Santhosh Tuppad is a hacker and a security consultant who believes there is a very thin line between ethical and unethical hacking; it is all context based. If you are hacking on behalf of the government, do you call it ethical or unethical? He questions.
The first time I saw Santhosh was when one of his students was giving a talk at Barcamp Bangalore on security. While demonstrating vulnerability in a gifting site, he made a mistake which infuriated Santhosh. He came up on the dais and cautioned against overlooking such mistakes. “These can lead to disastrous consequences,” he said.
Santhosh’s first exposure to computers happened when he was in the sixth standard and started learning DOS and playing ‘Prince of Persia’ alongside. But his actual education began when one of his friends introduced him to the internet. They used to collect Rs 12 to visit cyber cafes and select the corner most cabin to surf the net for porn. Soon their interest was caught by games and they migrated to playing ‘Need for Speed’ then moved on to chatting on IRC.
Santhosh once hacked the dial-up at a cyber café to use free internet at home using their credentials. “I used to spend time in the cyber cafe till 10 in the night and once it was closed, I would go home and login again from 12’o clock in the night,” he confesses.
These happy times did not last long. The inflated telephone bill gave the game away and Santhosh had to deal with his dad’s temper; while his mom became suspicious about his night-time activity with the telephone.
The IRC bug
Soon Santhosh got addicted to IRC and started spending over five to six hours chatting and learning. I wanted to become an operator on IRC and as a result I started spending a lot of time there. It was futile as they did not promote him as moderator. He started his own channel and promoted it in other channels; as a result his IP address was banned. “I used to restart my computer to get a new IP address and start it all over,” Santhosh quips. To fulfill his ambition, Santhosh became a translator at DALnet – a famous IRC network and started helping them localize from English to Hindi for their help channel #Dalnethelp.
“Once I even travelled in a bus to another city to meet my IRC friends when I was in class nine,” Santhosh adds.
Moolya and Bugbounty
After his college, Santosh joined IBM tech support but quit in less than 20 days. He joined Edista Testing Institute where he met Pradeep Soundararajan (Co-founder Moolya Testing). He quit Edista after some time along with Pradeep and joined a company 3D PLM Software Solution against the advice of Pradeep, while Pradeep kept coaxing him to join him to start up. “I went for the interview in a sweatshirt while everyone was there in formal attire, I was the only one who got hired,” Santhosh adds.
Santhosh did not enjoy his job though he won many awards in the company. He resigned from the company and called Pradeep to say that he quit. Pradeep, Santhosh and Mohan Panguluri started Moolya in December 2010.
It was at this time that Santhosh started participating in Utest bug bounty program with a bug approval rate of 98% (98% of the bugs submitted by him were accepted) and soon he was promoted to the moderator of the Utest community forum. He also participated in bug battles and won the top tester and Tester of the year award for the best bug submitted out of over 50,000 testers from around the world.
Spreading knowledge for free
Santhosh conducts day-long workshops in security for free across the country, even though a basic course in computer security costs upwards of Rs. 25,000 in Bangalore, but for him it is all about passion. “I only ask people to cover for their food and the cost of the venue which is close to Rs. 500,” says Santhosh.
One of the reasons why Santhosh does it for free is that it gives him happiness. The other reason being cyber laws are not helpful in India which also discourages people to take it up as a profession.
Future and lessons learnt
Santhosh has quit Moolya and is working on his next startup at present. Talking about his lessons from the journey he says,
1) Never fear anything; you’ve got only one life
2) Raise your bar every day, compete against yourself
3) Follow your heart
Say hi to Santhosh Tuppad.