There’s probably no answer to the last question, but in 2003, two young men sat up and decided to be the answer to the others. In the face of increasing attacks on Indian Web sites, Vineet Kumar and Rakesh Sharma decided to form a community of ethical hackers (or White Hats, as they now call themselves) to secure the country from cyber attacks-the National Anti-Hack Group (NAG). Both are highly skilled hackers, and they do it because “only hackers can prevent hack attacks,” as they say.
The Plot
At the alarmingly young age of 18, Vineet Kumar from Ranchi is now managing director and the face of NAG. His interest in cyber security and hacking goes a long way back, and during his activities in hacking groups online, he met Rakesh Sharma (now 23), then a student of computer engineering in Rajasthan. Predictably enough, the two found a common ground, and numerous-no doubt healthy-conversations later, they decided to form an organisation dedicated to protecting Indian Web sites from malicious attack. They would encourage and nurture budding hackers, making them use their powers for good, so to speak.
Enter Anup Girdhar, an independent security consultant, who, during the course of a seminar he was taking at IIT Delhi in 2004, was approached by two earnest young men with an offer he couldn’t refuse. He was sold on the idea of this budding community called NAG, and promptly agreed to join the group and lend his guidance to its members.
The Why And How
“I had taken a computer course in my 10th,” says Rakesh, “and was hooked ever since. When I started making my own Web sites, I began to take an interest in how these sites could be exploited, and started learning all I could.”
Vineet, on the other hand, got his inspiration from his father, who is himself an accomplished programmer.
Power corrupts, and the idea of being able to wreak havoc on the Internet is one that inspires evil laughs and sinister rubbing of hands. So what kept the devil at bay? “I come from a defence background, so the desire to protect my country was natural. My aim was to help India recover its hijacked sites.” And when Ankit Fadia, renowned White Hat, is one of your best friends, your goal becomes a good bit easier to achieve.
How does one go about acquiring such “1337 sk1llz,” then? For Rakesh, it’s “mostly through friends, books and participating in online hacking groups and forums.”
Trivia Interval: Colourful Hats
You’ve probably wondered at our repeated mention of the term “White Hat.” It comes from American Westerns, where the good guys would typically sport a white cowboy hat and the bad guys preferred black. So in the mean, lawless world of cyberspace, the White Hat is the force of good, the protector of the weak, the saviour of… you get the point. Then there’s the Grey Hat, who conveniently sits the fence-carrying out activities that nudge the legal boundaries ever so slightly, but doing so for a good cause such as catching a criminal.
The Cast
When he was just 14, Vineet became one of the world’s youngest Microsoft Certified Professionals. He has since obtained an embarrassingly large number of certifications-ranging from Microsoft Certified Database Administrator to Novell Certified Linux Professional. As the MD of NAG, he handles most of its administration.
Rakesh Sharma now works as a security engineer for a software firm in Bangalore. He often simulates malicious attacks on networks to test them. One of his pet peeves is the negative connotation that his “hacker” tag carries. “People don’t realise the true definition of hacking,” he says, “A hacker is just anyone who tinkers with hardware or software to see what it’s capable of.”
Acting as a mentor to NAG is Anup Girdhar, a security consultant based in New Delhi. Anup has nearly 14 years of experience in the field. He taught Vineet all he knows, and regularly conducts seminars on security and hacking.
From left to right : Anup Girdhar, Rakesh Sharma, Vineet Kumar
The Result
Today, NAG boasts of more than 2,500 members from all over the world, ranging in skill from your average newbie to some ultra-scary virus creators and reverse-engineering experts. They work as a security consultancy, advising even government sites on how to stay secure.
“We aim to create ethical hackers so that they can act as early warning system for the nation’s information infrastructure,” says Vineet: “We guide them in learning network security and ethical hacking and certify their hacking skills.” A large number of NAG’s members are in their teens and early twenties: at 29, Anup is the second-oldest!
When not grooming the hackers of the future, the NAG team helps the Government by scanning their Web sites for vulnerabilities and advises them on security-completely free of charge. They are also affiliated with the Indian Computer Emergency Response Team (www.cert-in.org.in), a wing of the Ministry of Information Technology in the effort to secure India’s sites.
If you want to learn from the experts, you can attend one of the many seminars and training sessions that they hold all over the country. Their security forum, Igniteds, is a hotbed of activity at all times, with members from all over the world discussing new and crazy hacks-from fun methods to take revenge on spammers to reverse-engineering viruses and Trojans.
The NAG Web site: www.nag.co.in
The Igniteds Security Forum Web site:
www.igniteds.net
The Clichéd Road Ahead
“Right now, we’re working on our project Abhedya-an open source effort to build the most powerful security solution in the world,” says Vineet. “Anyone can join NAG and contribute to it. We are also getting ourselves registered as an NGO.” (Which will probably have happened by the time you read this.)
So if you’d like to do your bit for the security of the Internet-or if you’re just curious to see how it works-hop away to NAG’s Web site and begin your training. Just remember-most members have the ability to make your PC beg for mercy, so don’t do anything to tick them off.