relevant and scary piece of content in a long time this is our episode with saket modi the co-founder and ceo of a company called safe securities from beginning his journey out of an engineering college in india he's now based out of silicon valley where he's helping governments international organizations and obviously all sorts of tech startups with their cyber security problems with cyber crime on an all-time rise throughout the world with hacking becoming a very very mainstream skill as well as a mainstream problem it's the age of what i call the cyber batman which for me is saketh modi and his team of 200 plus engineers who are helping people secure money secure their systems secure their privacy and secure their reputations this particular podcast is one of the freshest pieces of content we've released in a while please watch it till the end remember if you don't want to check out the entire podcast then highlights of this episode are already uploaded on trs clips our new youtube channel and also remember to follow the runway show on spotify where is spotify exclusive which means that every episode will be available on spotify 48 hours before it's available anywhere else in the world a very important piece of content for you in the modern day this is saket modi on the runway show [Music] sagan modi welcome to the ranvi show super pumped and a little scared of you honestly your friends runway don't worry you got you covered uh you know some people might call you a hacker some people might call you an entrepreneur some people might call you an ethical hacker dude how would you define yourself what do you do i'm a geek and a nerd that's really who i am okay i actually don't like putting adjectives in front of the word hacker you know i'm very comfortable if somebody calls me a hacker i actually think it's a it's a badge of honor and we can get into it if you want uh on what do i mean when i say that but uh who am i somebody who loves diving deep into anything that i i set my eyes and touch and feel and uh that's what has been my life since the very beginning i want you to share two stories the first one is a story you told me in our waiting room about the time you went viral on twitter and national tv and the second story is your origin story man how did you begin this whole hacking process because i've had conversations with you at this point in your life and you have a very elaborate brain so let's begin with the viral story and then go to your origins yeah you know it makes me feel like dr zeus with an elaborate and how descriptive you are with that but let's come to the two questions you asked the first one uh you know i run a business to business b2b startup so i i understand very little about virality that you are the champion of and uh and this was like i think three years back where i was on national television where i had the i.t and the law minister with me and uh very unfortunately he was not given the brief about the background of the work we do for the government and you know aligned to their mission of transforming the country in a digital way the digital india you helped the government with a lot of their cyber security based oh yes absolutely so when you look at beam when you look at upi when you look at some of our most critical infrastructure whether it's airports whether it's banking whether it's the power and uh you know the grid side of things uh we are responsible for majority of the key names that you would know about in each one of these sectors and we protect them so unfortunately the minister was not briefed and i guess he was running back to back on meetings so he he just came in and he was given a brief that here's this hacker who's this young dude who's gonna come and show a live hack so within the first five minutes of the show he actually started by saying that if you dare to show a hack on this show this is live television i will have you behind the bars and keep this in mind he was not just the i.t minister he was the law minister of the country also and as if that was not enough he says you see those two people standing there i've got them in case you do anything mischievous it happens right now right here so that's where the program started and uh i still remember my parents telling me that you know when they were watching it like oh my god what's happening you know it's like that bollywood movie movement you know that you don't know what's going on it's definitely not scripted like anil kapoor have you seen it yeah i have and i love that movie and you you got it right so so so something like that and uh and and you know the whole show happened and i did show some live hacks out there and and the message was very simple that you know technology is really not evil it's really not good it's really an amplifier of anything that you want as a person right i went through some of your you know videos while preparing for this interview and i was amazed to actually get so much knowledge from your videos runway which is you're using technology in a positive way unfortunately there are a lot of people who use technology in a negative way by stealing information of people by misusing their trust on technology uh by snooping in into conversations and doing some very raw thing wrong things like frauds etc etc and that's not good so my message was actually pretty neutral i because i told you my only definition is i'm a geek and a nerd and uh i i technology is one of those things that i'm reasonably you know good at because i'm a computer science engineer and uh the audience got that so at the end of that show when it was you know aired and uh to my pleasant surprise it was aired seven days back to back every day in the evening like literally and i for the first time felt what is the meaning of you know going viral on twitter and i had not seen such violent and such um such nasty comments against the minister because uh because the twitter understood that i was not doing it with any intent which was malicious it was not to do fear-mongering in fact if if you will see that show which is still live which is still on youtube uh you will see it was a lot of very positive reinforcement saying guys we can't go away from technology because it's like going back to the stone ages but not using technology with awareness is the problem that most people face because of which there's so much frauds that happen so that's what happened when we're uh i want to also hear your origin story but maybe for some context related to this story and just who you are yeah what scares you about technology going forward and what should scare audiences the two questions the first part is i'm very very blessed and fortunate in my life when we're you get scared about things where you have wrong assumptions or wrong understanding with if you think about it the people who are not scared of ghosts are the ghostbusters the people who are not scared of snakes are the ones who know about snakes reasonably well so what does technology or you know things about technology that scare me nothing in fact i don't know anything in my life that scares me i'm very fortunate that way because i understand that at the first principle level let's put it like that so when you do that it's like it's like i'm very comfortable and there's nothing that scares me data backed what i can tell you and i think that's what you're trying to get to that can technology be used for wrong purposes the answer is an absolute yes when albert einstein came up with the formula of equals mc square he wrote a letter to the president of the united states saying that this formula itself is so powerful which can those days they used to have bombs which could bomb one ship and he said that if you use this formula for destructive purposes which it happened in the future we saw hiroshima and nagasaki for the same you will not destroy ships you will destroy an entire port and even cities and the reason i'm saying that is it is the same formula which gives us today usable reusable nuclear energy which is now used to power a lot of our houses etc etc but it's the same formula which actually created the atom bomb technology is exactly that the moment you use it for the wrong purposes there's a lot of wrong that you can do the moment you use it in a positive way you actually create a very positive impact so i mean i'm saying it will be used for bad it will be used for good uh i hope it's used more for good than bad but that's that's my views around you know the fear of technology ranveer and what your organization does is basically provide security to the everyday person and the everyday business to protect those people or that business from the dangers of technology that are very possible in the modern day so you're sort of making an armor and maybe weapons for those people to protect themselves absolutely so that's the most simplest thing and you put it very beautifully what we basically try and do we know that there are too many armors already out there for cyber security when it comes to businesses what we actually do and i'm going slightly deeper here where we take all signals from all armors let's take an example any large bank right and we work with the largest banks on the planet whether it's in new york or it's in navi mumbai we we work with some really large banks so they have anywhere between 100 to 150 cyber security products in their environment they'll have an antivirus they'll have a firewall they'll have a dlp sim blah blah blah what we do is we take signals from all of these products put them together in a centralized data lake we've created algorithms with mit in boston so we've been doing a lot of joint research with mit for the last three and a half years where we predict hacks so we say what is the likelihood that there will be a ransomware attack in a bank in the next 12 months and it's pure application of machine learning and data science that we apply to be able to it's almost like an oracle which can predict and if you think about it there are a lot of industries which do it for example the insurance industry it only works on predicting hurricanes it works on predicting you know whether somebody will die at some point or not and when you take the the the probability across a particular sample set of users you can actually predict that look will a particular event happen in a given sample set of audience so let me get this straight you yourself understand how to hack systems okay that's established yes now i know that you're an engineer you're from iit you're from iit bombay well that's a funny thing i was a visiting faculty okay and then we got incubated from iit bombay okay so iit bombay is the shareholder of the company and of course we spent a few years there i'm from a college in jaipur it's a college called l m iit this is ellen mithal's dream to make an iit god nice so because you have an engineering background yes you probably perceive the world and your subject extremely mathematically and you're a coder so again that whole mathematical inclination is reinforced now you yourself and your team of hackers i would say your team of people are capable of hacking understand uh okay these are probably the weak uh points in the world's internet map yep and you say that if we had to hack some places it would be these places yep that's why the evil hackers will try hacking yeah uh and somehow you're able to quantify the data in your own mind and build out algorithms and build out systems which will protect exactly those weak points you put it extremely beautifully you're absolutely right and when we what we do there is that and going back to a very cliche line so so definitely you know we are the people who actually for many years have been even ethically hacking these big banks and big airports and big e-commerce companies to show them vulnerabilities and loopholes which they need to quickly patch before a hacker can actually intrude into those systems which are out there is it a part of your sales game hey by the way we hacked your system well you you know what that has happened in the past that that has happened because and by the way a lot of times our customers ask us for the same because when they say that okay show me how competent you are you actually go ahead and and of course you do that with permission with authorization we sign an nda we sign the authorization to try to breach them in a given time frame of you know say seven days or 14 days and we actually run a campaign where we try to intrude into their systems we'll intrude through so a large bank will have say 25 000 systems right so you can actually include through one system and then do something called lateral movement because the system is connected to the vpn which is the internal network and you can hop from one system to the other to the other till the time you get to that particular system which is storing the databases where transactions happen so this was i think last month where we demonstrated to a very very large bank in europe how to transfer money from any account to any account live so we transferred money from the ceo's account to the head of securities account in real time and they're like oh my god is this real and we showed them that and this is very normal so we probably you know get to see this like all the time on how so it's it's like for a lot of people who don't come from my world it might be like hey is it even possible i thought systems were supposed to be protected i wish it was that idealistic on when you look at systems and security so i was reading your wikipedia page which said that you hacked your school system to get some chemistry paper uh answers and then you basically were able to cheat on an exam is that true is that a true story that's how you've gotten hacking i i've been a geek and a nerd always all throughout yes uh i was in my school where i went ahead and basically hacked into chemistry because i was a terrible student and this goes back to the second point if you want i'm just going a little bit into my story sure my report card used to have more reds than blues i was a terrible student but there were three subjects which was mathematics computer science and physics which i was almost always top of my class like those were my subjects those were things which i always enjoyed right speaking about your bad grades i just want to say don't judge a fish by its ability to climb a tree but go on well you you're right in that way because uh those were things where i was not interested and i was a fish very clearly who did not want to climb that tree and that's the reason why there were so many reds in my in my report card whenever my parents used to go to the school and like oh my god this is not good and but because there were a few subjects we were really good at chemistry was one of those subjects where i used to like back to back to back to back to back fail like every time i never wanted to learn those complex formulas and things around that and this is right before the board examination where my my teacher and you know literally i got this thing from the principal of the school saying if you don't go ahead and pass this exam you'll not be allowed to sit for your boards you know there's something called pre-boards so you know this you do those things so i had to do something and that something was not study so so we you know i was there in the they used to type the computer paper in the computer lab but my teacher was very smart she went ahead and she locked it was a microsoft word paper so you know you can lock a microsoft word file with password um we used to play a lot of counter strike back then uh in the computer lab so we you know it was easy to actually get an access to the file get it on my system to get on my pen drive got it to my home system and simply ran like very freely available there's something called brute force tool and what's brute force in a very simple way if you think about passwords it's always a combination of lowercase uppercase special characters and numbers so a brute force tool simply tries all combinations possible so we'll start with a and then a a b a c a d and probably do like you know tens of thousands of attempts every second so you know at some point it will crack the password so it was really that simple uh download a tool give it a big dictionary or a library of words or just let it do random you know permutation combinations and then try to basically leave it for i left it for like eight or nine hours and i got the password so it was really that simple i did go and confess to the teacher i said ma'am look this is something that has happened and uh you know just for you to know this is something which uh which i didn't intend to do but uh but i i still did it because uh i had i i wanted to pass the exam and this was right before the exam so you know it was very legal when i say legal because i'm telling her right before the exam room this is the last exam before the boards and uh i went to her like 30 minutes before the exam and she was like you're telling me now are you serious and then she's like you know do whatever i'm i'm okay i still scored like 65 out of 100 in that because who wanted to learn all the answers like too long i like dude no that's not me so there's no red flags because i didn't suddenly become the topper from being like you know very bad student uh but yeah that was my first uh tryst with uh real hacking and uh and and using that and of course i did reasonably well in the board so all good why did you tell them that's your ethical part of the ethical hacking coming out actually not and i'll tell you why and this might be counter-intuitive i actually thought that it's like covering your base you want to think of it like this right at that time right before the boards 30 minutes before the exam etc etc it was not supposed to be something which i mean she could do a lot with right she was she was like she was a very sweet lady and she was very very knowledgeable etc etc and the good part would be i thought i'll be in a good books because she's like look he came and he told me and because he was just 30 minutes back i like hey you have to do things back to back to back and you know you have 5 000 things to take care of when your subjects exam is starting out so i actually thought it was a part of the plan because when you do that in a way you are just uh you know removing any risk uh from from the fact because i could tell her that look i told you and then i sat for the exam and uh and then the thing she was disappointed with was like then even then why are you not scoring the highest mark so like that's what she was disappointed with i like ma'am at least passed right i said okay do the best in the board so i actually i actually think that was the reason why why that happened so what i'm assuming is that you kept working on your hacking ability through college through the years and then you figured oh an application of my work is actually helping the world with cyber security uh somewhere maybe your entrepreneurial side kicked and you said okay this can be monetized and uh that's how you went down the business route yeah so uh i've been very fortunate i have two degrees one i'm a computer science engineer the second i'm a marvy from calcutta so when you talk about your mba degree that's what it is right so i was i was deep into anything that i would do ranveer so uh computer science when i was deep into it i would go to the first principles of how does it really work right at the bits and bytes in the register level where you have the nand and the zor and the uh you know different kinds of gates interacting with each other and like forget computer science i'm actually talking electronics right microprocessors exactly so so how does how does different kinds of registers interact what is machine learning code like really to the first principles of how computer science works but that's not the only thing i was doing right there's a lot of other things right i mean i had my own table tennis team we were playing nationals i had a band of my own i was playing national chess i was there's a long list of because anything that i was doing uh the common theme was always that i was deep diving into it like really going deep in which i was enjoying doing so if i was not an entrepreneur right now and i was playing chess or as a table tennis player i'd be equally thrilled and excited so i was very lucky in that way however this became one of those things where because the opportunity was very large and it was almost like a green field where it was like cyber security still a 160 billion dollar industry growing at 16 year-over-year so it's not a crazy big industry but at the same time it is among the top three fastest growing industries on the planet so again the engineer and the geek in me data driven said that it's a great place to be because uh if i can go deeper into it and make certain things which which can really move the needle and it's not just cyber security the good part of cyber security is it's actually first principles of digital anything to do with technology will always need security and the future of our metaverse uh our fidget world which is physical plus digital is always going to have this premise on which it will grow and that is called cyber security so i was i was like look it makes a lot of sense if i'm gonna be spending 20 hours a day for many many many years to come it just makes it's like this right if you roll a ball on a mountain like a big ball is it easy to do it is it tough to do it the answer will be depends on the direction you're rolling if you're rolling the ball downstairs you probably need to stop it because it'll be too fast if you're rolling it up there's so much more work you have to do so it's the same with career in my way because it was almost like this i i was fortunate to be in a career where there's so much of tailwind where it's like all i have to do is not do something stupid and if you don't do that there's a high probability you end up making something which is a which an organization of the future and can be potentially a very very large and impactful organization and on a day-to-day basis with how cyber security is evolving with how hacking is evolving with all these russian and chinese hackers out there supposedly does your world get more and more exciting every day and is it more and more challenging do you also have to kind of polish your weapons constantly short answer absolutely yes and that's the thing about cyber and the world of cyber right if you think about it we went from being uh it's like two-dimensional movies to three-dimensional movies and now your five-dimensional movies right we have sensory organs blah blah blah the dimensions keep expanding if you think about it the physical forms of attacking warfare was always very very two-dimensional you have a third dimension where you have this air also and you get the air force etc etc but but it's actually something which you can see in a map suddenly when you talk about cyber the amount of like the damage that you can do in the multi-dimensional facet because every key ammunition or weaponry in today's day and age is also enabled by cyber so there is a dimension where all kinds of weapons that you would be seeing in the near future if they're not cyber driven they're a thing of the past it's not accurate by cyber driven you mean connected to computers or the internet or both no i'm saying the computer will become the weapon okay it's like cyber warfare no i'm saying the computer will become the weapon means what in your view is a tesla car a lot of people will say it's a car which is automated if you really look at that it's actually a computer which has four wheels and it's a very different way of looking at it runway right so i am saying when you think about weapons the real ip the intellect property out there today in a ak-47 is the fact that the speed at which the bullet comes out when you pull the trigger i'm saying the ak-47 of the future will be a computer that you'll be carrying in the form of an ak-47 but the fact that you can lock in the target by say a few miles far away and do profiling of people that you want to selectively shoot you can decide the speed depending on the the wind the altitude the pressure it auto detects the target that you are programming it to look at and then auto shoots itself you don't need to put a trigger in fact that's what drones are and and that is a computer which is making the attack it's not a weapon which is a little bit of automation and that's the difference in mindset that i'm talking about that when you talk about the future that's the reason why it's so scary because when you talk about any one of these dimensions and this is only the physical side there's a virtual side to it because to coordinate between all weapons you need that to be on a network if not on the internet because the no army will ever be on the internet because it just exposes them there's a dmz between their own network and everything else and that becomes the problem why because if you have one intruder who comes in into one piece of that network you basically have the visibility of the whole network which is out there so it's almost like alan turing and how basically somebody's able to crack the encryption which he did with for the german code uh during the world war like almost the world was over because they were communicating using those encrypted ciphers and encrypted channels and if you're in it you could just hear everything and understand the strategy out here that's how cyber can be in a physical warfare because when you're inside there is just this humongous amount of stuff that you're able to do with with things and that's only physical and then of course you have the actual digital warfare if you know for example when the standoff with china happened recently what most people don't realize the action was not happening at the borders it was happening on our websites there were more than one million websites one million which were hacked on both sides because there were 16 year old hackers who were very patriotic and wanted to breach into the other countries on both sides not just one wow and they will hack into the website and put a flag of india or flag of pakistan or flag of china whenever these wars happen and this is just a brand new trend on how hacks are gonna evolve in the near future so hackers have sort of become the new soldiers of the country in some ways well considering the amount of respect i have for soldiers i don't want to put all hackers there because you want to keep this in mind while a hacker might have a skill to do something wrong most of them don't they just use tools we call them script kiddies but assuming that there are obviously a number of them which are really technical who really go to the first principles to understand how hacking works remember having skill is not equal to being a soldier it's almost like this right i can fight very well doesn't mean i'm a soldier there's a badge that you carry as a soldier because that means you have some moral responsibility you're working in a framework because you're very skilled doesn't mean that you decide when you go and intrude the territory there is a synergy there is a cohesiveness in which you are working with a plan with a strategy and there is an end outcome that you want to go after in this case uh if there's an independent hacker who's trying to do that that doesn't sound like that's the reason why i don't want to degrade a soldier when you when you call them a hacker but yeah they're trying to contribute saying go for it we are with you so yeah gotcha man saketh modi i've got so many questions dude um do you think that i mean i'm sure that the governments all over the world know about the power of skilled hackers as you said you know people who actually understand the abcs the government definitely is picking up some young talented kids and telling them to work for them to you know help with security or to maybe cause attacks on other say rival countries i don't know dude what do you have anything to say about this because we do know and joe rogan keeps talking about this that a lot of the um you know so there's these infamous pages in uh usa which actually drive political campaigns or they kind of affect other people's political campaigns badly like the whole hillary clinton thing that happened in usa they say was driven by russian hackers so is there like an india versus china version of this happening where chinese hackers actually trying to affect indian minds because that's what a lot of geopolitical experts believe that for example we see a lot of say woke culture which is making its way in india uh now if you go into the social dilemma documentary which says that social media affects your thoughts uh they say that a lot of the work culture people here which are usually extreme left-wing extreme and again i'm not aligned so i'm not i'm not accusing them but that's how they are extreme left-wing overs and overly sensitive all about cancer culture historians and geopolitical experts believe that this entire section of people is actually extremely affected by what chinese hackers in the chinese government is doing to the indian internet so what do you have to say about this whole spectrum of things because i'm sure you've had these conversations before in your life i have uh with your permission i will take a step back because what you're asking is tell me about the impact of these various kinds of hackers and because you touched on various kinds of hackers let's start with the definition of what's a hacker right let's just because i want to put it out there so that people understand because you spoke about a group which influences your mind then there is a group which directly hacks into your whatsapp jeff bezos his whatsapp was hacked right then there is this group which hacks into you know your beam payments and take money from it right and then there is a group which goes ahead and basically does nothing but just posts uh things online and tries to create a ruckus out of a lot of stuff right there are various kinds of groups if you think about it what we call as threat actors but what is the common thing between them because if i call everybody a hacker there might be a little bit of confusion so let me take a step back and let me just give you like a three-minute explanation on in my view what's the meaning of a hacker sure in my view the meaning of a hacker has nothing to do with the conventional meaning of hacking if you asked me the greatest hacker of our time in the last hundred years has been albert einstein and i'll explain you what i mean by that oxford dictionary says the meaning of the word hacking is to make something do that it's not designed to do so if you take a toothbrush and clean the mirror with that that is hacking the toothbrush because the toothbrush was not designed to clean the mirror but guess what you were able to use the toothbrush for something else which was not designed for that is the meaning of hacking how does it apply for technology when you go to a website and keen some queries on the website by which you were supposed to get an access to your own inbox but you got an access to somebody else's inbox that's hacking it was not designed to do that but it happened you got an access to somebody else's whatsapp messages it was not designed to happen like that but you made it happen so that's hacking from a technology context but hacking in general has nothing to do and why did i say albert einstein is the greatest hacker of our time hacking simply means that you go so deep into any subject for me you're a youtube hacker because you know so much about the right way of utilizing youtube knowing your audience what works what doesn't work because that's hacking right i mean youtube in general doesn't accept expect 99 of the people to know all of that but you know about it albert einstein knew so much about physics and mathematics that he could see things in ways people could not see it and therefore he was able to hack and come out with equals mc square and some of the most phenomenal insights that we have seen in the in the history of our mankind and therefore i call him a hacker so now let's come to your question right so let's get that out of the way that hacking for me simply means somebody you can dive deep and really know the first principles of how something operates and based on that you're able to go ahead and make things happen so now that we understand what hacking really is let's talk about types of hackers we actually generally categorize them into a few categories let's start with the first one which you referred to which is state-sponsored hacking a lot of people don't really know this but among the top five funded programs of north korea is to build an army of hackers there's a group called lazarus for example which was if you talk about hacking india there was this big uh hack which happened at cosmos bank in pune where real money was stolen out of the bank and it was a very interesting story where you they took over the bank in a way where you could go into any atm put the debit card off the bank and withdraw any amount of money you want and the balance will not deduct that's the level of sophistication that we are talking about and they lost millions of dollars in a span of a few hours and this hacks like this generally happen on a saturday afternoon because you have saturday and sunday where the bank is not working and then you have monday which which is the next day and it's already a lot of time between which you can siphon off the money you can take the money away etc etc there's a lot of psychology behind good hacking yes there's a lot of science and psychology behind good hacking i like how you put the word good in front of hacking i'm looking like a good money heist fan so i'm starting to understand it's like an art and you have to use your brain even from an empathetic point of view in terms of where can i hit the person in their weak spot absolutely and that's what excites me the most about hacking because that's what i'm saying that it is arguably one of the most intellectually simulating fields you can ever be on because it's designed to do things which people are not designing things to do so coming back state sponsored hackers that's one example where cosmos bank the atm switch got hacked and because of that a lot of money got siphoned out as if that was not enough that was saturday afternoon and of course the authorities were alerted and but the money was already gone as if that was not enough on monday morning they suffered a second hack where they had a few million dollars being wired through swift to a bank account in hong kong and that was like back to back two hacks on a bank which was expected to be pulled from this group in north korea and the money was all gone and this is just one example if you go through something called the mandiant report which was actually pretty popular a few years back it made a documentary about hackers employed by the chinese government in huge setups and you're talking about thousands of full-time hackers whose only job is to intrude into different countries get sensitive information out and use that to the advantage of china whenever the time is right and i can keep going on and on and on and on there was this massive attack called not petya which had a reported impact of 10 billion dollars where if you know for example merch which was which is one of the largest shipping companies in the world lost over half a billion dollars in cash because all of their systems the employees walked into their office and morning they're right next to a beautiful looking lake was their headquarters and the systems are all working in the morning 11 am all the system starts becoming red the screens one by one by one start automatically turning red and when that happens people don't know what's happening don't know how it's happening they're all calling the i.t support and guess what his own system is red wow and he has no clues what's going on and this was a shipping company where there were perishable goods which were coming into the into the port and you had the the the barrier the barrier which was now shut and the system which could actually take that up was shut down so you actually had a traffic jam of many many many miles with these big shipments which were supposed to get to the ship before a particular time otherwise the whole good would perish and you actually had like again hundreds of millions of dollars of actual impact that that company saw unfortunately this year again through a sp and that was done by allegedly russian state-sponsored hackers right there was another example where unfortunately we had an infant die this year in a hospital because of a ransomware attack that was also executed by state-sponsored hackers that were accused and i keep using the word accused because ranvir you will see it's extremely difficult to really find out who did what they did because in in the internet it is so easy to spoof your identity i'm going to come to that slightly later but for now those are some examples of arguably multi-billion dollar campaigns that governments are running to be able to go ahead and and try to get information from the arts because you know data is a new oil and everybody's digitizing themselves so if you know the digital infrastructure of a country there's a lot of damage you can do but that's only one category so you have a question i would assume that when you said ransomware hackers it's like holding someone to ransom that you either give me money or i will do this that's for ransomware but the example you spoke about where the traffic jam of ships was created not ships the the trucks which were going to come in to put their uh to put their goods on the ship is that also ransomware attack where you say that either you give us money or all your goods will be well this was also a ransomware where and this was even more deadly and i'll tell you why ranveer what happened in that case was because of this it's called not petya what happened was when you get a red screen you actually get a message which says transfer 300 to this particular bitcoin wallet and send an email to this email id that the money has been transferred and once you send us the particular transaction id and say this is what i sent the money i will send you the key to decrypt your data you know what happened in that case because that became so popular the authorities seized and completely blocked the email id so you can transfer the money on a bitcoin wallet you're trying to send email to the hacker but there's no email that gets to the hacker because that email address is now seized and is not being used so technically there was no ways to recover your data which was out there as if this was not enough the next stage of ransomware attacks these days is called something called docswear what is a docs where in a very simple way and where you will go in ransomware is where i've taken all your data on the phone encrypted it and i'm telling you you know what if you don't give me this much money i will delete your data explain what encrypted is for the audience encrypted in a very simple way if i was trying to talk to you right now in german it would be encrypted something i can't understand yeah it makes sense to somebody who knows german but it doesn't make sense to you because you don't know german like think of it like a code language like you know secret language yeah it's very very simple where it's a language which you don't understand it means encrypted in a very very simple way there is a key key means somebody who knows that language will know what you're talking about if i suddenly start talking a particular language it will be like oh my god what's happening right and that is the meaning of encryption right now coming back because it was encrypted the way ransomware works it'll come to your system or you'll come to your phone and it'll encrypt the data out there and basically say that you can't read that data anymore because it's encrypted only i as a hacker can read that data send me 20 000 rupees 50 000 rupees whatever different numbers and if you send me that money i will be able to go ahead and then send you the key using which you can decrypt it means that encryption will go away so in this case because you know it was it was obviously the email id was seized there was no way to retrieve it but the hackers have gone to the next level of something called docswear as you know losing your data is bad but you know what's worse if i have access to every picture of yours and your contact list and i tell you that ranveer i have all your pictures your actual pictures and they're all nice pictures but i will make a morphed picture of you where you will not be happy to see what you will see there i will put that picture in your stack of original pictures and i will send those pictures to every single contact on your phone [Music] can you imagine how deadly would that be i've had people crying ultra depressed to come to me with the fact that oh my god what do i do my world's gonna come to an end because somebody has access to certain things or is blackmailing with me with certain things and they're saying they'll put it out to my family to my friends to everybody and unfortunately there's no ways to go ahead and and recover that or try to get that back forcibly the good part is the the indian id act actually helps you if somebody's trying to do that to a girl etc etc there are some very very very very strict you know penalties the person will go to the jail if they continue doing that or they even try to do it once to a girl or even to a guy but that's a different topic coming back to what you ask that's called dark swear where you're saying that hey forget about deleting the data i will use the data to go ahead and then uh you know threaten you till the time you pay me money or do certain things that i want you to do who are the targets of these kind of attacks is it like powerful people is it someone's ex where someone's like yo i will mess up your world so i've seen all of the above so unfortunately it's basically somebody who wants to take revenge and that can be between countries it can be between companies it can be between individuals so this is like the modern day version of paying a gangster money to go and beat up some old business rival or old rival so this brings me to the next category of hackers called and their hacker as a service you know sas software as a service you have hacker as a service there are lot of underground forums runway where you can go and hire a hacker and you know what how easy it is you go to these deep and dark web forums so you use something called the tor browser to go to the deep and dark web it's a particular browser you need to use you just don't use that that's going to be a whole section okay we will talk about that but the point there is when you're at the dark web and there are thousands of these hacker as a service hire a hacker website where all you need to do is go and give the instagram id or the facebook id or the email id of the person who you want to get hacked the hacker will take that instagram id good part they don't take any money they say thank you for submitting the request we will come back to you in the next few days they will come back to you with a screenshot of the inbox of that particular instagram id just to prove to you look i've got an access to the inbox only once you're convinced that yes it looks like somebody really has an access to the inbox are you expected to give the money using bitcoins it's only like cash on delivery you see the product and then pay the money that's what is happening here so the moment you transfer the money on bitcoins you will get a dump of all the messages everything on the on the thing sometimes it might even give you the access with the username and password of the person there are various ways to do that as if this was not enough you will then get a survey form how was the experience wow if you recommend your friend my service i'll give you a 20 discount next time it's like this this crazy organized industry in the deep and dark web and unfortunately this is a reality now the most surprising thing is how much money does it charge the average amount of money is between 300 to 500 which is just 20 to 35 000 rupees how do those hackers actually hack into someone's instagram account so there are various ways to do it and that's the reason why i said there's no one particular way right so the more popular ways are really trying to do something like impersonating your session what that means is and that's the reason why like never ever ever ever ever click on a link that somebody sends you on your instagram direct message the easiest way and this is where again you spoke about social engineering in the in the beginning and that's why it's so exciting if i sent you a message on instagram or in read and i say ranveer it looks like the video that you shot here you're not looking great click here you know the odds of people clicking on a video like that especially if it's coming from somebody who you know and it's very easy to forge an email for the message from the name you can make a fake id you can there are too many ways to do that right so the moment you get that message and you click on it it takes one click one click that's it to basically give your cookies out have you ever noticed this one where when you switch off your phone and you restart your phone do you have to re-login into instagram no you don't have to because your sessions are saved even your ip address changed maybe you went from wi-fi to your cellular network uh sometimes you didn't switch on the phone for three days even then you don't have to re-login why because there's a session which is created with that particular app which is saved it's the same with browsers you don't have to re-login into gmail once you close your laptop you open it again gmail just pops up because there's something called cookies on browsers which gets saved cookies are simply long strings of random characters and they get saved to identify that runway gave me the right username and password and this browser belongs to runway so it has authenticated you and therefore it can say that this is runway so even if the ip address changes when you change the wi-fi to cellular even if you know your location changes even if you shut down and open your laptop even in that case it says it's still you so i don't need to give you a re-login which is out there so hackers when you click on a link a lot of times they're able to impersonate and steal those cookies because they're just text long text fields which are out there they're able to steal it and they will install those cookies on their browser so the instagram server on the other side or facebook or gmail server on the other side will start thinking hey this is runway talking to me and therefore let's go ahead and just uh you know figure that out and you know put things together so that's that's one example the other example like it might sound very very stupid uh but is very simply phishing emails like you you get phishing emails which are arguably one of the top reasons why people get hacked where you'll get an email from netflix saying you know 20 discount on your next renewal click here and the moment you click there it'll take you to a page will ask you for the username and password and you actually enter the username and password and the moment you do that boom it's gone to the hacker and and you know there's a lot of bad things which can happen after that right so so again impersonating your session by clicking on link giving your actual password where you're not supposed to and that's the reason why you look at the green lock on the top left of https because that means the data is encrypted and it's going to the right place it's a different story that you can have a phishing website with https also unfortunately so be very careful about the url and the third piece what i've seen unfortunately a lot of people do is uh they give access of their account to so many people who are not protected themselves and in that process it's like both of these things if it's not happening to you as a user it's like okay how many people have an access or you're storing your passwords on you know on a notepad and i've seen so many people oh we'll store the password that's not good so that's that's generally the reasons why i've seen most of the social media accounts hacking and if there's one recommendation if i have to condense all of this together what can help you to stop things like this happening and people don't realize the power of that is something as simple as two-factor authentication two-factor authentication takes the probability of your account to be hacked down by over 90 zero it is such an important such an important thing to have in your account you should always have a two factor authentication because even if your password's gone a lot of times if your session is fishy you know it automatically comes up as two-factor authentication and um even if you're giving your password to somebody at least the two-factor code comes on your phone or you look at an authenticator and that's something very very important so that's my recommendation on the social media side of things so what is your cta to the average everyday person so my call to action for anybody who's listening to this would be something which is non-technical and i'll explain why i say that i think it's a psychological shift that you have to make when you go on the internet we do a lot of things on the internet any action on the internet with certain assumptions which are not right when we see a call which says on the top end to end encrypted we think there's nobody who can listen into that when we write an email to a particular recipient we think nobody can read that when we go to our inbox on instagram and write a message to somebody we think nobody can read that all of that's wrong start by thinking anything that you do on the internet on your cell phone on your laptop on your oculus the new vr world that we should we will talk about all of that assume it's public [Music] the moment you start with that you are a very different human being on the internet you're a different human being who's using technology and i've seen that being the fundamental problem with most people because they think i'll give you an example right because of course so many people come to me when their instagrams are hacked or facebook is hacked you know this one of the simplest thing that instagram does which i think is a great feature if your account is hacked for say three days and there are people who hacked your account writing mails or writing messages to say 500 you know accounts around the world do you know this in one click all of those messages will disappear in one click of instagram that's how they've designed it and it's a great feature because it stops the spread of you know bad messages and nasty messages because unfortunately when accounts get hacked there's a lot of nasty stuff that gets posted not just publicly but even privately to your contact list etc etc now imagine this there are people who are actually sitting in instagram which have a 24 7 access to every message that you write this was a very not so comfortable press conference which happened with uber many many years back this is when they had their ex-ceo uh travis and uh a lot of bashing of uber this was pre-ipo days and a lot of bashing of uber was going on in a room where people were like hey you know what the culture is not good you got to be more respectful of you know the work that people are doing and the company needs to be more transparent etc etc it was an evening dinner with people having drinks people having food and one of the vice presidents a very senior person at uber banks the table and stands up and says guys enough of this and this is a room full of table full of journalists with some of the top publications he says enough keep this in mind that all of you have an app called uber on your phone and i know exactly where you guys go in your evenings so don't talk about transparency don't talk about canada because i don't think you guys are practicing that in your own life can you imagine at how many levels that's wrong hmm and the problem is when you download an app you don't realize what the app's doing to your phone what the app so your phone even when it doesn't take any permission so you know apps take permissions we all know that i hope we all know that and you generally say okay okay which is not required anymore you can actually give permissions for limited time right of course uber will not work if you don't give it the permission to access your location which is a fact but on the other it's not actually a fact you can still enter the address manually but assuming for simplicity you want to give it the permission but don't give it an access for 24 hours you can go to your settings privacy and disable the location access of uber of your phone because it's accessing your location 24 hours there's a documentary i'm happy to send that to you and you can put that in your link it actually went ahead and tracked android and how closely does it track you and do you know this your android phone and also your iphone now can track with more than 98 accuracy when are you sitting when are you standing when are you driving when are you walking when are you all of that stuff and you know why it's not because of the permissions that you know about it's not about oh can i see your camera can i see your pictures and you disable some of that and you feel safe there is no permission for your accelerometer for your for your gyroscope for your proximity sensors these are all sensors within your phone so when you pick up the phone and you keep it in your pocket and slide it in your pocket basically these sensors know that the phone is sliding in a particular velocity in a particular angle and it knows the height at which it's at and if you combine that data together it's actually possible to accurately predict the exact activity that you're doing now imagine this if you're somebody who likes running every day or who likes to go ahead and uh you know do it go to a particular restaurant and you're sitting for food a lot of time i'm starting to profile you on who you are and the moment i start profiling you and i love seeing this line which says humans are not as smart as they think they are we are actually living in a very very large probability if you think about an auto driver or uber driver while it might be a random uber that you take today which you will not take tomorrow the sum total of what money that an uber driver or an auto driver make on an average on a daily basis is actually the same can you imagine how does that happen right because there are enough number of people who take opportunistically and uber that you will be taking and when you do that some to total with the people who take it regularly you can actually come to a law of averages and you can come to say that this is what the probability will look like for a sum total mass that's data science for you coming back why i gave you that example was when you look at the whole process around uh you know putting this together around the apps and the amount of permissions that these apps take the permissions are only layer one even after the permission there's so much that the app knows about you that the phone knows about you that you don't know about so is the solution is the call to action take your phone throw it in the in in the yamuna river the answer is no it's not i carry a phone right so it's not that but i carry it knowing what it's tracking me and that's what creates a difference between me and 99.9 of people who use the cell phone so i know what it's tracking i know what it's not tracking if i don't want to be tracked there's a lot of times where i'll just leave the phone in the room and i will just be without the phone i'll be without the laptop we do a lot of stuff which is with the three letter agencies around the world and out there you know we just leave our cell phones we leave our laptops because there's so much which can go wrong when it comes to cell phones and laptops or anything when it comes to technology which is beyond what you would know about so that's my call to action the big one around saying start thinking that everything that you put on the internet on your phone on emails is already hacked the moment you start there your behavior changes on the internet and then there's no question of going ahead and clicking a picture that you'll not be proud of tomorrow even if you're just sending it to one person it does not matter so that's my big call to action then of course technically have two-factor authentication keep your operating system updated make sure that you know you're not clicking on random links uh there's a ton of those which we can go ahead and if you if you want a longer list of this because i get this question in almost every podcast i go to i we actually created a free of cost app and if that's of any interest your people can download it it's called safe me it actually has more than 100 three-minute videos in english and in hindi it's got like 100 000 downloads etc etc which basically goes ahead and gives you how to secure your whatsapp how to secure your facebook and what are the five tips to secure your facebook account in the right way and then it has a quiz so you can take the quiz it has some question if you do that it gives you a score of how secured you are so i mean that's a longer technical list if somebody's interested but i would say the number one the more important one is really using the internet thinking that everything's hacked maybe you could just touch upon um cyber warfare a little bit and how it concerns the everyday person super quick you know you don't need to go too deep into it just in terms of what should we be aware of as everyday citizens and uh maybe a supplement question to that is are you working with like the indian government to help strengthen this country's uh cyber security sure so the two questions from me let me go in the reverse order of what you asked are we working with the government yes we are we are very fortunate to be a part of certain specialized types of assignments and we've been doing that for a very long time whether it was the launch of the beam app where it was upi whether it's various kinds of you know national critical projects which are out there we've been very fortunate to be associated and even certain things which are confidential uh for various kinds of agencies so yes that's been happening it's been happening for a few years now let's come to the first question about cyber warfare and let's understand that when you talk about cyber warfare and there are a lot of definitions of cyber warfare when you look at cyber warfare from the side of nation states trying to hack into you in most cases what i've seen is they don't give a damn about citizens unless you are somebody who has information which can affect the national security which can affect the budget of the country or things around that so a lot of i would say china trying to hack me is actually not founded on some real rational facts or data because frankly speaking china doesn't care about somebody sitting and having varapara in mumbai and trying to hack into their phone right because they have arguably more important things to do so when it comes to nation states that's not too much of an issue however there is a cyber warfare which you can talk about which are non-nation states so just to give you some perspective last year when you talk about cloud and you know using compute power 86 of hacks happened on normal users not for their data but to mine cryptocurrencies so the point of making there is that a lot of hackers trying to get access to your laptop to your cell phone will not be to do anything with your data it's almost like you know i'll make more money by mining cryptocurrencies because at the end of the day when you're a non-hacker with non-state-sponsored hacker you have maybe a financial objective right or motivation on why you're doing this so it is seen and it's obviously becoming you know the law of diminishing returns it was obviously much more lucrative a few years back and because the number of bitcoins are limited to 21 million and there's only a few million left to be mined gets more and more difficult to mine it uh they need more and more compute power so that compute power comes by hacking into a lot of these innocent devices innocent cloud workloads and a lot of that happens so a lot of times when if your computer suddenly becomes super slow there is a good chance that that might be because a hacker is doing some cryptocurrency mining using your compute computation power which is out there on your laptop or your cell phone and then there's always the third fight type unfortunately right and we've seen a lot of high net worth individuals high net worth individuals come to news a lot of hacks happen which don't come to the news but unfortunately we spoke about hacker as a service where personally if somebody has a grudge against you they would want to see how i can hack you how i can get into your instagram how i can get into your you know whatsapp messages etc etc and that happens all the time so uh so so i would say that's what people should be worried about should be careful of not that china is trying to hack your russia is trying to hack you as an individual that's not too much of a worry and you definitely want to spend you spend 12 years of your life to prepare for your real life in your school you do that right unfortunately cyber security education is never it's never there i mean how did you learn how to use gmail i bet it was from your friends right yahoo mail when you started youtube right there's no course right now that of course people try to create courses but there's nothing formal being taught for arguably one of the most important dimensions from the lives of young people today there is no structured content to go ahead and say okay you can use whatsapp but use whatsapp with these three or five things in mind because of what and how things are i'll give you a small example like on whatsapp by default it's very unfortunate that people don't realize that their chat backup is enabled all the time you know the scary thing about that you can't delete your chat backup so if you want to delete whatsapp right now your chat backup would still be there on their servers and there's there's no option that whatsapp gives you to delete your chat backup i disabled my chat backup in 2014. seven years there's no chat backup does it cause some issues when i change my phone the answer is yes but it's totally worth it right because when you have chat back up and you know you now see a lot of these cases of high profile celebrities and you have these big screens in these news channels with a yeah chat backup is kind this was the chat backup and you know through which how is that happening because the chat backup was available which was enabled by the person so something as easy as disabling your chat backup which is an option deleting is not whatever is there is there and it will eventually come in when the data protection act comes in india etc etc that's a different story and hopefully comes very soon but on the other side the the mobile app gives you the option of disabling the chat backup moving forward so people should do that immediately but that's just one i can give you a longer list is there a lot of my videos which i stole you and save me and it genuinely can make an impact on securing you on the internet speaking about whatsapp um you said jeff bezos's whatsapp got hacked now jeff bezos is a multi-billionaire with a great intelligent team he's an intelligent man himself and i'm sure he had thought about cyber security even before his whatsapp would have gotten hacked for amazon for himself how does someone like that was that powerful how does their whatsapp get hacked so there is a very famous saying in the world of cyber security there are only two types of people on the planet one who know that they've been hacked the other who don't you know what that means everyone's been acting and that's the point which i'm trying to make here the way technology is designed there are a lot of things called zero days which you would not know about think of it like this jeff bezos is the world's richest man now the world's richest man for a second assume has all his money inside a vault and he has a lock to lock the vault right now he's very smart he can spend a lot of money to get the most expensive lock on the planet which he does and then locks it my question to you can that vault be hacked probably has to be no yeah especially by the people who made it now suppose the people who made it that's what i think shah jaan did right they cut out the hands of people who made taj mahal because he didn't want to make it again some people kill people who actually make walls why because they don't want any secret to be you know there but if there is somebody extremely smart who has made 50 more vaults will have a little bit of understanding of how this vault is made and can i say that person might be able to crack the vault the answer is yes now if the person is able to crack the vault with all the money and the power and the access in the world will jeff bezos be able to do anything if a person is able to crack the wall to go inside and steal the money the answer is no this is exactly what happened to him when he it's like me i'm using whatsapp and i just told you like 10 things to do for a better hygiene can you ever get to a point where you will never be hacked or you can never be hacked the answer is no there are ways to hack into systems even when it's not connected to the internet so the point of making there is jeff bezos was using an application which had something called a zero day exploit which nobody in the world knew about and if you want to buy these exploits they're sold for crores of rupees so obviously considering how high profile he is there's somebody interested to hack him who paid crores of rupees to that vault maker not whatsapp but somebody who knows how whatsapp works for example how the operating system works for example and paid a lot of money because it's something very complex and he got that exploit executed that how do you execute it simple you embed the exploit inside a picture and you send the picture to the target so you get the picture you all download the picture you see the picture so by default my phone doesn't download any pictures simple hack right that's when you understand you so so you simply download the moment you download you think you're executing that picture you're downloading the entire code of the picture even a picture is a code you can right click a picture and open it in a notepad you'll actually see that every every pixel is coded with a particular number and that's what creates a picture but that's a notepad so i can add more code to that also and there are ways to execute it depending on the operating system and the framework etc etc so when you do that ranveer jeff bezos fell for that and a lot of his private pictures were leaked on the internet and was was hacked and he couldn't do anything about it that's the world's richest man for you but if he would have used whatsapp thinking it can be hacked he would not have an issue when his phone gets hacked that's the reason why i said that is the pinnacle of using or the real cta out here everything else can be bypassed unfortunately so don't send nudes don't do any naughty on your whatsapp or instagram uh you know be careful with how you're using apps i think that's the moral of the story okay before we move into the twitter section because i promised the audiences on this podcast that we're gonna address this topic we have to talk about the dark web and before i let you continue i just want to chip in here to the people listening to the long form version of the podcast if it gets too heavy we have a separate youtube channel called trs clips so uh guys ensure you subscribe to trs clips and we've kind of built out the channel like a nice user experience for people who want quick information rather than listening to the entire episode mr saket modi tell us about the dark web uh for someone who doesn't understand what it is what's the potential of it how does one use it what's the current legal status of the dark web all over the world is there a future to it because the last i heard that a lot of people have stopped using it because of some government regulations but uh i mean that's that's the whispers and i'm and i'm a complete rookie when it comes to knowing about the dark web so you're the expert so but let's understand right dark web doesn't always mean bad i'll explain you this google so if i asked you what is the internet for you runway what would you say you say anything that pops up on google any website that you know xyz.com dot net dot org dot in whatever the point i'm making there is ranvier that there's a lot of information which is indexable by search engines in general means normal people can go through it however if you see that chunk of information like your youtube is accessible by everybody right if you put all youtube all accessible from google everything together it's less than one percent of information which is actually on the internet so any information which is not crawlable by search engines i'm putting it simplistically here just so that you know we have a wide range of audience any information which is not crawlable is something what we would call as dark web now dark web is everything bad of course not if i'm sending an email to somebody that doesn't mean it's a bad thing no because that's also part of the dark web it's not crawlable by google so that's the first definition of dark web isn't it not everything is dark in dark web let's put it like that you basically have various kinds of systems and i'm talking systems because i'm not saying laptop i'm not saying servers all of the above they are connected to each other using routers which is basically your internet service providers right so it actually gives you an access where you become a part of this mesh network where if i want to talk to you on the internet on a cell phone you have an ip address i have an ip address and one ip talks to the other so everybody has its unique identity as ip addresses and then ips are talking to each other in a very simplistic way that is a particular form of a mesh network to make communications happen but coming back why i'm saying this to you is that if you think about the overall mesh you can create as many meshes you want i can create an internet right now in fact a lan network is also internet right because you have 10 10 laptops talking to each other the tor browser the tor project basically created an internet of its own once like how you have internet explorer google chrome tor is its own program it's its own application internet explorer and google chrome are browsers which give you access to a particular internet which popularly known as internet tor is browser also like google chrome tor is also a browser but the browser is only the face what tor has created which is more significant than the browser is the mesh is the network where if you have to go to a particular website and there are no dot com website it all ends with dot onion so you will see abcdfg dot onion and there are like millions of websites there to be able to go there if you have to go to google.com your ip directly talks to the google ip when i say directly it takes multiple hops but google knows what is your ip when you are trying to talk to google.com or gmail.com the way tor is designed its mesh network is your ip because you always have an ip when you are connected to the internet you have to be connected to be able to go to that deep and dark way which i am now talking about the tor network your ip will bounce between 20 to 50 different hops where your identity will be matched and then when you reach finally to the website where you're somebody selling drugs somebody might be selling fake passports somebody might anything that you would think about they say that they even stream child pornography and live murders on the dark web so here's the thing it's a place where it's very difficult to trace the identity of anybody you know that saying right i think it was freud which says that if you want to know the real face of a person cover his face and then they will tell you who they really are i am saying here is an ecosystem of people whose faces are always covered you cannot find out who the person unless a person decides this is who i am it's not easy to trace back or vary so when that happens i'm not surprised that you know all sorts of stuff whether it's child pornography whether it's uh you know unfortunately a lot of bad things would happen so that is because again the identity is is is concealed out there so so yeah it's like this it's like any shady part in a city right every city has a part where you have all the wrong things which go on and it won't be one it'll probably 25 wrong things which go on because the police doesn't have an access there because the kind of people who stay there are very accustomed to it they don't have a kyc account with a bank it's it's like that right so it's the same thing on the internet and that is in general what is referred to as dark web dark web is everything but i know what you were talking about so i took you there also and that's what it means how does one access the dark web like because you can't download the tor browser off of internet explorer no you can absolutely down you can of course and it's illegal to download the tor browser yeah and that's what so it might be a new regulation that i'm not familiar with so i've uh you know that's one thing that i did not hear that you cannot download the tor browser and by the way you don't just download the top browser for wrong reasons it's actually a great tool to go ahead and hide your identity why do you want google to know every time what you're searching why do you want you know facebook to know every time where you're logging from so it's actually a good tool for making sure you're anonymous and people are not tracking you so it's not like tor is only bad users as i told you in the beginning technology for me of any kind is an amplifier if you want good you can amplify good what you're doing if you want bad unfortunately a lot of people amplify bad and that becomes a problem ranveer you want to talk anything else about the dark web that's interesting for the audience to know well remember the hacker is a service example that i give yeah that actually happens on the dark web you have a lot of these forums you have dark web has its own wikipedia dark web has its own it's like a parallel world to be a part of these forums it's very interesting no matter what amount of money you pay if you want to be a part of a dark web forum you know what's a process you can't pay any money to get in the only way you can get into the dark web forum is if you can get and the different types of forum with different roles but some popular ones is what i'm talking about you have to get at least x number of people existing in the forum to vouch for you that you're an authentic hacker there are barters so i've seen people talk about hey you know what i have access to these 25 servers of this big e-commerce companies do you want to trade that for 25 servers of a big bank wow so so if you think about that and and it's all trust based so it's like people build their identities over time they will use a pseudo name right you know yellow nikki flying 23 so many of these funny names that the aliases that people will come out with and over time they build a reputation they build a credibility in the dark web forums or what and how you know people have and there are dedicated forums on hey you want to hack into a particular country you want to hack into a particular type of industry you want to hack into instagram you know there are full-fledged discussions which would go on there whose only job is to go ahead and you know try to collaborate for hacking with each episode of this podcast i do have to deep dive into other people's heads and worlds and from what i can tell about your world is that you're in the middle of a lot of volcanic eruptions everywhere you know the world of cyber security it seems like this this going down all the time and as one of the ethical people in this world your job is to constantly like protect the weaker people you're sort of like think of it like a spiderman who's going and just like rescuing a lot and then you know i like batman sure like you know you're helping gotham city where is going down all the time and then even after you've done some good you go away helping someone else and some bad happens in the first place that you helped anyway so cyber security seems like this continuous process of building armor man am i right in saying this that it's it seems like a super chaotic world dude you're absolutely right and this is where being in cyber security is so exciting also you can never go ahead and extinguish all the fire it just won't happen and that's where you pick and choose the most important ones the biggest ones which are out there and then try to make sure that that falls in place that becomes tamed so twitter version i'm sure that the next time we have you on the show there's going to be even deeper questions um first question is from let's tweet to you all wisdom which commercial android phone is secure apart from the iphone how strong is the samsung knox security i think they just mean that what's a secure phone out there short answer none okay that's where you need to start with every phone has its own vulnerabilities that keeps coming out all the time you want to use it with awareness historically the number of vulnerabilities that have been reported in ios are much lower than android but you want to keep this in mind the users of ios are also much slower than android and a lot of secret stuff for zero days for ios doesn't come out in the public and therefore it's not like ios is far more secure than android what has to be secured is your way of using the phone so your awareness becomes far more important than what the latest ios or android phone is crazy what about the second question how strong is samsung knox security samsung knox is actually pretty good you know what is it samsung knox is basically a container within your samsung phone where you can store your credit cards when you can store various kinds of notes etc this is not branded guys this is just a conversation yeah this is just yeah samsung's not paying you money i wish they were though same thing are you listening but here's the point it is actually pretty good why because it's almost like this you have a big house and then you have one room which is very very very clean and everything's encrypted and everything has two-factor authentication etc etc so that's what samsung knox is all about i highly recommend that it's definitely a better way of storing data and information a lot of scared people listening into this podcast so don't be surprised if sam i'm not doing fear mongering trust me yeah i've just spoken all the time that's my job dude i'm the one who spreads feel get the clicks spread didn't say that on the record okay asks which country is the hacking superpower usa china russia or india out of all of them i would say there's a tough competition between russia and china given what we've known it would i would say russia would take the crown but keep this in mind because it's so easy to spoof ip addresses if i'm hacking sitting out of egypt i can go to russia's servers and then hack into india and india will think russia is hacking me and therefore it's so difficult to really point out where the hack actually originated from so there can never be a particular answer in fact in my view the best hacker or the best hacking country is the one that you would have never heard about in terms of talent in terms of their name ever surfacing that they even do happen oh okay okay okay but it's like it's like sherlock holmes lines right the best place to hide something is in plain sight um but in terms of being a cyber security professional where you see most of the talent arise from when you talk about talent definitely from an education perspective i would say the u.s and india would be far more when you talk about professionals which are outside the government but when you talk about government employed hackers china would arguably be one of the largest on the planet as a cyber army and there are smaller countries like israel is a great example where their prime minister openly says the way you have the army the navy and the air force they have a fourth division which is only cyber and they do offensive cyber and he's very public about it there's nothing to hide there so that's just you know where uh where the countries are looking at saurav dhangi asks a very simple unrelated question but i think it's an important question because you're living in silicon valley pretty much right now and you know in the middle of the tech world do you believe that getting paid for an hour would be the upcoming work culture all over the world getting paid per hour probably as a freelancer i actually think that the world will move towards an outcome based payments and not based on time get us the results yes oh interesting question adiraj nayak asks if a person is not from an engineering or tech background but is seriously interested in cyber risks ethical hacking etc can such a person make a successful career out of these domains and if yes then what are the skills needed for the same short answer absolutely a yes today because of the online education that you have you don't need to have background in the past but do you not need to deep dive into it now to get into cyber security no that doesn't work so you can start now go to coursera go to udemy go to khan academy or all of these courses where you can actually learn how to program start with fundamentals you have to learn how to code you have to learn how internet works how databases work how compilers works start from there and then you keep building on top of it in cyber security one of the certifications that i make the entire team of mine take is something called oscp offensive security certified professional you know what what the fun part about that certification how the exam happens there are no questions they give you five ip addresses you have to hack it and give them the result of a file which is stored in that server somewhere it's as hands-on as you can get just five ips and you do whatever you want it's called oscp it's run by an american body called offensive security and it's a pretty popular course in the hacking community and it's uh pretty hands-on so but that you will only be able to do when you really understand the fundamentals of how cyber works because hacking in security is only step two and it's really not different from the first principles of computer science so learn how to code and then go deeper if you don't know how to code you can always start there's no there's no problems at all it generally takes like three months to become a decent level coder in six months where you can champion it and you have to do 18 hours a day i mean if you love doing it why not just do it you're the first person to put a timeline on this statement we've had a lot of people on the show say that like oh learn coding the first guy who said oh it'll take you three months to six months yeah but you have to give yourself in really that's the whole point because i see a lot of people treat that as a hobby i'll do it one hour a week it's not gonna work out it's like going to the gym right you have to be consistent and you have to invest does coding change the way your mind works yes it does because if you think about coding it is how the mind works if you think about it what is intelligence you are looking at me and your mind is telling you if this face is in front of you call him saket that's a code in your mind so when you talk about a code it is exactly how a mind works because what do you code you say if a equals b then print c that's coding it's really that simple it's if and else so that's that's my view about you know you actually get more closer to your own self when you actually understand how the world of course that's where artificial intelligence also comes in again for a different day for you about it yeah yeah the next time you're in bombay yeah okay ayush bajaj with some questions for you will we see data privacy departments in all organizations in the future yes not only departments but you'll actually have data privacy officers the new data protection act which is right now in the parliament which is expected to be passed in the next six months is something that that mandates all publicly listed companies to have a dedicated data protection officer appointed in every organization so absolutely what are the new potential risks to someone whose behavior can be tracked through data i think that was this entire episode pretty much watch the episode okay um do you think that frauds have decreased now because everything has an identity and he's linked it to the aadhaar card situation slightly yeah slightly and this is brutal honesty i'll slightly diverge and then come back we work with payment processors around the world if i take the last five years data the number of credit card frauds which have happened in the united states versus india the ratio is one is to 25 india is one and the united states is 25. india was one of the first countries to go ahead and implement mandatory two-factor authentication which even today is not mandated in united states and western america or western europe the reason i'm giving you that example is that we are off the charts when it comes to frauds when i say of course there's a lot of fraud which happens but the amount of fraud and the number of rods are much lower and the number of transactions which used to be much lower five years back are now catching up because thanks to upi we're actually doing more digital transactions than even the united states today just just to give an everyday example when i was traveling in the states about two three years back when we were paying for our meal through one of their food apps you didn't have to go through the whole enter your cvv enter your otp it was just a touch of a button and it gets paid and that's actually dangerous exactly because if i just have your card which i can easily siphon i don't need to put my hand in your pocket i can actually have these readers because you have this nfc and your card and your mobile phones enabled with that so i can actually get an nfc reader and i can clone your card without you knowing about it it's a reasonably easy thing to do and that's the reason you have these cases these days which are actually electrocuted from the point of you know it creates this vacuum chamber where somebody's trying to copy your card they're not able to copy so there are such cases which exists these days but coming back to what you were saying it's so easy to replicate your card and once you replicate people can just do fraud and you can't do like there's hardly anything that you can do about it so it's a pretty bad situation it's a worse situation than what it is in india because india everything is two-factor authentication which is pretty phenomenal and now with upi i would say we are at least five years ahead of what was there uh you know for for western europe and north america even today what is there right now crazy mr saket bruce wayne modi that's pretty sweet i'm a fan of that guy a big anime fan ranveer so yes the first time i met you i remember it was in this garden outside the outside of shady hall in banaras and you just said what's up you started a conversation what i read about it was that this dude seems like he knows a lot of stuff that i don't know and for some reason he seems like he knows a lot of stuff about everyone here you shall never know about it that's the energy you gave dude today i understand why so a pat on the back for my intuition and a pat on the back for my team for getting you to do this podcast you've been very kind but there's a reason why i wore yellow because i knew you were wearing black now to spook you out just just saying no dude so many more episodes to create with you yeah you'll have fun it's really an honor to be here i think you're doing such a phenomenal job i wish there were more runways out there because i think the nation needs to get content of the kind that you're producing so it's a brilliant job there and it's such an honor to be with you oh man and i think the whole world needs more people like you who are doing that batman kind of in the gotham city of the cyber space like all of us holy you live in a volcanic world that's what i'll tell you and uh waiting to see and hear more about all the volcanoes that you've encountered until the next time so thank you mr saket modi oh sounds like i'm in trouble that's what my parents would call mr sake or my investors would call me but anyways thank you so much for being with me here and uh you know calling me here it's such a pleasure and honor to be with you appreciate it thank you so that was the episode with saketh towards the end if you've heard it till this point you know that it became kind of scary we're living in some scary times and as we spoke over the course of the podcast the cyber world is like gotham and people like saket modi are a part of the justice league or the avengers of this city of gotham of this world full of dangers saket modi is going to be back on the ranvi show i'd love to know from you guys what you all are thinking about the new flavor in the content that we're putting out lately our new youtube channel where we upload all the highlights of the podcast you will see that we've kind of shifted away from just self-improvement into information into current affairs into extremely relevant topics just like this i want feedback from you guys so please let me know what you think remember to subscribe to trs clips put the bell icon there as well and also remember to follow us on spotify every episode's available on spotify 48 hours before it's available anywhere else in the world even before it's available on trs clips but either way guys thank you for supporting the randby show this is a new beginning for us and i hope that you guys keep supporting us along the way namaste thank you [Music] i you English (auto-generated)