Ethical hacking. Could there be a bigger oxymoron? But as Abhijeet Parandekar ushered me into his lab in the Asian School of Cyber Laws, Pune, he showed no signs of guilt. “This is my playground. I work for eight hours here and play after that,” he said with a grin. It was after much coaxing that the computer expert had agreed to share his secrets and teach me to hack “with ethics”. For Abhijeet, to be an ethical hacker is to be the good guy. You attack a security system on behalf of its owners, looking for weak links that a malicious hacker could exploit. In short, you know all the low tricks but use them for a better cause. And, from my experience of interviewing an ethical hacker a year ago, I also know that they are, well, quite cool. “I will first teach you how to hack passwords, then how to hack documents and then how to hack a computer,” he said with surprising matter-of-factness. So, we made an MS Word document, which he asked me to lock with a password. “It could be anything,” he said. “Fly,” I said. To hack, you need the right software. (Abhijeet refused to disclose the name of the software we were using. So if you thought I ran out of the lab and into the exciting life of a hacker, you are mistaken.) On the desktop in front of me, were numerous tools—with names like the Horse Riding, the Action and the Bleak Reader. I chose the first and clicked. In a few hundred seconds, the device dived into the sea of words that had been keyed into the system and fished out five. The third was “fly”. “Oh, god. It’s actually happening,” I said. “Yes, and it can happen in many more ways,” said Abhijeet primly. “This technique compares each word in the dictionary with the password and matches it,” he says.More mock hacking. I created documents, locked them with passwords and then prised them open. But before I got ideas about a life in crime, Abhijeet intruded to point out how each password that I had managed to crack was first given out by me. “People give out passwords on their own through different ways and the software helps us trace them. It’s near impossible to break into accounts,” he says.Lesson 2: how to gatecrash systems. The software at my disposal were Digit Byte and Counterfoil. “ What you have to do here is make a fake document out of original icons like MSWord, Internet or Photoshop and email it to the user. The moment he clicks on it, you will have access to his computer from your machine,” he says.I was hooked. So I made a fake Word document, exported it to the neighbouring computer, clicked on it and came back to my seat to watch some fun. It worked. I could see all the documents, the desktop icons and even the view through the web camera. And, mind you, the web camera on the other computer was turned off. By now, I had turned into the child who wants all the toys in the shop. So, I asked Abhijeet to go to the next step. And there I was, shutting the monitor of the neighbouring computer, opening its disc drive and shaking its screen—all while sitting on my seat. Believe me, I felt like a small cyber megalomaniac.But Abhijeet did not really care for my self-assuring smirk. “I’ve taught you just three or four tools. There are some 50 like this,” he said. It was time soon for Abhijeet to return to his playground. I walked back with a buzzing head and told myself, “Change your password, girl!” (Shveta Vashisht Gaur is a feature writer with Newsline, Pune. The names of the hacking tools have been changed in the story)
