People in country lag in cyber security awareness, says expert

Avneet Kaur

Jalandhar, July 2

Having identified and fixed two major bugs reported in websites of Foodpanda and Sulekha which risked personal information of millions of its users, city-based cyber security researcher Palvinder Singh (27) has developed an identity for himself in the digital world across the nation.

He has done bachelors technology in information technology from CT Institute and completed his certified ethical hacker diploma from Delhi in 2013. He has so far conducted hundreds of sessions on cyber security and ethical hacking across globe, including Asia, Africa and the Gulf. He has also given training to officials of the Cyber Cell Department in Delhi and the J&K Police on how to identify cyber attacks and protect confidential data from hacking.

Talking to The Tribune, Palvinder said across the globe, governments, businesses, and citizens were facing an ever-increasing risk from cyberthreats. The problem in India was that a majority of the people lag behind in cyber-security awareness. Over 40 per cent young Indians are using the same password for a lot of online services, which makes it easy for hackers to hijack accounts, websites, etc with ease.

Divulging details about how he identify such cyber bugs and fix them, Singh said it was through penetration testing in which he gets the legal access to a website and by using various tools available online the cyber team monitor post-data parameters for e-commerce websites, and as there were many features on the websites, so from different aspects the data was analysed and loopholes were found.

Sharing details of the Foodpanda breach, Palvinder, CEO, and founder of Secuneus Technologies, based in the city, said he found the bug in the website while ordering food online.

He said: “I created an account on the Foodpanda website and filled in my details but being a cyber security researcher, I was wondering about the safety of the information travelling from my browser to their web server.”

“I found that the information was travelling as plain text only and not in encrypted form which means it could be intercepted and read by anyone,” he said, adding that he then intimated Foodpanda about the security flaw and helped them get it fixed.

He said in recognition of helping the company fix this, he was awarded Rs 80,000 and given Foodpanda’s ‘Hall of Fame’ certificate, adding that the same was the problem with the Sulekha’s website in which account was taken over.

Sharing some interesting facts, Palvinder said the problem with people was that they were not aware about type of frauds other than cyber hacking.

He said people had no idea whether what was phishing, skimming devices, email bombing, spamming and web jacking which were mostly related to bank frauds.

He said: “There is a website called ‘Have I been pwned’ which helps us check whether our email id has been hacked and if hacked when and from where, but hardly people know about it,” he said, adding that awareness among the masses about cyber security was must, and before making any online transactions and registering themselves with websites they must remain alert and if they find anything fishy they must report or check with the website help desk.

Ever-increasing global threat

Talking to The Tribune, Palvinder Singh, CEO, and founder of Secuneus Technologies, said across the globe, governments, businesses, and citizens were facing an ever-increasing risk from cyberthreats. The problem in India was that a majority of the people lag behind in cyber-security awareness. Over 40 per cent young Indians are using the same password for a lot of online services, which makes it easy for hackers to hijack accounts, websites, etc with ease.