Wednesday, 21 November 2012

19 year old hacks government server in India

Nikhil Thakur, a 19 year old boy from Khandwa India, got access to confidential data from the server of Bharat Sanchar Nigam Limited (BSNL). BSNL is a government owned provider of fixed telephony and is the fourth largest mobile telephony provider in India; it is also a provider of broadband services.

Thakur states that he is an ethical hacker and that he hacked the national website of BSNL in order to uncover vulnerabilities that might be taken advantage of by others.

But the police did not seem convinced. The deputy superintendent of police Deepak Thakur stated: “Hacking government websites is a punishable offence and attracts three years jail. Before proving his point, the teenager should have taken BSNL authorities and police into confidence and also BSNL should build a foolproof server so such incidents should not occur again.”

The chief general manager of BSNL was not happy about it either, stating: “Why this young boy is after BSNL! He should use his talent to build firewalls using these cases and do something constructive. Moreover we don’t have any private data on our website.”

But the fact that Nikhil was able to penetrate the official website of a government server truly shows how vulnerable sensitive data is. They should consider increasing security. They are lucky their server was hacked by an ethical hacker; the situation could be very different if it was someone else.
The site for the Central Bureau of Investigations was also hacked recently and major terrorist groups are under suspension. Nikhil claims that he didn’t use the information for personal gain. Either way, the government should take this as a warning for possible future attacks they can prevent.

Security threats have reached scary levels of sophistication. Internet crimes are becoming ever so problematic for companies all over the world. This is why businesses like BSNL should be (and many already are) looking for someone to prevent the malicious hackers breaching their customers’ confidential data, with the potential to steal billions of private data. That’s the job of a Certified Ethical Hacker.

Although Nikhil hacked the server illegally as there were no permissions, if Nikhil was to become a Certified Ethical Hackers, he would be able to legally attempt to penetrate the company’s systems, just like a hacker would, to find the loopholes in the security systems in place. A CEH will conduct a Vulnerability Assessment (VA) to find out the shortcomings in the technology.

The average salary of a Certified Ethical Hacker in the UK is £42,750 according to ITjobswatch.co.uk. As a CEH, job opportunities include working for private companies, or even the government. With the likes of Adidas, Sony and Nintendo’s security being compromised last year, more and more companies are taking their security very seriously, and looking for better ways to combat breaches of their data.

Nikhil is a BCA student in Indore and aspires to work in the IT sector.

Whats your opinion on Nikhil hacking the company to uncover its vulnerabilities? is it wrong or right?