The Digital Sleuth Yogesh Ojha

A drastic advancement in technology over the past two decades has altered the way we perceive and consume information. For better or worse, it seems as though most aspects of the human experience in today’s society is gradually being digitized. Be it through sharing photos and exchanging texts on social media, or paying for an Amazon purchase from a store half-a-world-away; it seems that all things, big and small come to align within the world of technology. But just because we are en route to becoming a digital society, in no way means that the digital sphere will be one that is free of faults and errors. As a matter of fact, this new era of human lifestyle brings its own new set of challenges and fallacies. And whether we like it or not, we as consumers, will be bound to raise questions about who has access to the data that we compile and how is it being used by third parties. How much and how closely are we monitored and how does this impact our lives and choices? This is where people like Yogesh Ojha come into play. A research software engineer by profession and an ethical hacker by passion, Ojha is a person who has dedicated a large portion of his life to studying and innovating in the field of digital security. While the intricacies of Ojha’s line of work is discussed in depth later on in this story, in simpler words, Ojha professionally utilises a number of digital tools at his disposal to fight social problems ranging from cyber threats all the way to terrorism, extortion and organised crime. Besides being a digital sleuth, Ojha also runs an open-source project that goes by the name, reNgine which is a game changing digital tool that allows users to process years worth of data in mere hours.

Discovering Code:

Much like most of the first generation of digital natives, Ojha too was first introduced to the world of computers through videogames. Ojha recalls playing the popular open-world videogame, “GTA Vice City” a lot as a middle schooler. When asked how he first discovered programming, Ojha recounts, “I played GTA Vice City a lot. One day out of curiosity, I opened the Gta.exe file with the notepad application and saw some cryptic letters, a bunch of numbers, and lots of special characters! I was mesmerized to see this. This happened when I was in sixth grade. As soon as I saw those cryptic letters and a bunch of numbers, I started asking myself what could be these and how is it that I am able to play such games. As I grew up, my thirst for computers, moreover thirst for code started increasing exponentially.” In fact, Ojha shares that when his computer teacher told him that those cryptic letters were actually code that form an application, his hunger to find out more about it only grew. Ojha continues, “Growing up in far-western Nepal, internet was not really common. So, when I got back home from school that day, I stole about Rs. 500 from my father’s wallet, went to a cyber-café, and downloaded Visual Basic which became the first programing language that I learnt.” From there, the only way for Ojha to go was up. Gradually as the sixth-grader who had to sneak to the cyber-café to get programming languages grew up, he began to teach himself more. Ojha, as a young teen soon began developing his own games and program in his leisure hours while also beginning to participate and win in coding competitions. Eventually, what started out as a hobby for Ojha ended up becoming something that he would pursue as a career. After numerous hackathons, a job as a web-developer during high school, hundreds of hours of tinkering with circuit boards, and countless lines of code, Ojha finally set on studying computer engineering in Bangalore.

Nepalese citizens should understand that technology most often does not serve democratic goals and also does not achieve democratic outcomes. They most often are the tools of the powerful ones and have been serving the goals of those in power.

His education in Bangalore eventually led to working as a Cyber Security Analyst at Tata Consultancy services. This proved to be a valuable stepping stone to where Ojha is now - TRG Research and Development, a Cyprus based tech company that focuses on collecting data to better create solutions for the civilian cyberspace. When asked about what he does at TRG, Ojha replies, “I primarily focus on building intelligent cyber solutions that are helping to secure better lives of people. We are mainly focused on building cyber threat intelligence and emergency response domains. We are a data fusion company that focuses on solving problems that include organised crime, terrorism, drug cartels, extortions and many such complex challenges.” Ojha also mentions that his work in cyber security has a lot to do with Machine Learning, Artificial Intelligence and Cyber Technologies.

A digital Nepal versus the rest of the world:

“At the end of the day, computers are just really dumb machines.” Ojha jokingly states. He says that unless they are provided with instructions, they really cannot do anything on their own. The only difference between this generation of tech users and the previous one is that there is now a humongous archive of data that computers can use to learn how to perform better. Ojha acknowledges that while ultimately computers are just tools, these are technologies that will dictate how we live today and how we move towards the future. He explains that things like Machine Learning allow us to make sense of the huge data that we can collect today, while Artificial Intelligence allows technology to mimic and learn from these data findings. These developments into technology ultimate trickle down into the devices that we use and consume on a daily basis. It could be anything from something as futuristic as the autopilot system in a Tesla vehicle to something as mundane as the Netflix recommendations that you get. However, Ojha also admits that just like most other resources in the world, there are certainly nations who happen to be years ahead of the curve when it comes to acclimatising to new digital Technosphere’s. Here, our counterparts in the west as well as our neighboring nations of India and China seem to be farther down the road than us when it comes to technology. As a matter of fact, many suggest that the United States witnessed their version of a digital disruption during the early and mid-aughts. With the rise of tech companies such as Microsoft, Google, PayPal and Amazon, the North American continent had to radically readjust their central business models to accommodate the influence that tech has on the value proposition of goods and services. It is also pretty evident that nations like India and China also has their versions of digital disruption way ahead. Ojha suggests that as the countries grow more reliant on technology, they witness more consumer applications of Artificial Intelligence and Machine Learning. He explains that it could be anything from something flashy as a self-driving car or autonomous rockets, all the way to more subtle developments in fields of agriculture, healthcare and finance. Ojha shares, “Even during the Covid 19 outbreak, Machine Learning and AI have played an important role in diagnosing the Covid 19 from the clinical data. They were also used by governments and several agencies to identify the hotspots, trends and predict the spread of disease. This also played a very important role in identifying the population which is at most risk, and of course with this large population, without ML and AI, things wouldn’t have been possible.”

Will Nepal fall behind when the rest of the world progresses forward?

When asked whether or not Nepal has witnessed such a digital disruption, Ojha replies, “Nepal isn’t going to be left out either. A lot of technological advancements have happened recently in Nepal.” He explains, “I am very optimistic about digital disruption in Nepal happening very soon, probably within the next 5-8 years. With companies and startups like eSewa and Khalti playing an important role in fintech, Food Mario, UG, Sastodeal playing an important role in e-commerce and the mobile segment, and Cryptogen, Cynical, Paaila Technologies in Security and AI/Robotics, I am sure to see the disruption within the next decade.” Ojha expresses that while Nepal was late to the party, we are catching up. He even goes on to hint that with the level of curiosity some Nepali startups have shown, a digital disruption may come sooner than expected. But Nepal does however have limited resources right now, and Ojha explains that there needs to be a proactive involvement from the government to meet the innovations achieved by startups. “Not just companies, startups and teams, the government plays a very vital role in bringing in AI to the general public,” shares Ojha. According to Ojha, the way in which Nepali policymakers approach technology and artificial intelligence is crucial in deciding whether or not Nepal graduates into the technological platform just as the rest of the world. Nepali policies in regard to technology and digitization has been vague at best and defunct at worst. While comparing Nepal’s plans for a digital future to that of our neighbours, Ojha shares, “India has a well-defined set of policies by Niti Ayog, they have their own strategy for AI with the goal to make AI more inclusive and a robust plan to expand the use of AI in fields of agriculture, education, telecom and healthcare. As for China, they have their own AI strategywhich is more aggressive than India’s plan. India’s plan is more inclusive while China’s strategy is more focused on next generation surveillance, military capabilities, AI governance and AI wars.” He further dives into this saying, “In between the two of these, I feel that Nepal is left out. We absolutely do not have defined goals and strategies and I guess, that is not going to help us in the long run. It’s the need of the hour that we have a government that understands the importance of having our own strategy for things like AI and Cyber Security.”

The problems that comes with going digital:

Ojha makes a point to explain that just as technology provides solutions to a plethora of problems, it also makes room for a whole new set of problems. The catch-22 situation here being: if there are n-number of people who wish to use technology for good, then there must also be an n-number of people who wish to misuse technology. A large part of Ojha’s day job is to ensure that these new problems stay at a minimum. Ojha who has worked to resolves such issues in countries across the globe highlights that different geographic regions tend to be plagued by different tech troubles.During his work with TRG, he discovered that areas in North America and Europe are usually riddled with issues of false news, dis-information and information warfare; African nations on the other hand seem to witness a lot of transactional crime with a large number of criminal groups stemming from this region. As for our very own South-Asian subcontinent, it seems that more lax cyber laws have resulted in South-Asian countries becoming a safe haven for organised digital crimes. What is even worse is that, according to Ojha, national level disputes in this region may have also led to numerous instances of state sponsored espionage attacks. Today technology can be a wide range of atrocities as well. From ethical issues such as deep fakes to even conducting remote bombings through the use of consumer tech such as drones. But the direct dangers of technology are just the tip of the iceberg. Even within Nepal, the arrival of the technological era can result in a number of societal fallacies.Ojha points out, “With the rise in technology being an integral part of our lives, this will definitely improve the lives of people on the top of the socio-economic ladder, but this will also affect the lives of people who are on the bottom of the ladder. In Nepal, we have a huge gap between the group of people who have access to technology and those who do not.” He explains that digital disruptions would definitely play a role in widening the already huge gap between the privileged and underprivileged group in the country. Here, not just individual economics but also factors such as literacy, local languages and rural infrastructure would be a factor in alienating people from the digital sphere. Ojha also notes the role that digital disruption might have on national politics. He shares, “Nepalese citizens should understand that technology most often does not serve democratic goals and also does not achieve democratic outcomes. They most often are the tools of the powerful ones and have been serving the goals of those in power.” He emphasises that as we move forward, it is important that we focus on building inclusive technology that benefits the whole country.

Now stimulating attacks and bug bounty are not by any means a new concept. In fact, they have been around for years. But what really sets reNgine apart from the rest of the competition is how quickly and efficiently it can do these tasks.

“In the past, technology has been used as a weapon to target vulnerable populations and also target democracy. Since we have vague data security/privacy laws that do not prevent these startups and companies from collecting, storing and accessing the private data of its users, the average Nepali consumer should ask ‘Where and how my data is being stored? Who has access to it?’” explains Ojha. He further elucidates, “Weak data security and privacy law will only help those with vested interests, state sponsored attacks against us to change the outcome of elections and manipulate the general public against the government. With the growing footprint of China and India seeking to increase its strategic plans to Nepal, we should worry about the future of our democracy. While China’s engagement in Nepal isn’t new, India’s dominance isn’t new either.” Ojha in fact recounts a fairly recent incident where hackers took over the Civil Aviation Authority of Nepal (CAAN) website and displayed an Indian flag following tension after the border disputes between Nepal and India. Ojha sees this as a reminder of how unprotected a digital Nepal really is. He believes, “This was a gentle reminder that cyber war is real and Nepal soon could be a victim of it. It is high time that we focus on improving the resilience of our infrastructure and set out policies and governing laws that hold companies accountable for leaking user data.”

Working towards a solution with reNgine:

If there are problems then there will also be solutions. A few months into the global pandemic, Ojha started working on a pet project. After months of intricate coding and help from a handful of other talented coders, what resulted was a digital security tool that went by the name, ‘reNgine’. While the term ‘Automated Reconnaissance Framework’ which has been used to term reNgine, might seem daunting to understand at first glance, in laymen terms, it is basically a usable algorithm that gathers and studies any data and information pertaining to your webpage or domain. What reNgine specifically designed for is to stimulate attacks on your website to find out its flaws, and to also work for ‘bug bounty’, a process where coders for to find chinks in long stretches of code. Now stimulating attacks and bug bounty are not by any means a new concept. In fact, they have been around for years. But what really sets reNgine apart from the rest of the competition is how quickly and efficiently it can do these tasks. Bug hunting for instance is a rather tedious process because it involves running thousands of cases at time, and then sorting through all the different results for each particular case. Often times, this is a process that takes even a team of dedicated bug bounty hunters, months or even years to complete. The unique selling point for reNgine is that it is able to automate this entire process, thereby reducing what took individuals years to a matter of days if not hours. With reNgine under their tool belt, domain owners can simply simulate cyber penetration attacks and store its findings, so that they can go ahead and reinforce the fallacies that they found in their website. And the best part… Ojha has made sure that reNgine is an open-source software, meaning that anybody can access the original source code for free.

Nepali policies in regard to technology and digitization has been vague at best and defunct at worst.

Every since its first public release in July 2020, reNgine has been met with a lot of positive reviews, both nationally and internationally. People across the world loved the digital apparatus so much so that reNgine was invited to present at a number of conferences across the world; one which included the coveted Blackhat Arsenal Europe Conference. reNgine has also grown with the reviews and suggestions that it got from the international community. Ojha shares, “When it first launched, reNgine could only be used for reconnaissance, but now what it can do is something that is completely different. reNgine can now create very advanced custom queries and look up their results.” So how can Nepal make the best of reNgine? “Right now, reNgine is being used across the world by a number of different organisations to constantly monitor digital assets. If you want to scan your website every once in a day or a week, then reNgine allows you to do that.” explains Ojha. With more and more digital threats arriving at our doorstep, Ojha mentions that our government and companies can make use of reNgine to discover and patch the flaws in our digital domains before anyone else has the chance to cause harm. While the open-source nature of reNgine certainly makes it a double-edged sword that can also be used by hackers to cause harm; Ojha retains that the benefits of the tool far outweigh the harm that it might cause. Before concluding the interview, Ojha emphasises that it is high time that Nepal ups our digital security game, and with reNgine it has a shot at doing so. And if it fails to act now, it is only a matter of time before someone else will seek to use such resources against us.