Shekhar is one of the 3,000-odd people in Hyderabad who make a living out of ethical hacking. They are the gatekeepers of the hundreds of software companies, including giants like Infosys, Satyam, Wipro, IBM, in the city. These highly-paid hackers are used to continuously attack and seek out vulnerable points in their systems and networks through which illegal hackers can break-in and steal software programmes, data and codes for software products that are worth millions of dollars.

Though they prefer to work anonymously, with at least one attempt made every hour to hack the servers of IT companies, banks, corporates, and even state police computers, ethical hacking is a profession that is fast picking up in Hyderabad which houses 1,600 IT companies with incalculable mega bytes of priceless data.

“Besides having their own security analysts, top companies engage ethical hackers to attack their systems and look for loopholes which hackers can take advantage of. We legally try to hack into their computers with the knowledge and agreement of the client. If there are any leaks in the system, we make suggestions to plug them,” says N Gautam, director of ETA NetServe, a Polish ethical hacking company based in Hyderabad.

“Depending on the type of agreement with the client, we keep testing their security walls, trying to penetrate into their systems from time to time. Banks would require testing every week while for some companies we do it once a month. If we find loopholes we alert them,” he says.

“These software companies have software programmes, database like lakhs of names and details of credit card holders, codes of new software products being developed etc, in their systems. If there are loopholes in the system, a hacker can steal this data online and cause immense losses. Mischief mongers not only steal data but also destroy systems by releasing viruses. Our job is to guard against this,” says Ashish Pathak, an ethical hacker.

With instances of cyber geeks and hackers penetrating the best protected systems and websites, companies are not only guarding against database painstakingly accumulated over several years or new programmes and codes being stolen, they are also wary of anyone using their networks for terror purposes like sending emails. “It is bad for the company’s reputation if data is stolen,” says Alfred David, a consultant ethical hacker.

“It is a race to stay one step ahead of the hackers. You create one foolproof firewall today and they will come with something to break it within a week,” says another hacker. Some companies are also engaging ethical hackers to keep track of emails being sent or received by their employees. “This is mostly used in a positive way — trying to find out if a useful employee is unhappy or is looking for a job in a rival company,” says a company’s executive.

“An ethical hacker has to think like an illegal hacker. In a sense he is doing the same job but legally. Only he is doing the opposite, instead of stealing anything online,” says Gautam.

Who is an ethical hacker?

Certified ethical hackers are hired when companies want someone from outside to test their systems for penetration by illegal hackers. Software engineers, B.Sc (Computer Science) graduates with degrees in certified hacking, anyone with an understanding of programmes and codes and knows how to exploit a system are into ethical hacking. Like ETA NetServe, Sify, HCL, IBM and Wipro are also providing ethical hacking services. Dell employs over 500 security analysts including ethical hackers.

What do they do?

They ensure online security to IT companies, patrol Internet highways plugging holes and preventing online crime. However, they cannot talk about their work because they are governed by No Disclosure Agreements.

What do they charge?

Ethical hackers are highly paid. Companies dish out between Rs 5 lakh, for intermittent checks over six months, to

Rs 1 crore per annum. Some ethical consultants charge on an hourly basis.