Various politicians, companies, and activists are targeted by a secretive industry – See How India has become a hire-for-hack place for other countries
Hacking is identified as finding a weakness in a computer system or network to gain access to personal information. In simple terms, using a password cracking algorithm to gain access to any system. And Hackers are the person who uses such algorithms, usually skilled computer programmers with detailed knowledge of computer security. As we all know that every coin has two sides. Similarly, hacking is considered as ethical and unethical. Ethical hacking is majorly used by governments or properly authorized companies and prevents unwanted access to the system important for the country whereas Unethical hacking is illegally using that knowledge to harm the organization. We have discussed the basics, Now Let’s see how India has become a hack-for-hire hub!
It all starts with a call who surprisingly knew all about it. A Kanpur-based college student got a phone call from an unknown user, who has been searching for hacking tutorials on Google and spending a lot of time on dark web forums. It was a recruitment call. The offer was extremely simple saying that “As you are interested in hacking, Do you want to work for you and earn some extra money by hacking companies?” and after tracking the phone number which was often difficult, came from Florida.
Simultaneously, another person got a call in Kanpur, but this time the offer was direct to steal the partner list of home services providing a startup company known as Urban Clap. The person will be given Rs. 40,000 in bitcoins in exchange for the list employees working under the company. However, the second offer was refused by the hacker. He said that he often gets such requests but surprisingly it does not come via the dark web, it’s usually through WhatsApp or encrypted mail services like Tutanota or ProtonMail.
The targeted users are majorly industries, politicians, and corporate employees. The offers are not even high-level hacking, it mainly includes – email and social media account passwords. Instead of using hacking for ethical purposes, over the past few years, it has been observed that there is an increase in the number of cybercrimes in India.
According to the May 2020 Google Threat Analysis Group (TAG), the increase in hack-for-hire operations has been increasing under the formally registered firms which are majorly based in India. One example is a Delhi-based company called Belltrox InfoTech services, which is exposed by a Canadian internet security watchdog, Citizen Lab, found out that hack-for-hire has been sustained for a very long-run majorly targeting senior elected members, journalists, and even businessmen. Various researchers have been working on for years to find out the people working under the hacking operations in Belltrox. However, Belltrox is only a small part. A lot more companies are working unethically.
A deep dive in how this industry works
To set up a business like hacking unethically needs a person to first set about creating a list of clients like Belltrox used pre-created mailing lists and sent an email to them to find a response. The chance of getting a response depends on your mailing lists. Suppose if the mailing list consists of thousands of mail addresses the chances of a response increase. And creating a social media profile also helps to endorse more people to engage. During the investigation, it was found out that Belltrox created a LinkedIn profile, which was endorsed by only their clients, the profiles were usually fake. As these platforms only endorse the profiles that offer the same services it is not difficult to pinout. This profile exists though.
The chances of discovering any social media platform increases depending on the number of connections or followers that page consists of. And it is a disadvantage for the unethical users on social media to be discovered. The main hustle arises how they maintain their services on the dark web forums, finding clients, and getting out work from them. These forums are usually created on the deep web.
(The deep web means that they aren’t indexed on any search engine like Google)
But as dark as the hacking seems, India still money from HaaS (Hacking-as-a-service). Hacking is used by various freelancers and considered as a part-time job and they are even used in the real-estate sector to generate its business. This is the legitimate side of the industry. In India, there are many cybersecurity firms, which helps other companies to maintain their system security level. For instance, In 2018, a prolific French hacker Elliot Andersons helped BSNL recognizing the vulnerability in their systems.
According to the HackerOne’s Annual Report, Indian hackers are recorded as the second-highest share in bug bounties in 2018 after the US and is still at the second in 2020. Bug bounties are the rewards given to the person who identifies an error or vulnerability to a system and India took 10% of the total bug bounties payout after the US with 19%.
With India showing signs of shifting towards digital technology in the future, it is obvious that there will be an emerging legitimate growth in this sector!