Nutan Kumar Panda is an Information Security professional with expertise in the field of Application and Network Security currently working as an Information Security Engineer at eBay.inc. Apart from performing security assessments he has also been involved in conducting / imparting information security training. Apart from contributing to open source software, he has also written various technical papers and Co-authored ‘Hacking Web Intelligence’. vpnMentor: What is the average Internet user doing wrong? Nutan: Most of the eCommerce companies are aware of the intensive efforts to hack and steal digital information, and have been putting in great efforts to secure it. Average users are less aware of the importance of this. Data privacy is not only a matter for big companies, but rather for all of us. We all have a digital life which we need to watch and secure. We too are responsible for our privacy. Sudhanshu: Take social data, for example. People share their pet images and names, and forget that they used them to define their password for some online service. If I am a hacker, all I need to do is watch your Facebook profile, then visit another social media account and test the pet name as the secret password to see if it works. If it does, I now have all your files and personal photos. vpnMentor: What about less savvy users who don’t use online backups or many online services, and are really using just the basic services of the internet? Are they also required to pay that much attention to what they share on Facebook? Sudhanshu: It doesn’t matter if it is you, a savvy user that spend 10 hours a day online, or your mom, who only uses the Internet to read the news and check emails. If I hacked your mom’s email account, I will find there her bank account information, her social security number, and what fax machine number she is using. So from getting limited online information, I can get a lot of offline information that I can exploit. Actually, the less savvy people need to more concerned, because they don’t know how to defend themselves. Nutan: Hackers are targeting the weakest links in the chain. It is like robbers trying first to rob homes with less security, the same applies here. They find that the less technical people are easier to hack, and they target them. Sudhanshu: I think it is the also the responsibility of the government to educate users how to defend themselves online. Similar to the way governments educates citizens to keep the street clean and drive safety, they should also spread awareness about how to browse safely and protect their data. Regretfully, I am not aware of anyone doing that.
Hacking Web Intelligence: Open Source Intelligence and Web Reconnaissance Concepts and Techniques vpnMentor: Are you considered among your friends the “crazy for privacy” geeks? Sudhanshu: All my friends are from the industry… so I’m no different from others in that regard. When it comes to family, we always try to teach them to guard their privacy. My Mom keeps calling me about suspicious emails and if she can or cannot click the link that she sees. My advice to the average user is to use a secure browser and Incognito/Private mode, and to not click on links you do not trust. Also, very importantly, do not use free WiFi on public spaces. Anyone can set a WiFi network and get all the data you send and receive including your Facebook password, the emails you send out, etc. vpnMentor: Are you using a VPN service? We are not using a VPN service on a regular basis, only when there is a need for that. When we do, we use the OpenVPN protocol. We also use Tor. Not all the time, but a lot. Similarly, we use Shodan and ZoomEye instead of traditional search engines. These search engines provide access to information relevant from a InfoSec Researcher’s perspective. vpnMentor: What changes are required from users who want to live their normal life without worrying about their data being stolen, without a complete revamp of their online activity? There are a few steps that are the “minimal requirements” for today’s users. vpnMentor: What is your overall impression from the Cyber community in Israel, where you speak today? Sudhanshu: It is my second trip to Israel and I appreciate it a lot. The industry is advanced compared to the rest of the world in my experience. Nutan: If you check the startup industry in Israel, which is big on its own, you see many cyber security companies here, so the amount of Cyber security companies in Israel is really high compared with other markets. It is clear that Israeli industry takes security seriously.