I met the 16 year old Hacker who took down StayUncle for Rs. 5000
A balmy Saturday afternoon in Delhi’s Connaught Place. Cut to an up-market café in the Inner Circle. It’s too early for the evening’s party crowd. Young couples fill most seats, cooing sweet nothings. The smell of hookah lingers. My guest is a
For the uninitiated, this New Delhi-based startup has tied up with hotels. Unmarried couples can rent rooms here for a duration as short as 8-10 hours. The idea here is to help them find affordable accommodation, minus the judgmental stares.
My chap arrives. Nope, nothing like Hollywood. No hoodies, no hesitation, no mystery music in the background. He’s a 16 year old school kid. I offer him a seat, positively shocked. What followed would make for a killer film-script.
“I got a call. He asked me to take down StayUncle and offered Rs. 5000 ($75) in return. I did it at 11 pm that night. 30 minutes in, I started reading about them (
This lad had taken down more sites than he can recall. I ask him how it feels to work as an online mercenary, accepting money from anonymous clients. “It’s common in the field of
While this may startle most of us, he says getting these 'assignments' isn't really tough, mentioning a forum where such work is readily available, HackForums. It’s an online forum to connect with a ' h4x0r' (hacker). Drop in a message. Someone accepts your assignment. Once the job is done, you pay the money. This is one among hundreds of such forums, and it’s not even Darknet.
“Everybody is anonymous. People are known only by their usernames. I typically never disclose my number. I just do my initial research, and quote the price. This guy asked if I was Indian, and then for my contact number.”
Well, they did. StayUncle’s website was pulled down by another brute-force attack a month and a half back.
“We were going crazy. Finally, I asked help from one of my cousins, a senior tech guy. He found all our ports were shut down, our securities disabled. Thankfully, our database was safe. Somebody clearly hacked into our systems again”, Sethi says.
This isn't the first time. App-based taxi hailing service Ola was allegedly hacked by a group by the name ‘TeamUnknown’.
My guest says brute-force attacks don’t help now. “A Paytm, Flipkart or Snapdeal has multiple servers. If one goes down, the other takes off. That’s server rotation. If you don’t have a lot of servers, you can’t take down theirs”, he observes.
The hour seemed to pass in the blink of an eye. My guest stood up to leave. We shook hands and parted.
A simple Google search will reveal a breeding ground for script kiddies. Most have little knowledge of the tools they use or how they work. These are ready-made and easily-found tools on the internet that can do some serious harm. The more hardcore ones can dedicate hours a day scanning the internet for computers that are vulnerable to a security hole. They can then exploit that and use what is known as a 'rootkit' to give them 'root' (or total control) over a computer.
With the likes of Ola and Paytm waking up to the value of bug bounty programmes, denial seems to be in the air. As evening fell, I couldn’t help but feel worried.
In an age where you can set up shop at the touch of a button, that’s all it takes to bring down one as well. A guy, a laptop, and 5000 bucks.
- A venture capitalist's advice for startups looking to raise money during this pandemic
- Into the wild: Epic pictures of magnificent beasts in their natural environment
- India clocks over 200,000 COVID-19 cases for a third day in a row
- Indian-origin scientist spots genes that fight Covid infection
- MLS concludes Beckham's Miami broke league budget rules