Rajshekhar Murthy
Encyclopedia
Rajshekhar Murthy is an Indian Information security expert and social entrepreneur. Born in Kalyan, Mumbai, on 15 May 1981, he is widely known as the Blue Genius and founder of the International Malware Conference, MalCon
Malcon
MALCON is an annual information security conference focusing exclusively on malware. It aims in bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares. Unlike most hacker...

.

Early career

Murthy started his career as a freelance reverser in early 1998 before joining as an Information security Instructor in 2003 with Karrox technologies, a training company. In 2005, after a brief stint at GTL Limited, he moved to Microsoft corporation in enterprise support for Active Directory services.

Career

In 2006, he joined as a security researcher with an Indian start-up Orchidseven Infosec, a security certification body at Hyderabad. In 2006, with help of two other hackers Biswajit Behera and Kiran Nair, Rajshekhar Murthy discovered vulnerability in over 100 Government websites which was reported in the Indian Express  and the DNA Newspaper
DNA (newspaper)
Daily News and Analysis is an Indian Broadsheet published in the English language from Mumbai, Ahmedabad, Pune, Jaipur, Bangalore and Indore in India. It was Launched in July 2005, targeted at a young readership....

. During this time, he took over the organization as a CIO and shifted the corporate office of the company to the financial capital of India, Mumbai
Mumbai
Mumbai , formerly known as Bombay in English, is the capital of the Indian state of Maharashtra. It is the most populous city in India, and the fourth most populous city in the world, with a total metropolitan area population of approximately 20.5 million...

. With his work, he was eventually contacted by the Indian Intelligence agencies to work closely on securing Indian Government websites, making the organization a preferred Indian certification body in Information security.

In 2008, there was a visible spat between the ATS chief Hemant Karkare
Hemant Karkare
Hemant Karkare was the chief of the Mumbai Anti-Terrorist Squad. He was killed during the 2008 Mumbai attacks after being shot three times in the chest...

 and Rajshekhar Murthy, when the ATS chief dared hackers to break into his gmail ID. This was after Indian hackers were trying to assist in certain cases the ATS sought help on. Murthy reportedly stated in an interview with Mumbai Mirror
Mumbai Mirror
Mumbai Mirror is a largest compact newspaper in the city of Mumbai with a daily circulation of over 600,000 copies. Its first issue was published on May 30, 2005 by the Times Group, the publishers of The Times of India newspaper....

  this dare would widen the gap between hackers and the law enforcement agencies and quoted "No one is desperate to be associated with the Cyber crime cell. If he is disappointed by hackers, then I would like to know what his team or the cyber crime done to recognize or motivate the community"

In November 2008, he gave India it's youngest hacker, Shantanu Gawde. His team, along with the company was awarded by the Prime Ministers Office for their contribution.

The same month, Hemanth Karkare was killed during the 2008 Mumbai attacks
2008 Mumbai attacks
The 2008 Mumbai attacks were more than 10 coordinated shooting and bombing attacks across Mumbai, India's largest city, by Islamist attackers who came from Pakistan...

 after being shot three times in the chest. The Mumbai attacks left a deep impact on Murthy, which influenced much of his later work, including MalCon
Malcon
MALCON is an annual information security conference focusing exclusively on malware. It aims in bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares. Unlike most hacker...

 and NSD
National Security Database
National Security Database is an official program jointly developed in support with the Government of India by 'Information Sharing an Analysis Center' , to identify and maintain a verified list of credible and trustworthy Information security experts who work to protect the National Critical...

.

In 2010 Rajshekhar Murthy resigned as a CIO and joined a major telecom company.

Information Sharing and Analysis Center

Formerly known as ISACM (Information security awareness community movement), the non-profit group formed by Rajshekhar Murthy, discovered and disclosed vulnerabilities in IIT Mumbai, Pizza Hut India
Pizza Hut
Pizza Hut is an American restaurant chain and international franchise that offers different styles of pizza along with side dishes including pasta, buffalo wings, breadsticks, and garlic bread....

, Mumbai University and Jaagore.com websites, exposing over a million e-mail accounts.

However, the challenges faced in vulnerability disclosures and Incident response by the affected organizations prompted Murthy to look at the root cause of the issue. Eventually, the foundation was renamed to Information Sharing and Analysis Center (ISAC) after a few months.

Information Sharing and Analysis Center was formally incorporated as a non-profit scientific foundation under Section-25 in 2011, with the primary objective to improve sharing and collaboration between various Government intelligence and law enforcement agencies for protection of critical infrastructure and cyber space.

The foundation, endorsed by various Government organizations such as NTRO has a National level advisory board with notable representations from various organizations such as Honeynet India and Microsoft India.

Advanced Technology Contamination Research Center

As part of its mission, three major projects, MalCon and National Security Database and Technology contamination research were incepted. Under ISAC, the low profile division, "Advanced Technology Contamination Research Center" (ATCRC) was initiated to promote Indian security research.

The division was behind the famed Infected Symbian
Symbian
Symbian is a mobile operating system and computing platform designed for smartphones and currently maintained by Accenture. The Symbian platform is the successor to Symbian OS and Nokia Series 60; unlike Symbian OS, which needed an additional user interface system, Symbian includes a user...

 firmware, released at MalCon 2010. The latest research from ATCRC includes the Advanced malware for Apple products and malware for Xbox Kinect, to be showcased at MalCon 2011.

MalCon

The International Malware Conference, MalCon
Malcon
MALCON is an annual information security conference focusing exclusively on malware. It aims in bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares. Unlike most hacker...

 was founded by Rajshekhar Murthy in 2010. The first event was held in December 2010 in Mumbai, which generated huge controversies and had its share of media attention. He explained the philosophy for MalCon on its website as “Our Aim is to help the Security Industry as well as Software Industry, understand this fine ‘art’ of Malware Development (Which covers even exploits) so that they can build better and secure code, as well as work towards mitigating potential new attack vectors.”

In an interview to kerbsonsecurity, he quoted "While a conference can be done by inviting the best / well known security experts who can share statistics, slides and ‘analysis’ of malwares, it is not of any benefit to the community today except that of awareness. The need of MalCon conference is bridge that ignored gap between security companies and malcoders. They have to get on a common platform and talk to each other. Just like the concept of ‘ethical hacking’ has helped organizations to see that hackers are not all that bad, it is time to accept that ‘ethical malcoding’ is required to research, identify and mitigate newer malwares in a ‘proactive’ way".

Rajshekhar Murthy coined new security term “ethical malcoding” to differentiate between malcoders who work in the background independently or with various security firms for research and those who do it for financial gain; and another term "GuuWare" to describe software’s that may have similar attributes of a malware but are used for defensive purposes.

National Security Database

Conceived after the 2008 Mumbai attacks, National Security Database
National Security Database
National Security Database is an official program jointly developed in support with the Government of India by 'Information Sharing an Analysis Center' , to identify and maintain a verified list of credible and trustworthy Information security experts who work to protect the National Critical...

 is an official program jointly developed in support with the Government of India by 'Information Sharing an Analysis Center' (ISAC), to identify and maintain a verified list of credible and trustworthy Information security experts who work to protect the National Critical Infrastructure and cyber space of India.

The program is set for release on 26 November, the same date of the 2008 Mumbai Attacks, at the International Malware Conference, MalCon 2011 at JW Marriott, Mumbai. The program is reportedly planned to be inaugurated by Sachin pilot
Sachin Pilot
Sachin Pilot is an Indian member of Parliament. He represents the Ajmer constituency of Rajasthan and is a member of the Indian National Congress. He is presently the Minister of State in the Ministry of Communications and Information Technology.- Early life :Sachin Pilot was born in Saharanpur,...

, Minister of State in Ministry of Communications and Information Technology.

The program, with an intent to identify valued security experts has multiple specialty domains under Information security, in which professionals can apply for empanelment in the database by clearing a technical lab examination and psychometric test. In an interview with Outlook
Outlook (magazine)
Outlook is one of India's four top-selling English weekly newsmagazines. Like many other Indian magazines, it is reluctant to reveal its circulation, but the 2007 National Readership Survey suggested 1.5 million copies...

, Rajshekhar Murthy stated that it is necessary to have people who are not only competent but also have a high degree of trustworthiness and integrity. “The selection process will involve examination of references, technical skills, criminal history, and even psychological assessment to generate a credit report for security clearance.”

The program does not award any certification and provides credible recognition in form of empanelment in the database under specific security domain.

Vulnerabilities Discovered

  • Comptel InstantLink XSS
  • Oracle Siebel Loyalty 8.1 XSS
  • Omnidocs SQL Injection
  • Nikira Fraud Management System XSS
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK