'Internet provided tutorials for hackers'

The recent case of Sunny Nehra and his hacking group, who employed data tampering to digitally shoplift e-vouchers, compromised the payment gateway systems of various commercial websites. According to cyber security experts, the data tampering hack used to be a sophisticated process requiring a special skill set but now, what would take years to master, has been reduced to mere hours, as hackers learn the art of hacking from open sources like the Internet.

In Sunny Nehra's case, he had dropped out of B Tech, yet he managed to initiate penetration attacks into the payment gateway system of many commercial websites. He had learnt the tricks of the trade by coordinating with international hacking groups, however, according to police, he had learnt about various hacking methods through the Internet.

According to Kislay Chaudhary, a cyber crime analyst who routinely advises the Delhi Police on several cases, had his first encounter with a data tampering case in 2011, when Paytm had reported that its payment gateway system had been penetrated by hackers.

"That was the first time that I came across a data tampering case in India. Later on, in the next year, a group was arrested by the Noida Police who had compromised the mobile recharge system of a company. Later on, when Paytm had recovered from the incident and now their security is updated, even if someone tries to tamper with the data, the transaction is immediately cancelled."

With the easy availability of information on the Internet, several young people can now learn the intricate art of hacking. Sunny Nehra was one such hacker who, with the help of an Alienware laptop and hacking suite Python, managed to pull-off the hack.

According to CompTia's regional director, Pradipto Chakrabarty: "These days, youngsters attend hackathons and are also members of various hacking groups that they meet online. These groups are largely ethical hacking groups employed by the state to test the security of sensitive digital infrastructure. It takes them only 50-60 hours to learn several methods of hacking and the tools are also available online."

Chakrabarty claimed that for most of these young people, hacking is like an "intoxication" and the "rush of initiating penetrative attacks" is something that they are unable to avoid. Sunny had roped in fellow hackers to form his own group and soon started coordinating with hackers from Indonesia and Amsterdam. "It's like a flying kite. These groups always welcome like- minded geeks... It is practically like a tribe," Chakrabarty added.

But the victims are yet to catch up to the hackers as various companies are yet to take cyber crimes seriously. Even if they are attacked by hackers, they seldom disclose it fearing a fall in their brand value. "I was working on a case two months ago. A company which writes the recharge scripts for various telecommunication companies had reported a hack. They had lost more than Rs one lakh in the incident. When I inquired into the state of their security, I found that they had a staff of 6-7 people, who were not even technically strong. The company has thousands of clients and they had no technical experts," said Kislay.