Skeletons in Hyderabad's cyber-closet - PART ONE?

04/11/2009 Written by Roberto Preatoni

Once upon a time, back in year 2003 the Indian newspaper The Times of India published a strange article titled "Hackers strike sites at will, govt helpless"

The story was about an American hacker (named Derren Warren, the name in the article was changed by his request) hired by an undisclosed security company located in Hyderabad. The manager of this company asked Derren to perform hacking activites against India's critical government servers, being this job covered by a regular penetration test contract. Derren diligently performed the assigned tasks, successfully compromising several servers and as a proof of success he downloaded from those servers a lot of critical data.

But later on...

click on the news title to read more...

...during a follow-up meeting with some government representatives Derren understood that the meeting he was attending was just a sales meeting, having the renowned Hyderabad security company's manager trying to sell services to India's authorities by knowing in advance their vulnerabilities thanks to the fact that they performed (through Derren) unauthorized access to India's govt servers.

Let me reformule it: the security company hacked the govt servers and stole data without being previously authorized, trying to use the stolen data to come up with a sales pitch.

This last part was strangely omitted by the journalist, even though Derren was clearly stating during the interview that he performed illegal hacking activities against India's government servers originally without knowing that such activities weren't covered by a regular penetration testing contract. Derren even clearly named the Hiderabad's security company to the journalist. Despite this,  the journalist choose carefully to write as follows: "Darren Warren (name changed on request) — a US-based hacker working for a city-based e-security solutions firm — boasts he has hacked several government web sites and servers at the behest of his employer." which is a generic statement which didn't cast too much of limelight onto the Hiderabad' security company.

Despite the journalist's attempt of covering up the responsibilities of the security company, but still being able to write a story, unconfirmed voices within the very little world of the security started to circulate about what really happened. You know, you really can't keep secrets in this industry, right?

Were those voices mere speculations? Blatant lies? Or were those voices representing a not completely told truth? Is there anybody out there who is in possess of unconfutable evidences? The name of the security company? We wonder what would have happened if those evidences would have come up in the hand of the proper Watergate-styled Indian journalist....

Maybe one day we, but more important Indian authorities, will all be blessed by knowing the truth about that dark episode...

Maybe not. 

admin@zone-h.org