New Delhi today has emerged as an important hub in the Indian hacker story. A simple Google search for hackers in Delhi would throw up at least 100, if not more, privately-owned “technical” ethical-hacking institutes, which offer everything from training a school or college dropout to become a hacker to certifying him or her, as per global standards.
“Koi bhi hacker ban sakta hai…,” (anyone can be a hacker) says an owner of an “ethical hacking institute” in East Delhi. He didn’t want to be named, neither did many other hackers ET spoke to.
“We don’t look for qualifications,” he adds. “It’s growing in Delhi, and it’s growing in India.” Another ethical hacker told ET that some illegal hackers in West Delhi had been gaining notoriety for their activities.
“In Delhi, you will find ethical hackers and a lot of hackers chasing bug bounty programs,” the hacker said. Some come through the grind, dropping out of schools or colleges to get their certifications for between Rs 60,000 to Rs 100,000 from institutes.
But that’s on the good side, with a vast majority of these hackers and hackers-to-be donning their white hats. But, with the same skillset, hackers can perform illegal operations ranging from blackmails to phishing to hacking into devices, launching ransomware attacks etc.
This is what’s referred to colloquially as HaaS or “hacker as a service”. The motives range from revenge (especially in divorce cases), destroying reputations (of business rivals, for example), and surveillance.
Payment is taken in bitcoins. “Bitcoins are internationally accepted and can’t be traced. It is very common in the illegal hacking space,” says the ethical hacking institute owner.
On June 10, the going rate on the dark web for merely hacking into a social media account was valued at 0.0236 bitcoin, or Rs 20,000. Similarly, hacking a web server (a virtual private network or VPN/hosting) was pegged at 0.0359 bitcoins. VPN, increasingly used as employees work from homes (and not the secure environment of offices), is a boon to unethical hackers.
Saket Modi, co-founder & CEO, Lucideus, a digital security company says, “There are forums that people can go to, to look for someone who can hack. And there are people who are tapping into those providing HaaS services.” Lucideus is a digital security company whose clients include NPCI, ICICI Bank, Pizza Hut, and the Delhi Airport.
Covid-19, predictably, is the flavour of the season and lot of the attacks by hackers are masked as genuine Coronavirus-related information, feeding into people’s pre-existing anxieties and fears.
According to IBM X-Force, IBM’s threat intelligence group, since March 11, when Covid-19 was declared a pandemic by the WHO, there has been a…