Interview with Online Privacy Experts Mr. Sudhanshu Chauhan and Mr. Nutan Kumar Panda. Authors of “Hacking Web Intelligence”

About the authors:

Sudhanshu Chauhan is an information security professional and OSINT specialist. He has worked in the information security industry, previously as Senior security analyst at iViZ and currently as Director and Principal Consultant at Octogence Technologies. Sudhanshu has also written various articles on a wide range of topics including Cyber Threats, Vulnerability Assessment, Honeypots, Metadata etc and Co-authored ‘Hacking Web Intelligence’.

Nutan Kumar Panda is an Information Security professional  with  expertise  in  the  field  of  Application  and  Network  Security currently working as an Information Security Engineer at eBay.inc.  Apart  from  performing  security  assessments  he  has  also  been  involved  in  conducting  /  imparting  information  security  training. Apart from contributing to open source software, he  has  also  written  various  technical  papers and Co-authored ‘Hacking Web Intelligence’.

vpnMentor: What is the average Internet user doing wrong?

Nutan: Most of the eCommerce companies are aware of the intensive efforts to hack and steal digital information, and have been putting in great efforts to secure it. Average users are less aware of the importance of this. Data privacy is not only a matter for big companies, but rather for all of us. We all have a digital life which we need to watch and secure. We too are responsible for our privacy.

Sudhanshu: Take social data, for example. People share their pet images and names, and forget that they used them to define their password for some online service. If I am a hacker, all I need to do is watch your Facebook profile, then visit another social media account and test the pet name as the secret password to see if it works. If it does, I now have all your files and personal photos.

vpnMentor: What about less savvy users who don’t use online backups or many online services, and are really using just the basic services of the internet? Are they also required to pay that much attention to what they share on Facebook?

Sudhanshu: It doesn’t matter if it is you, a savvy user that spend 10 hours a day online, or your mom, who only uses the Internet to read the news and check emails. If I hacked your mom’s email account, I will find there her bank account information, her social security number, and what fax machine number she is using. So from getting limited online information, I can get a lot of offline information that I can exploit. Actually, the less savvy people need to more concerned, because they don’t know how to defend themselves.

Nutan: Hackers are targeting the weakest links in the chain. It is like robbers trying first to rob homes with less security, the same applies here. They find that the less technical people are easier to hack, and they target them.

Sudhanshu: I think it is the also the responsibility of the government to educate users how to defend themselves online. Similar to the way governments educates citizens to keep the street clean and drive safety, they should also spread awareness about how to browse safely and protect their data. Regretfully, I am not aware of anyone doing that.

Hacking Web Intelligence: Open Source Intelligence and Web Reconnaissance Concepts and Techniques

vpnMentor: Are you considered among your friends the “crazy for privacy” geeks?

Sudhanshu: All my friends are from the industry… so I’m no different from others in that regard. When it comes to family, we always try to teach them to guard their privacy. My Mom keeps calling me about suspicious emails and if she can or cannot click the link that she sees. My advice to the average user is to use a secure browser and Incognito/Private mode, and to not click on links you do not trust.  Also, very importantly, do not use free WiFi on public spaces. Anyone can set a WiFi network and get all the data you send and receive including your Facebook password, the emails you send out, etc.

vpnMentor: Are you using a VPN service?

We are not using a VPN service on a regular basis, only when there is a need for that. When we do, we use the OpenVPN protocol.

We frequently utilize Tor, albeit not constantly. In a similar vein, we often turn to Shodan and ZoomEye as opposed to conventional search engines. These specialized search platforms offer data pertinent to the needs of an InfoSec Researcher.

vpnMentor: What changes are required from users who want to live their normal life without worrying about their data being stolen, without a complete revamp of their online activity?

There are a few steps that are the “minimal requirements” for today’s users.

1. Update your operating system on mobile and desktop, whenever a new update exists.
2. Don’t use information that may be available somewhere as password (name pf pet, school etc.). A good tip would be to put a wrong answer for personal questions (wrong city where you were born, fake name of pet etc.).
3. Use 2-way authentication when possible.

vpnMentor: What is your overall impression from the Cyber community in Israel, where you speak today?

Sudhanshu: It is my second trip to Israel and I appreciate it a lot. The industry is advanced compared to the rest of the world in my experience.

Nutan: If you check the startup industry in Israel, which is big on its own, you see many cyber security companies here, so the amount of Cyber security companies in Israel is really high compared with other markets. It is clear that Israeli industry takes security seriously.