22 year old Sunny Vaghela is your ‘friendly neighbourhood cyberman’ in all respects. This cyber-whiz has notched up impressive achievements like helping the Crime Branch solve the blast cases in Ahmedabad and Mumbai by tracing emails sent by terrorists. He is also credited with solving a number of cases involving fake Orkut profiles as well as SMS spoofing.
Sunny is now an acclaimed internet security expert, regularly invited to speak on his subject at podiums in India and abroad. It was interesting to learn that he started off by learning the basics of hacking while still in school. Techgoss spoke to Sunny Vaghela, and here is our conversation.
Techgoss (TG): What is your background? How did you come to be interested and then become an expert in your present field, viz. internet security?
Sunny Vaghela (SV): I have a degree in computer engineering which I have completed in 2008 from Nirma University. My interest in cyber security started on being the victim of a phishing attack while I was in my Class XI. I was disturbed quite a bit by this and made the effort to learn the entire process of hacking. This became a passion with me and I spent about 12 hours on this daily during those times. Then I joined the engineering course, which enhanced my interest in various projects that could be taken up as a computer engineer. I have tried to do unique projects all along and have presented research papers at state and national levels during my college days. In my first year, I took ‘hacking’ as a project and tried doing it to myself. This was a topic that no one else in the group had attempted and so got a lot of attention. In my second year, I took up a project based on sms control systems and found several loop holes in the mobile networks which could lead to SMS and call forging, which was selected at the national level, and gave me a lot of limelight at a very young age. In my third year, it was the time when many of us in India were getting into using networking websites like Orkut. I found that there were two major loopholes in the Orkut which meant that anybody’s id could be hacked. My work on this was appreciated a lot and the Orkut people came and met me at Ahmedabad to discuss the issue. The fourth year project was about Internet Protocol Techniques. All this brought me the Rajiv Gandhi Young Achiever’s Award while in my fourth year of college. So, I could say that life as a student who is interested in the technical aspects of Internet and its peripherals has been rewarding. I have always yearned to do something different, and my life now is exactly that. Become different, that is my motto.
TG: What are the general failures in internet securities you see in the Indian context? How can one maintain a minimum safety on the net?
SV: We in India are not very knowledgeable about security on the internet. So unless you educate yourself, and follow certain ground rules, life on the internet can be tough and stressful.I would say these points would help:
Don’t give your password on insecure sites, for e.g., a place where you sign up for something using your email and have to provide a password along with it.
Don’t use the same password in all your email accounts. Also use strong passwords which aren’t guessable, like your date of birth, your phone number and so on…
While downloading files, be very careful and install a good anti-virus and use it regularly. This is because, malicious software often make backdoor entries to your PC while downloading.
Also use licensed software which will ensure that the updates that take care of the latest risks are accommodated. In India, pirated software is commonly used by a majority, which increases the risk.
TG: What is your experience with cyber crime investigation?
SV: I was able to help the Crime Branch in an investigation where I facilitated solving 3 long pending cases, while I was in my third year. I then went on to help them solve 15 Cyber Crime cases including a Phishing case, the biggest data theft case, an espionage case, a credit card fraud case, several Orkut fake profile impersonation cases etc in a matter of 7 months. I was able to trace the location of sending of the terror emails in the Ahmedabad blast case. I have also helped the Mumbai attack case investigation by providing confidential information relating to the cyber part of the crime.
TG: What do you really do now?
SV: I am now an independent Internet Security Consultant and running a Consulting & Training firm based in Ahmedabad with its operations all across India. I go round on invites to speak on my field of expertise. I have also started a Certified Training Program on Ethical Hacking, Cyber Crime Investigation & Forensics at Ahmedabad & various centers across Gujarat,
TG: We heard about the NGO you have started. Tell us more about it
SV: The aim is to put up a website which will deal with complaints of the cyber variety. We hope this will be functional in about a month. If you have been a victim of a cyber crime, you can approach us through this website for help. Register on the site, post your problem here and we will try our best to help you. And you can also check for similar crimes that have happened to other people. You will get all this help without paying anything. The best part of this will be that all the info collected through this will be supplied to the police cyber cells, so that repetitions of such crimes can be monitored and controlled. The Orkut fake profiles and other cases are on the rise, so there will be a separate section for Orkut cases. We are working on some legal formalities of jurisdictions here. Not all states have cyber cells, so sometimes cyber cells cannot cross borders on cases. Also, in the Orkut cases, most people don’t want to approach the police directly, fearing bad publicity.
TG: What future plans do you have in cyber sleuthing and cyber security education?
SV: I plan to take a master’s degree at a university abroad, perhaps in 2-3 years. Meanwhile I am into internet security consultancy. We have a scheme planned where we will hack your website with your permission, and find out its vulnerable points. Then we will offer you an internet security package based on our findings. I already take classes on ethical hacking which has a good response from a variety of fields, not just computer aficionados.
Sunny Vaghela has already taken India by storm and is in preparation to conquer the world. Visit his website to know more.