constantly like
protect the weaker people you're sort of
like think of it like a spiderman who's
going and just like rescuing a lot
and then you know i like batman
sure like you know you're helping gotham
city where is going down all the
time
and then even after you've done some
good you go away helping someone
else and some bad happens in the
first place that you helped anyway so
cyber security seems like this
continuous process of building armor man
am i right in saying this that it's it
seems like a super chaotic world dude
you're absolutely right and this is
where being in cyber security is so
exciting also
you can never
go ahead and
extinguish all the fire
it just won't happen and that's where
you pick and choose the most important
ones the biggest ones which are out
there
and then try to make sure that that
falls in place that
becomes tamed so twitter version i'm
sure that the next time we have you on
the show there's going to be even deeper
questions
um
first question is from let's tweet to
you all wisdom
which commercial android phone is secure
apart from the iphone how strong is the
samsung knox security i think they just
mean that what's a secure phone out
there
short answer none
okay that's where you need to start with
every phone has its own vulnerabilities
that keeps coming out all the time you
want to use it with awareness
historically the number of
vulnerabilities that have been reported
in ios are much lower than android but
you want to keep this in mind the users
of ios are also much slower than android
and a lot of secret stuff for zero days
for ios doesn't come out in the public
and therefore it's not like ios is far
more secure than android what has to be
secured is your way of using the phone
so your awareness becomes far more
important
than what the latest ios or android
phone is
crazy
what about the second question how
strong is samsung knox security samsung
knox is actually pretty good you know
what is it
samsung knox is basically a container
within your samsung phone where you can
store your credit cards when you can
store various kinds of notes etc this is
not branded guys this is just a
conversation yeah this is just yeah
samsung's not paying you money i wish
they were though
same thing are you listening
but here's the point it is actually
pretty good why because it's almost like
this you have a big house
and then you have one room which is very
very very clean and everything's
encrypted and everything has two-factor
authentication etc etc so that's what
samsung knox is all about i highly
recommend that it's definitely a better
way of storing data and information a
lot of scared people listening into this
podcast so don't be surprised if sam i'm
not doing fear mongering trust me yeah
i've just spoken all the time that's my
job dude
i'm the one who spreads feel get the
clicks
spread didn't say that on the record
okay
asks which country is the hacking
superpower usa china russia or india
out of all of them i would say there's a
tough competition between russia and
china
given what we've known
it would i would say
russia would take
the crown but keep this in mind because
it's so easy to spoof ip addresses
if i'm hacking sitting out of
egypt
i can go to russia's servers and then
hack into india and india will think
russia is hacking me
and therefore it's so difficult to
really point out where the hack actually
originated from
so there can never be a particular
answer in fact in my view
the best hacker or the best hacking
country is the one that you would have
never heard about
in terms of talent in terms of their
name ever surfacing that they even do
happen oh okay okay okay
but it's like it's like sherlock holmes
lines right the best place to hide
something is in plain sight
um but in terms of being a cyber
security professional
where you see most of the talent arise
from
when you talk about talent definitely
from an education perspective i would
say the u.s and india would be far more
when you talk about professionals which
are outside the government but when you
talk about government employed hackers
china would arguably
be one of the largest on the planet as a
cyber army and there are smaller
countries like israel is a great example
where their prime minister
openly says the way you have the army
the navy and the air force
they have a fourth division which is
only cyber and they do offensive cyber
and he's very public about it there's
nothing to hide there so that's just you
know where
uh where the countries are looking at
saurav dhangi asks a very simple
unrelated question but i think it's an
important question
because you're living in silicon valley
pretty much right now and you know in
the middle of the tech world
do you believe that getting paid for an
hour would be the upcoming work culture
all over the world getting paid per hour
probably as a freelancer
i actually think that the world will
move towards an outcome based payments
and not based on time
get us the results yes
oh interesting question adiraj nayak
asks if a person is not from an
engineering or tech background but is
seriously interested in cyber risks
ethical hacking etc can such a person
make a successful career out of these
domains and if yes then what are the
skills needed for the same
short answer absolutely a yes
today because of the online education
that you have
you don't need to have background in the
past
but do you not need to deep dive into it
now to get into cyber security no that
doesn't work so you can start now go to
coursera go to udemy go to khan academy
or all of these courses where you can
actually learn how to program start with
fundamentals you have to learn how to
code you have to learn how internet
works how databases work how compilers
works start from there and then you keep
building on top of it in cyber security
one of the certifications that i make
the entire team of mine take is
something called oscp offensive security
certified professional you know what
what the fun part about that
certification how the exam happens
there are no questions they give you
five ip addresses you have to hack it
and give them the result of a file which
is stored in that server somewhere
it's as hands-on as you can get just
five ips and you do whatever you want
it's called oscp it's run by an american
body called offensive security and it's
a pretty popular course in the hacking
community and it's uh pretty hands-on so
but that you will only be able to do
when you really understand the
fundamentals of how cyber works because
hacking in security is only step two and
it's really not different from the first
principles of computer science
so learn how to code and then go deeper
if you don't know how to code you can
always start
there's no there's no problems at all it
generally takes like three months to
become a decent level coder in six
months where you can champion it and you
have to do 18 hours a day i mean if you
love doing it why not just do it you're
the first person to put a timeline on
this statement we've had a lot of people
on the show say that like oh learn
coding the first guy who said oh it'll
take you three months to six months yeah
but you have to give yourself in really
that's the whole point because i see a
lot of people treat that as a hobby i'll
do it one hour a week it's not gonna
work out it's like going to the gym
right you have to be consistent and you
have to invest does coding change the
way your mind works
yes it does because
if you think about coding
it is
how the mind works
if you think about it what is
intelligence you are looking at me and
your mind is telling you if this face is
in front of you call him saket
that's a code in your mind
so when you talk about a code
it is exactly how a mind works because
what do you code you say if
a equals b
then print c
that's coding it's really that simple
it's if and else
so that's that's my view about you know
you actually get more closer to your own
self
when you actually understand how the
world of course that's where artificial
intelligence also comes in again for a
different day for you about it yeah yeah
the next time you're in bombay yeah
okay ayush bajaj with some questions for
you
will we see data privacy departments in
all organizations in the future
yes not only departments but you'll
actually have data privacy officers the
new data protection act which is right
now in the parliament which is expected
to be
passed in the next six months is
something that that
mandates all publicly listed companies
to have a dedicated data protection
officer appointed in every organization
so absolutely what are the new potential
risks to someone whose behavior can be
tracked through data i think that was
this entire episode pretty much watch
the episode
okay um do you think that frauds have
decreased now because everything has an
identity and he's linked it to the
aadhaar card situation
slightly yeah slightly and this is
brutal honesty i'll slightly diverge and
then come back
we work with payment processors around
the world
if i take the last five years data the
number of credit card frauds which have
happened in the united states versus
india the ratio is one is to 25
india is one
and the united states is 25.
india was one of the first countries to
go ahead and implement mandatory
two-factor authentication
which even today is not mandated in
united states and western america or
western europe
the reason i'm giving you that example
is that
we are off the charts when it comes to
frauds when i say of course there's a
lot of fraud which happens but the
amount of fraud and the number of rods
are much lower
and the number of transactions which
used to be much lower five years back
are now catching up because thanks to
upi we're actually doing more digital
transactions
than even the united states today just
just to give an everyday example when i
was traveling in the states about two
three years back when we were paying for
our meal through one of their food apps
you didn't have to go through the whole
enter your cvv
enter your otp it was just a touch of a
button and it gets paid and that's
actually dangerous exactly because if i
just have your card which i can easily
siphon i don't need to put my hand in
your pocket i can actually have these
readers because you have this nfc
and your card and your mobile phones
enabled with that so i can actually get
an nfc reader and i can clone your card
without you knowing about it it's a
reasonably easy thing to do and that's
the reason you have these cases these
days which are actually electrocuted
from the point of you know it creates
this vacuum chamber where somebody's
trying to copy your card they're not
able to copy so there are such cases
which exists these days but coming back
to what you were saying it's so easy to
replicate your card and once you
replicate people can just do fraud and
you can't do like
there's hardly anything that you can do
about it so it's a pretty bad situation
it's a worse situation than what it is
in india because india everything is
two-factor authentication which is
pretty phenomenal and now with upi i
would say we are at least five years
ahead
of what was there
uh you know for for western europe and
north america even today what is there
right now crazy
mr saket bruce wayne modi
that's pretty sweet
i'm a fan of that guy
a big anime fan ranveer so yes the first
time i met you i remember it was in this
garden outside the outside of shady hall
in banaras and you just said what's up
you started a conversation what i read
about it was that this dude seems like
he knows a lot of stuff that i don't
know and
for some reason he seems like he knows a
lot of stuff about everyone here
you shall never know about it
that's the energy you gave dude today i
understand why
so a pat on the back for my intuition
and a pat on the back for my team for
getting you to do this podcast you've
been very kind but there's a reason why
i wore yellow because i knew you were
wearing black
now to spook you out just just saying
no dude
so many more episodes to create with you
yeah you'll have fun it's really an
honor to be here i think you're doing
such a phenomenal job i wish there were
more runways out there because i think
the nation needs to get content of the
kind that you're producing so it's a
brilliant job there and it's such an
honor to be with you oh man and i think
the whole world needs more people like
you who are doing that batman kind of
in the gotham city of the cyber
space like all of us
holy
you live in a volcanic world that's what
i'll tell you and uh waiting to see and
hear more about all the volcanoes that
you've encountered until the next time
so thank you mr saket modi oh
sounds like i'm in trouble that's what
my parents would call mr sake or my
investors would call me but anyways
thank you so much for being with me here
and uh you know calling me here it's
such a pleasure and honor to be with you
appreciate it thank you
so that was the episode with saketh
towards the end if you've heard it till
this point you know that it became kind
of scary we're living in some scary
times and as we spoke over the course of
the podcast the cyber world is like
gotham and people like saket modi are a
part of the justice league or the
avengers of this city of gotham of this
world full of dangers saket modi is
going to be back on the ranvi show i'd
love to know from you guys what you all
are thinking about the new
flavor in the content that we're putting
out lately our new youtube channel where
we upload all the highlights of the
podcast you will see that we've kind of
shifted away from just self-improvement
into information into current affairs
into extremely relevant topics just like
this i want feedback from you guys so
please let me know what you think
remember to subscribe to trs clips put
the bell icon there as well and also
remember to follow us on spotify every
episode's available on spotify 48 hours
before it's available anywhere else in
the world even before it's available on
trs clips but either way guys thank you
for supporting the randby show this is a
new beginning for us and i hope that you
guys keep supporting us along the way
namaste thank you
[Music]
i
you
English (auto-generated)