The recent data theft by hackers from two Indian companies processing prepaid cards for several overseas banks, which led to a global fraud of $45 million, has made India's $100 billion IT industry a primary target of spam, phishing and viruses. The security breach has reopened the debate on IT security norms followed by Indian firms and the role played by 'ethical' hackers.
A gang of cyber-criminals operating in 26 countries stole $45 million by hacking their way into a database in the second week of May 2013. Another incident which happened recently is of a Rs 2.4 crore heist by cyber criminals who hacked into the Mumbai-based current account of the RPG Group of companies.
There have been many attempts by 'ethical' hackers going rogue, resulting in the breach of cyber security of companies as well as individuals, causing financial loss and damage of reputation. The $45 million heist, the News International phone hacking scandal, Indian hackers' retaliatory attack against Brazilian or Bangladeshi counterparts etc, leaves the victims defaced and robbed.
Reportedly, a group of anonymous hackers from India hacked and defaced 37 Brazilian websites. The attacks were apparently in retaliation to the April 6 cyber attacks on Indian government websites supposedly by Brazil-based hackers. Although there is a nationalistic tinge to the whole scenario, it could prove disastrous if not monitored and channelised.
Lords of Dharmaraja is also alleged to have hacked and posted a threat by uploading the secret documents, memos, and source code of Symantec's product on Pastebin.
It is indeed tough to define something as diverse as hacking. Is it ethical for any computer expert to infiltrate into another person's websites and e-mail accounts? Yes, if it is a trustful 'hacker' who uses his ethics and software expertise to strengthen his employers' security apparatus from the hackers with bad intentions. Also, if done for the cause of national security. But, if a computer wizard illegally gains access to someone's computer by pretending to be a bonafide entity for fulfilling a personal agenda, then that is a cause for serious concern.
In India, according to Microsoft, ethical hacking is synonymous with prominent names like Ankit Fadia, Sunny Vaghela, Pranav Mistry, Vivek Ramachandran, Koushik Dutta, Aseem Jakhar and a few more.
Ankit Fadia, a world-renowned ethical Indian hacker, described the cyber security threat as a menace. "Identity theft of Indian IT firms is rather common. Hackers have the potential to damage the reputation of a bonafide IT firm by stealing their identity and engaging in unscrupulous activities under the corporate garb that can have disastrous consequence and tarnish reputation. In fact, such misdemeanours could go unnoticed for years together if not detected and rectified in time," he said.
There are quite a few ethical hacking groups in India, like the Indian Cyber Army aka Indishell, Team NUTS, Team Gray Hat, Lords of Dharmaraja and the Indian Cyber Devils, that have reportedly been working to safeguards India's cyber space.
An ethical hacking group, on conditions of anonymity, revealed that even while working on a national cause, they may masquerade as an information security company to register domains or create malware in order to protect themselves and get back at their arch-rivals' information security and anti-virus companies.
Imparting ethical hacking training is treading on dangerous ground, as it raises questions like are these activities justified? Can there be a guarantee that these groups will refrain from crossing the line of mandate? And, is anyone safe in this scenario?
In India, there are a number of training institutes that empower the youth in latest ethical hacking tools and techniques. Institutes like Techdefence, K-Secure CEH, IntelleSecure Network Solutions, Crezone and Kyrion are few of them. However, the most popular certification is CEH (Certified Ethical Hacker) by an American organisation called EC Council, and training materials of almost every institute is shaped around its curriculum.
Ethical hacking ensures that the cyber security infrastructure of a private organisation as well as government bodies is robust and secure. Although ethical hackers are fast becoming a tribe in India, it is critical to monitor them along with their training institutes. Trainers need to be conscious of imparting this knowledge while setting up the curriculum. Perhaps, it would be prudent for the government to intervene in designing the curriculum and set a minimum age of 18 to shoulder responsibility of such potent knowledge.