Skeletons in Hyderabad's cyber-closet - PART ONE?

04/11/2009 Written by Roberto Preatoni

Once upon a time, back in year 2003 the Indian news­pa­per The Times of India pub­lished a strange arti­cle titled “Hack­ers strike sites at will, govt helpless”

The story was about an Amer­i­can hacker (named Der­ren War­ren, the name in the arti­cle was changed by his request) hired by an undis­closed secu­rity com­pany located in Hyder­abad. The man­ager of this com­pany asked Der­ren to per­form hack­ing activites against India’s crit­i­cal gov­ern­ment servers, being this job cov­ered by a reg­u­lar pen­e­tra­tion test con­tract. Der­ren dili­gently per­formed the assigned tasks, suc­cess­fully com­pro­mis­ing sev­eral servers and as a proof of suc­cess he down­loaded from those servers a lot of crit­i­cal data.

But later on…

click on the news title to read more…

…dur­ing a follow-​up meet­ing with some gov­ern­ment rep­re­sen­ta­tives Der­ren under­stood that the meet­ing he was attend­ing was just a sales meet­ing, hav­ing the renowned Hyder­abad secu­rity company’s man­ager try­ing to sell ser­vices to India’s author­i­ties by know­ing in advance their vul­ner­a­bil­i­ties thanks to the fact that they per­formed (through Der­ren) unau­tho­rized access to India’s govt servers.

Let me refor­mule it: the secu­rity com­pany hacked the govt servers and stole data with­out being pre­vi­ously autho­rized, try­ing to use the stolen data to come up with a sales pitch.

This last part was strangely omit­ted by the jour­nal­ist, even though Der­ren was clearly stat­ing dur­ing the inter­view that he per­formed ille­gal hack­ing activ­i­ties against India’s gov­ern­ment servers orig­i­nally with­out know­ing that such activ­i­ties weren’t cov­ered by a reg­u­lar pen­e­tra­tion test­ing con­tract. Der­ren even clearly named the Hiderabad’s secu­rity com­pany to the jour­nal­ist. Despite this, the jour­nal­ist choose care­fully to write as fol­lows: “Dar­ren War­ren (name changed on request) — a US-​based hacker work­ing for a city-​based e-​security solu­tions firm — boasts he has hacked sev­eral gov­ern­ment web sites and servers at the behest of his employer.” which is a generic state­ment which didn’t cast too much of lime­light onto the Hider­abad’ secu­rity company.

Despite the journalist’s attempt of cov­er­ing up the respon­si­bil­i­ties of the secu­rity com­pany, but still being able to write a story, uncon­firmed voices within the very lit­tle world of the secu­rity started to cir­cu­late about what really hap­pened. You know, you really can’t keep secrets in this indus­try, right?

Were those voices mere spec­u­la­tions? Bla­tant lies? Or were those voices rep­re­sent­ing a not com­pletely told truth? Is there any­body out there who is in pos­sess of unconfutable evi­dences? The name of the secu­rity com­pany? We won­der what would have hap­pened if those evi­dences would have come up in the hand of the proper Watergate-​styled Indian journalist.…

Maybe one day we, but more impor­tant Indian author­i­ties, will all be blessed by know­ing the truth about that dark episode…

Maybe not.

Share this content: