[Techie Tuesdays] From banks to web hosting companies, this techie has hacked them all
Ayush Ghosh is a programmer and hacker. He is passionate about payments and education. Being a full stack developer, he is famous for finding vulnerabilities in a private bank's online site apart from several others. Ayush is our Techie Tuesday for today.
Ayush was born and brought up in Rajgangpur, a small town in Orissa. Rajgangpur is famous for being an industrial town and is home to Orissa Cement Ltd (India), which has the largest vertical roller mill in the world. His dad was working in the cement company and money was a concern. However, his father never let him feel the burden. It was in school when Ayush experienced the magic of computers for the first time. They were not allowed to use the computers in school apart from the syllabus assigned to them.
Ayush was introduced to HTML in his high school, which further propelled him into learning programming. This newfound passion led him to skip tuitions. Ayush recalls,
"I used to go to three tuitions, but then I started skipping it and going to cyber cafe near my tuition and started spending my tuition fee there for learning. I attended only Hindi tuitions as the teacher was close to my dad and my absence would raise suspicions."
Ayush got his first PC in 2007 when he was in class 12. Since there was no internet at home, Ayush setup an arrangement with a friend who had a cyber cafe and a medical shop. Ayush would manage his cyber cafe and in return he would get to use the internet while his friend would work at the medical shop. After the tuition hours he would borrow his dongle on rent for the night.
"It was a small house, we did not have any privacy. At night I used to put a towel on me so that the light doesn't disturb other people who are sleeping."
Ayush created a database management software for his school in this manner. He made the entire software in C and C++. Since Ayush was spending most of his time on the computer, he started neglecting his studies and as a result his grades went down from 74% in matriculation to 60% in 12th grade.
Hacking systems at college
In his first year of engineering at GIET (Gandhi Institute of Engineering and Technology), Ayush hacked into the college database and got the salary of every teacher. He wrote to the dean about the lack of security, and in turn got a severe scolding and warning from him. As laptop was prohibited in the college hostel, Ayush got his PC instead and started learning there. It was a matter of time before the warden found out. As he could not confesticate the entire PC, he asked Ayush to pack it and not use it. However, he started using it and would unplug it and pack it whenever the warden would come for rounds.
It was in second year of engineering, Ayush had a company named NetTech come to their college and conduct a computer aptitude test. Ayush aced the test and was handpicked by the team for three weeks of training. He was quite disappointed that he didn't get to learn anything new. He conveyed the same to the NetTech team, they offered him to come and teach classes for the next year.
Engineering undergraduate and teaching management students
While Ayush was teaching at NetTech, he also got an opportunity to work on a project with the Intelligence Bureau. He was asked to design a honeypot which would track the phishing sites and their owners. They worked on a few IPs which were then tracked to the passport service of Pakistan.
Thus, this led him to explore more and Ayush developed a knack for finding loopholes and vulnerabilities. During this time Ayush was able to get into two US based companies, PhPGrid and ComponentOne. He was able to decrypt their databases and send them the source code. Both the companies sent him some licenses of their products in appreciation of his work.
His exploits continued further and Ayush went on to find vulnerabilities. He helped suryanandan.net to secure their servers. Suryanandan.net was the biggest hosting company in Orissa. He figured out one could create an account and then upload a shell script to run an exploit on the site. Ayush informed the team and they were able to patch their systems. He also went on to hack Orissa TV but the team considered it as offensive and it took a lot of time to convince them about what Ayush has done.
Ayush wrote several mails to another private TV channel after discovering vulnerabilities in their systems, but there was no response from them. He then wrote to their CTO, who was very cooperative and understood the gravity of the situation and helped rectify the situation. This also led to a new relationship which would prove to be of much use to both parties.
Meanwhile as part of NetTech, Ayush was teaching a networking course at XIMB (Xavier Institute of Management, Bhubaneshwar). He also designed an ethical hacking course for NetTech. After his engineering, Ayush was placed in TCS. The atmosphere at TCS was not conducive to him and he quit it soon after. Ayush, along with a friend, started Gradient Training – an assessment platform for graduates. In one year they managed to get a good stream of revenue.
It was in April 2014, Ayush got his biggest shot at fame. He hacked the online banking website of a private bank and could play around with all the settings. He told about this to his friends in the bank but no action was taken, he also wrote to the MD. Since there was no response, he wrote to the private TV channel which ran a story on the issue. Subsequently, the vulnerability was patched.
In May 2014, Ayush joined BookMyShow and helped build several systems for them. He also built the internal wallet and routing system of the company. Ayush worked for them for three months and then joined Source Easy where he worked for a year on the payment platform. Ayush quit the Source Easy team a few months back and joined Razor Pay where he is aiming to revolutionise the payment space.
Talking about his future, Ayush wants to impact education and payments space as he believes this will lead to a massive number of people coming online and ease up the transactions and bring transparency in the system.