India - A Hackers Perspective

Recently there was cyber chaos in India media which caused IT companies and politicians to start worrying, and the people of India have finally took notice about their data privacy and online existance. After the TRAI chief R.S. Sharma challenged hackers to show what possible harm can a hacker do from his AADHAR number. Maybe the chief didn't know that the worst thing someone can do is to challenge hackers to hack, come-on sir... hackers hack.

The world knows what happened next... If you are following the infosec community you will remember the French security researcher with twitter handle Elliot Alderson. He was the one who made the chief fall on his face, but this wasn't the first time he has found bugs in UIDAI and other government sites, but this time it was big and a lot of people took note and realized the potential risk.

Hacker For a Common Man

Ask a common man in India "What is a hacker?" and for a person who is living a normal life who havent heard the word malware, trojans who thinks installing a free antivirus keeps him safe , the response is most likely this..

It isnt fair to expect much from him, internet for him is a place to send free 😂🤣, e-mails, send photos on instagram, watch some online porn and chill.

People here have not been worried about their data privacy, and thus we often find people posting pics of their new credit cards with the last digit of cvv blacked out.

They don't know it can be bruteforced in 10 tries, and we all know people use dumb passwords. Did you know that 1 out of 10 passwords has the name of a god in it, and usually include a loved ones name and their birthdate? Here, their wifi router passwords are usually still admin:admin.

When you proudly say you are a "security researcher" most people don't understand, ultimately you have to say "In short, I am a hacker, but a good guy." and the next thing follows is "Someone hacked my instagram profile few months ago, can you hack it back for me?" or maybe "I think he/she is cheating on me, can you do something?".

It happens frequently that people get into cyber fraud and lose a huge amount of money which they earned from their hardwork, and it is often found out that people realize it very late and then donot report to Cyber Cell of Police Department, hence it becomes difficult for police to get hold of the hackers.
I am not saying that people here are dumb, its just that there is no or very less cyber awareness among the common people of India.

Government Hacker

I really appreciate the Indian government for launching the Digital India campaign.
Digital India is a campaign launched by the government of India to ensure government services are made available to citizens electronically by improving online infrastructure and by increasing internet connectivity. The initiative also includes plans to connect rural areas with high-speed internet networks. Digital India consists of three core components, (a) development of secure and stable digital infrastructure, (b) delivering government services digitally, and (c) universal digital literacy.
And government has really taken the security aspect into consideration. There are now some really good security professionals and organizations hired by the government.
If you are a security researcher or a bugbounty hunter and have found a bug in any government site please do report to CERT-IN (Indian Cyber Emergency Response Team), they are really nice and professional. I myself have reported a lot of bugs to them, and I do it as a contribution to the country, you should consider it too.

I think there are some other organizations in India like the NSA, but talking about it wont be appropriate and I don't want to get into trouble 😂 🤣.

But still there are a lot of government sites that get hacked or defaced by skids in surrounding countries, so I believe security audits are what these sites and other applications need. I hope the government will take actions to ensure that whatever happened a week ago won't happen again. One thing is for sure that no other chief of any organization is going to challenge hackers openly over twitter. They can and should hire pentesters instead.

Company Hackers

This is usually the sector that needs hackers the most but isn't the case in India. There are many organizations which take security very seriously but as always, some don't care about the security, and they have been exploited.

When we report bugs to companies they don't feel it necessary to respond to emails, and will keep the bug unpatched to be later exploited.Companies should start bug bounty programs, conduct vulnurability assessments and penetration testing often.

It is mostly seen that there aren't any dedicated security teams in most of the big organizations, they rely on their sys-admins to do everything. Of course you can float on a tree trunk, but that doesn't mean you should try to cross oceans on it, right? Companies should know that sys-admins have great knowledge of securing the network, but these guys are also human, humans make mistakes and one silly mistake is all it takes to compromise a network.

Organizations should at a minimum give guidelines on their websites about the proper steps to report bugs. It's not necessary that you give a large amount of money, sometimes a gift as token of thanks or a Hall of Fame is what gives greyhats the motive to keep working.

Hackers

You will find Indian developers, programmers and IT professionals all over the world. There are a lot of them, and the number will only increase in the coming days and the same in the infosec community. The number of Indian security researchers and hackers are increasing day by day. Although there are a lot of Indin skids posting "How to hack COC, wifi." on Youtube (trust me these skids are everywhere), but there are some 1337s whom you can find in the HALL OF FAME of various companies. The community of professional Indian hackers is very helpful and informative.

There are also a lot of Indian cybersecurity companies which are emerging rapidly, a good sign for hackers as they won't have to rely on bounties for pocket money (myself included).

Ever heard of NullCon?
Nullcon is an International security conference organized by Indian security researchers and its great! Do give them a visit next year, as you will definately enjoy the talks and activities.

Summing Up

The motive of the article was to convey what the word hacker means to various parts of the Indian society. For some they are the people who are securing them, for some they are the next nightmare.

I hope India will work harder on cybersecurity, the Indian people will start changing the default passwords of their devices, and organizations will start hiring hackers.

Lets all hope,this happens!

Do comment your views, feedback on this article or msg me here.

About Me

My name is Rohan Chavan, I am 20 years old and currently studying Computer Engineering. Sometimes I work as a freelancer webdevloper but I spent most of my time on hackthebox.eu, finding bugs, and writing my own hacking tools in python and shell.
I am looking for a internship in any infosec company, if you are hiring I would love to speak with you.
You can get in touch with me - here on Twitter.

Main Image Credit : The awesome piece of artwork used to head this article is called 'Arjuna' and it was created by graphic designer Ranganath Krishnamani.