India is fast emerging as a talent hotspot for the global
cybercrime industry amid slow hiring in the traditional software industry, the
lure of easy money, and lack of law enforcement, according to computer security
experts.
Work such as hacking into computer networks and creation of
malware is being outsourced to cyber-mercenaries in India through underground
marketplaces. It is possible to rent botnets - computers controlled by a hacker
- to launch disabling attacks to bring down websites for as little as $2 (Rs
125) per hour.
"Increasingly, India is becoming not just the victim but the
host country with regard to cyber attacks," Jagdish Mahapatra, managing
director for India and SAARC at anti-virus maker McAfee, told ET. The process
has become so organized that some of these hacking services come with Live Chat
customer support, according to McAfee.
In 2012, McAfee Labs identified at least 850 separate bits of
ready-to-download malware hosted on computers in India. In the first quarter of
2013, the number had jumped to 1,100. India is ranked eighth in the world in
terms of number of attacks originating here, a report by Akamai Technologies in
May said.
"Blackhats can make a lot of money, so I'm not surprised that
we're beginning to see cybercrime markets emerge in India," said Oxblood
Ruffin, a Canadian hacktivist based in Bangalore. In Internet security
language, a blackhat refers to someone who exploits vulnerabilities in computers
with malicious intent or personal gain. In March, Norwegian telecommunications
services provider Telenor reported an intrusion into its computer networks.
Cybersecurity company Norman Shark traced that attack to India and documented
it in a whitepaper titled 'Unveiling an Indian Cyber-attack
Infrastructure'.
India has the 'skills'
"You have underground hacker forums where people post their
hacking requirement and you can bid for them and have the money transferred to
a PayPal account via a service called Perfect Money," Sarvaiya said. While
ethical hackers could earn 30,000 a mon-th legally, cybercrime fetches more
than $2,000 (Rs 1, 30,000) a month.
Perfect Money functions as an e-currency. The currency units can
be transferred between customers, whose identities can be hidden. The units can
be redeemed for cash - in dollars or euros - or gold by third-party exchange
services.
The hacker forums cannot be accessed via standard web browsers -
what is required is a special browser called a Tor Browser that allows access
to the 'hidden web' where these blackhat hackers operate.
The forums look like a social networking site designed by
death-metal fans. Attempts by ET to contact hackers on these forums were not
successful.
Some of the traits that made India the hub for sourcing technology
services are also contributing to the rise of this new dubious trade. "You
need software skills; the country has that capability. Then you need
motivation, which is the money, and the knowledge that the Indian legal system
is likely to not be able to prosecute you. These are cross-border computer
crimes, our laws have not reached that point," said Dinesh Pillai, CEO of
Mahindra Special Services Group.
There is no estimate of the number of Indian hackers for hire. And
security industry professionals said while they knew the number of attacks from
India was rising, they could not pinpoint individual attacks that could be
attributed to Indian hackers.
"It used to be the eastern European countries that had the skilled
manpower to provide hackers for hire, but now we can see that moving to
emerging economies like India and Sri Lanka where job opportunities have
shrunk," said Diwakar Dayal, who leads security sales for Cisco in South
Asia.
Hackers are also emboldened by the belief that they are unlikely
to get into trouble with the law. While there are sections in the IT Act that
govern hacking, cross-border crimes are hard to police even in the real
world.
"We have the requisite laws to try and punish such
cross-border cybercrimes, even if they are committed by foreign nationals. But
it becomes practically difficult due to the need for information sharing and
reciprocity (in case of extradition) between countries," said Dipak
Parmar, founder of Cyber-IPR.
Experts said a number of steps need to be taken if the rise in
this type of crime has to be stemmed.
"The government's cybersecurity policy is a step in the right
direction, but internet service providers also play a role. Network security
across the board has to be strengthened in the country," Cisco's Dayal
said.
No comments:
Post a Comment