Cyber crime: Easy money, lack of deterrents amid slow job market lure Indians into hacking services

0
213

August 24, 2013

MUMBAI: India is fast emerging as a talent hotspot for the global cyber-crime industry amid slow hiring in the traditional software industry, the lure of easy money, and lack of law enforcement, according to computer security experts.

August 24, 2013

MUMBAI: India is fast emerging as a talent hotspot for the global cyber-crime industry amid slow hiring in the traditional software industry, the lure of easy money, and lack of law enforcement, according to computer security experts.

Work such as hacking into computer networks and creation of malware is being outsourced to cyber-mercenaries in India through underground marketplaces. It is possible to rent botnets – computers controlled by a hacker – to launch disabling attacks to bring down websites for as little as $2 (INR 125) per hour.

"Increasingly, India is becoming not just the victim but the host country with regard to cyber attacks," Jagdish Mahapatra, managing director for India and SAARC at anti-virus maker McAfee, told ET. The process has become so organised that some of these hacking services come with Live Chat customer support, according to McAfee.

In 2012, McAfee Labs identified at least 850 separate bits of ready-to-download malware hosted on computers in India. In the first quarter of 2013, the number had jumped to 1,100. India is ranked eighth in the world in terms of number of attacks originating here, a report by Akamai Technologies in May said.

"Blackhats can make a lot of money, so I'm not surprised that we're beginning to see cyber-crime markets emerge in India," said Oxblood Ruffin, a Canadian hacktivist based in Bangalore. In Internet security language, a blackhat refers to someone who exploits vulnerabilities in computers with malicious intent or personal gain. In March, Norwegian telecommunications services provider Telenor reported an intrusion into its computer networks. Cyber-security company Norman Shark traced that attack to India and documented it in a whitepaper titled 'Unveiling an Indian Cyber-attack Infrastructure'.

India Has the 'Skills'

"You have underground hacker forums where people post their hacking requirement and you can bid for them and have the money transferred to a PayPal account via a service called Perfect Money," Sarvaiya said. While ethical hackers could earn 30,000 a month legally, cyber crime fetches more than $2,000 (INR 1,30,000) a month.

Perfect Money functions as an e-currency. The currency units can be transferred between customers, whose identities can be hidden. The units can be redeemed for cash – in dollars or euros – or gold by third-party exchange services.

The hacker forums cannot be accessed via standard web browsers – what is required is a special browser called a Tor Browser that allows access to the 'hidden web' where these blackhat hackers operate.

The forums look like a social networking site designed by death-metal fans. Attempts by ET to contact hackers on these forums were not successful.

Some of the traits that made India the hub for sourcing technology services are also contributing to the rise of this new dubious trade. "You need software skills; the country has that capability. Then you need motivation, which is the money, and the knowledge that the Indian legal system is likely to not be able to prosecute you. These are cross-border computer crimes, our laws have not reached that point," said Dinesh Pillai, CEO of Mahindra Special Services Group.

There is no estimate of the number of Indian hackers for hire. And security industry professionals said while they knew the number of attacks from India was rising, they could not pinpoint individual attacks that could be attributed to Indian hackers.

"It used to be the eastern European countries that had the skilled manpower to provide hackers for hire, but now we can see that moving to emerging economies like India and Sri Lanka where job opportunities have shrunk," said Diwakar Dayal, who leads security sales for Cisco in South Asia.

Hackers are also emboldened by the belief that they are unlikely to get into trouble with the law. While there are sections in the IT Act that govern hacking, cross-border crimes are hard to police even in the real world.

"We have the requisite laws to try and punish such cross-border cyber crimes, even if they are committed by foreign nationals. But it becomes practically difficult due to the need for information sharing and reciprocity (in case of extradition) between countries," said Dipak Parmar, founder of Cyber-IPR.

Experts said a number of steps need to be taken if the rise in this type of crime has to be stemmed.

"The government's cyber-security policy is a step in the right direction, but Internet service providers also play a role. Network security across the board has to be strengthened in the country," Cisco's Dayal said.


Courtesy: ET