Siddhesh Joshi (Editor)

Rajshekhar Murthy

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Name
  
Rajshekhar Murthy


Rajshekhar Murthy httpsuploadwikimediaorgwikipediaenthumbb

Rajshekhar murthy clubhack 2011


Rajshekhar Murthy is an Indian Information security expert and social entrepreneur. Born in Kalyan, Mumbai, on 15 May 1981, he is widely known as the Blue Genius and founder of the International Malware Conference, Malcon.

Contents

Rajshekhar Murthy Rajshekhar Murthy spacemanpo Twitter

Early career

Murthy started his career as a freelance reverser in early 1998 before joining as an Information security Instructor in 2003 with Karrox technologies, a training company. In 2005, after a brief stint at GTL Limited, he moved to Microsoft corporation in enterprise support for Active Directory services.

Career

In 2006, he started Indian technology start-up Orchidseven Infosec, a security certification body at Hyderabad. In 2006, with help of two other hackers Biswajit Behra and Kiran Nair, Rajshekhar Murthy discovered vulnerability in over 100 government websites, which was reported in the Indian Express and the DNA Newspaper.

In 2008, there was a visible spat between the ATS chief Hemant Karkare and Rajshekhar Murthy, when the ATS chief dared hackers to break into his gmail ID. This was after Indian hackers were trying to assist in certain cases the ATS sought help on. Murthy reportedly stated in an interview with Mumbai Mirror that this dare would widen the gap between hackers and the law enforcement agencies and quoted "No one is desperate to be associated with the Cyber crime cell. If he is disappointed by hackers, then I would like to know what his team or the cyber crime done to recognize or motivate the community"

In November 2008, he gave India its youngest hacker, Shantanu Gawde. His team, along with the company was awarded by the Prime Ministers Office for their contribution.

Information Sharing and Analysis Center

Formerly known as ISACM (Information security awareness community movement), the non-profit group formed by Rajshekhar Murthy, discovered and disclosed vulnerabilities in IIT Mumbai, Pizza Hut India, Mumbai University and Jaagore.com websites, exposing over a million e-mail accounts.

However, the challenges faced in vulnerability disclosures and Incident response by the affected organisations prompted Murthy to look at the root cause of the issue. Eventually, the foundation was renamed to Information Sharing and Analysis Center (ISAC) after a few months.

Information Sharing and Analysis Center was formally incorporated as a non-profit scientific foundation under Section-25 in 2011, with the primary objective to improve sharing and collaboration between various Government intelligence and law enforcement agencies for protection of critical infrastructure and cyber space.

The foundation, endorsed by various Government organisations such as NTRO has a National level advisory board with notable representations from various organisations such as Honeynet India and Microsoft India.

Advanced Technology Contamination Research Center

As part of its mission, three major projects, MalCon and National Security Database and Technology contamination research were incepted. Under ISAC, the low profile division, "Advanced Technology Contamination Research Center" (ATCRC) was initiated to promote Indian security research.

The division was behind the famed Infected Symbian firmware, released at MalCon 2010. The latest research from ATCRC includes the Advanced malware for Apple products and malware for Xbox Kinect, to be showcased at MalCon 2011.

MalCon

The International Malware Conference, Malcon was founded by Rajshekhar Murthy in 2010. The first event was held in December 2010 in Mumbai, which generated huge controversies and had its share of media attention. He explained the philosophy for MalCon on its website as "Our Aim is to help the Security Industry as well as Software Industry, understand this fine 'art' of Malware Development (Which covers even exploits) so that they can build better and secure code, as well as work towards mitigating potential new attack vectors.”

In an interview to kerbsonsecurity, he quoted "While a conference can be done by inviting the best / well known security experts who can share statistics, slides and 'analysis' of malwares, it is not of any benefit to the community today except that of awareness. The need of MalCon conference is bridge that ignored gap between security companies and malcoders. They have to get on a common platform and talk to each other. Just like the concept of 'ethical hacking' has helped organizations to see that hackers are not all that bad, it is time to accept that 'ethical malcoding' is required to research, identify and mitigate newer malwares in a 'proactive' way".

Rajshekhar Murthy coined new security term "ethical malcoding" to differentiate between malcoders who work in the background independently or with various security firms for research and those who do it for financial gain; and another term "GuuWare" to describe software's that may have similar attributes of a malware but are used for defensive purposes.

National Security Database

Conceived after the 2008 Mumbai attacks, National Security Database is an official program jointly developed in support with the Government of India by 'Information Sharing an Analysis Center' (ISAC), to identify and maintain a verified list of credible and trustworthy Information security experts who work to protect the National Critical Infrastructure and cyber space of India.

The program was released on 26 November, the same date of the 2008 Mumbai Attacks, at the International Malware Conference, MalCon 2011 at JW Marriott, Mumbai. The program is reportedly planned to be inaugurated by Sachin Pilot, Minister of State in Ministry of Communications and Information Technology.

The program, with an intent to identify valued security experts has multiple speciality domains under Information security, in which professionals can apply for empanelment in the database by clearing a technical lab examination and psychometric test. In an interview with Outlook, Rajshekhar Murthy stated that it is necessary to have people who are not only competent but also have a high degree of trustworthiness and integrity. "The selection process will involve examination of references, technical skills, criminal history, and even psychological assessment to generate a credit report for security clearance.”

The program does not award any certification and provides credible recognition in form of empanelment in the database under specific security domain.

Research

Rajshekhar Murthy discovered following vulnerabilities in major telecom products:

Vulnerabilities Discovered

  • Comptel InstantLink XSS
  • Oracle Siebel Loyalty 8.1 XSS
  • Omnidocs SQL Injection
  • Nikira Fraud Management System XSS

    • Research Papers

    Exploiting religion and occult science for Hacking

    Personal life

    Rajshekhar Murthy is presently married (October 2010) and lives in Mumbai.

    References

    Rajshekhar Murthy Wikipedia
    (Text) CC BY-SA