The Indian Hacking Scene: Unofficial Memoirs of the Desi h4x0rs Published by Phrack
SOURCE: PHRACK
To know more about PHRACK you can visit its official site http://www.phrack.org/. For more details you can check wikipedia @ http://en.wikipedia.org/wiki/Phrack
Phrack is an ezine written by and for hackers first published November 17, 1985. Described by Fyodor as "the best, and by far the longest running hacker zine, the magazine is open for contributions by anyone who desires to publish remarkable works or express original ideas on the topics of interest. It has a wide circulation which includes both hackers and computer security professionals.
Phrack "has had its finger on the pulse of hacker culture and is considered both a handbook and a manifesto for hackers
During its first 10 years of publication, Phrack has been largely associated with the telecommunications fraud, providing material for phreakers and informing about arrests in this community through the Phrack World News feature articles.
Now the issue : #67 | Release date : 17/11/2010 | Editor : The Phrack Staff has been fully dedicated to The Indian Hacking Scene: Unofficial Memoirs of the Desi h4x0rs
1. Preamble
2. Introduction
3. Hacker Groups
4. Hacker Cons
5. Memoirs of the underground
6. Future
--[ 1 - Preamble
Jai Jawan Jai Kissan
(no it has nothing to do with the song Jai Ho :-P, just felt like writing something in Hindi). This article is a composition of interviews with/text directly taken from the hackers in the Indian underground (and the above-ground :-P). If it offends the reader in anyway.........feel free to
complain to your mom about it:-P.
--[ 2 - Introduction
Before I start I must admit that we have been really really late in the hacking scene as a whole. Some say it has to do with the cultural ethos and the prevalent business culture in India, while some propose that Indians culturally have been known as non aggressive & peace loving (Doh! Yeah right..Like the F#@$ing stereotypical dumb Indian characters in hollywood movies) and focus has been on ethical hacking and creation of software to benefit world at large rather than cause destruction. The activities of hacker groups started to emerge with the beginning of year 2K.
--[ 3 - Hacker Groups
There have been many hacker groups in India since 2k. Some are noted for their notorious behavior.
1. Indian Snakes. Indian snakes was a closed underground community of hackers who were on the top of the scene in the early 2000s. They are also noted for the YAHA worm that they had written.
2. Introduction
3. Hacker Groups
4. Hacker Cons
5. Memoirs of the underground
6. Future
--[ 1 - Preamble
Jai Jawan Jai Kissan
(no it has nothing to do with the song Jai Ho :-P, just felt like writing something in Hindi). This article is a composition of interviews with/text directly taken from the hackers in the Indian underground (and the above-ground :-P). If it offends the reader in anyway.........feel free to
complain to your mom about it:-P.
--[ 2 - Introduction
Before I start I must admit that we have been really really late in the hacking scene as a whole. Some say it has to do with the cultural ethos and the prevalent business culture in India, while some propose that Indians culturally have been known as non aggressive & peace loving (Doh! Yeah right..Like the F#@$ing stereotypical dumb Indian characters in hollywood movies) and focus has been on ethical hacking and creation of software to benefit world at large rather than cause destruction. The activities of hacker groups started to emerge with the beginning of year 2K.
--[ 3 - Hacker Groups
There have been many hacker groups in India since 2k. Some are noted for their notorious behavior.
1. Indian Snakes. Indian snakes was a closed underground community of hackers who were on the top of the scene in the early 2000s. They are also noted for the YAHA worm that they had written.
2. hacking-truths.net (2005-2008) stopped because of personal problems. Restarted in 2010. Activities malware dev/hacking.
3. h4cky0u. It started around 2003 Website: h4cky0u.org. The activities included defacing, exploit dev, botnets etc. It died in 2006 due to some personal differences between the staff. It was reopened as h4ck-y0u, sadly h4ck-y0u also stopped after one year of its existence due to cyber crime activities, financial issues. H4cky0u was started again by an American who went by the handle "Big Boss" and we haven't heard much about it after that.
4. n|u (null security community). It started in 2008 and has spread to 6 cities in India namely Bangalore, Pune, Delhi, Mumbai, Hyderabad and Bhopal. Their activities include vulnerability research, exploit dev, projects, disclosures, nullcon hacker conference. It is more of an OWASP style community sans the limitation of only web app security research. It is also registered with the Govt. Of India as a non-profit organization.
5. Andhra hackers. Started in late 2000s. It is a forum like portal. Activities include sharing security information.
6. ICW (Indian Cyber warriors) is an off-shoot of Andhrahackers and started around 2008. This is a hactivist group with activities including defacing Pakistani websites.
7. Securitytube.net. It is not a group per se. It is a portal that has lots of security videos, question/answer section much like stackoverflow. It was started somewhere around 2008 or 2009.
8. Indishell. It started in 2009. The main guys behind indishell are Lucky, mr. 52, jackh4xor, silentp0sion. It is again a hacktivist group and majorly into defacing pakistani websites. It was recently stopped due to some unknown issues and has re-emerged at the time of writing this article. Activities include defacing websites.
9. ICA (Indian Cyber army) is an off-shoot of Indishell with mostly the same staff as Indishell. It is also a defacer group. Noted for defacing sites including Pakistani ISP national telecommunication corporation pakistan
(Defaced page http://www.ntc.net.pk/news.html)
10. Fake ICA. There is yet another ICA (cyberarmy.in) which is announced as fake ICA by the actual ICA group. One glance at the website content tells you that there is some truth to what the actual ICA(indishell) guys and other say and reminds you of the infamous plagiarism cases (Ah! Any Indian h4x0r's favourite topic when they feel like bitching
about something :-P)
about something :-P)
This so called FAKE ICA ( FAKE INDIAN CYBER ARMY - Cyberarmy.in) not only misguiding the aspiring hackers & the same group particularly Mohit Kumar Vashisht linked with Inj3ct0rs, and Inj3ct0rs are known to be hacktivist as mentioned on their own official website. As in the recent past Inj3ct0rs, were troubling to hide the name of Pakistani Inj3ct0rs, (All the proofs with evidences are with author). Thehackernews is nothing but a core example of hacktivism as same Mohit Kumar Vashisht who used to disguise like a women, but when got exposed he was compelled to reveal his identity.
Due to his misdeeds and bad conduct, he has been evicted from hacker5 & unite hacker project.
This Thehackernews group is not only promoting hacktivist Inj3ct0rs & Pakistani Hackers those who are harming Indian websites but also remains in the bad books of very popular underworld magazine PHRACK. This man is not only promoting wrong deeds of hackers but also promoting hactivism.
When we had word with some of the intelligence agencies, they suggested the author to file RTI under which it become necessary for the government to digg the information and make it public.
As per the official website of Inj3ct0r http://1337db.com/team Inj3ct0r (founder r0073r) is a group of hacktivists.
Read the sensational revolution about Inj3ct0rs with their real photographs, identification and personal information in Cyber Terror book under chapter hactivism.
To read the real meaning of Hacktivism keep your eye on cat techie blog.
1. ClubHack. http://clubhack.com The first in the series of hacker cons. It is held in Pune, one of the software hubs in India. It started in 2007 and is running it's 4th edition this dec (2010).
2. nullcon. http://nullcon.net The first community driven hacking conference, organized and managed by null community members. It started this year and the next edition is in Feb 2011. It is held in Goa. The party hub of India.
3. Cocon. http://www.informationsecurityday.com/c0c0n/ 1st edition held in Aug 2010. earlier held as part of information security day. It is held in Cochin.
4. Owasp + Securitybyte Appsec Asia http://securitybyte.org. More of a corporate conference with the suited people around :-).
--[ 5 - Memoirs of the underground - By dot
=[ Past.. that's where all the nostalgia and fun lies :)
So it all started sometime during late 2001 when a new variant of Yet Another "Hello World" Application spread rapidly via mostly social engineering mails and Outlook Express invalid MIME type exploit (similar to Klez.?). AV technology was not really matured back then, Kaspersky was not there with its PDM modules or its emulation heuristics, Symantec did not conceived SONAR or its Reputation Technology, it was practically open season for anybody with some programming skills to write and spread a successful worm. But amazingly a very nice and simple HTTP ping module was built into the program which used infected systems to ping (simple GET /) certain government website across the border towards the friendly neighbourhood creating a DDoS condition. News !!! News !! News !!! Cyber War between two countries.. Beware! iNDian sNakes are here !!! Hackers hacking each other's websites. Unicode double escape? Front Page is cool, lg7 (but where is the pass? :P)? dtspcd? little they knew, early stage script kids playing with public tools and little common sense without basic
computer science background.
I don't speak for the unknown elites before me who might be able to represent the scene in a much better way than me leaving me to a 1337-wannabe state.. I don't even speak for the Indian Snakes guy(s) who taught me quite a lot during my early days but I think we started quite late. Aleph1 had already written about how to smash the stack, Solar Designer had already found and exploited a heap overflow bug, Format String exploitation technique was also known among multiple circles, the world was filled with 7350*.c.. But fortunately Security Industry was not there yet or at least not so prevalent in this part of the world. We are lucky to be driven by the curiosity hormones to explore the black arts of hacking which ofcourse later turned out to be obvious computer science with a bit of innovation and passion to solve difficult problems. I remember playing with some MSN Trojan to steal passwords, I remember installing Barok in various Cyber Cafes, I remember installing Red Hat 6.2 and feeling elite after I could connect to my dial-up internet and browse the web, infact I remember doing almost everything for being a perfect script kid. I also remember finding myself neglecting everything in life and reading Phrack during all those sleepless nights.. Smashing the stack, Voodoo Malloc Tricks, Once
upon a Free.. Then after sometime actually solving PTP/0xbadc0ded exploitation challenges and hanging around with those awesome and nice people in their IRC.. but that was kind of late, a bit surpassed the prime time for ideal initiation.
So getting back to the history part, here is how it goes: If you write a worm and leave an e-mail address in messages it drops, you are bound to get a lot of fan/hate mails. It is actually a good methodology to build a community of rebels (??) or oh well people who liked Fight Club :) I think
the creators of Yaha did not initially expected to build a community, their entire purpose was to retaliate to web defacer groups like G-Force, AIC etc. but they actually ended up building a small and highly closed/private community and am happy to have known few of them. Although we had some Israeli friends (hi root, hi dak :)) the privateness of the group actually created a problem, we were starved ! Defacing seemed boring, writing exploits for public vulnerabilities were fun but quite challenging at that time, their weapons were old and obsolete. So we decided to look around and the obvious result was #darknet :)) Haha.. dvdman, nolife and the massive
list of ops there. Immediate learning from #darknet was to idle in #phrack as well for possible 0day drops :P.. Next learning was to read ~el8 and be an anti-establishment, anti-security-industry h4x0r !! Armed with newly made l33t friends and their dropped exploits (yo! we had 0days..) it was time to restart the so called cyber war in retaliation to multiple groups spreading anti-India propaganda via defaced websites.. thus born "Indian Hackers Club" :) Along with a new group name, an IRC server was created on a box with 128kbps or so ADSL line at a friend's (hi rex) work place (truly BoFH) which later got shifted to a .il server. We began meeting like minded individuals and groups... came across with Cyber Yoddha, Hindustan Hackers Organization (IIT had massive resources for hacking huh? :P), Emperor (baap
of all h4x0rs? :)), Nirvana (our own govboi :D) and slowly our IRC idlers list grew. Just like any other similar IRC, we began exercising power, control and ego... Ops were considered to be l33t, +v dudes were considered decent and the rest were considered to be wannabe creatures for the
operator's show off needs.
Then came the day of IIS WebDAV vulnerability: Kralor probably wrote the first public exploit which we took, modified it to support different shellcodes, tested it extensively and developed an internal kiddie friendly version and so began a moderate scale defacing of friendly neighbourhood websites and confrontation with FBH (Federal Bureau of Hackers later turned
Federal Black Hats (too much PHC influence?)). Netcraft was used to find suitable targets then instant connect back shells and tftp in the backdoor and defacement page :) Later I learned FBH guys also used the similar vulnerability to deface Indian websites during that time however they
either wrote or managed to obtain a mass rooter version of it. Unfortunately (perceptions change with age though) we didn't really have a lot of CVV2s back then else we could have also used techniques like: buy a shared web space on target box and use kernel exploits (ptrace_kmod fun!) to root and deface for l33t show off. But yes, we would like to laughingly say we pwned r4t's brand new shell server before the h0no guys using trojaned exploits.. err oh well, we pwned a lot of funny people with trojaned/fake exploits. I remember once dec0der @ #ukr (or something i
forgot) told me that I change boxes like he change underwares considering I was logging in from brand new boxes every other day.
Later on many of us made friends with people at #darknet, #m00, #c/c++ and even some old timers from #phrack. One of the funny moments happened when I was working for an .eu company along with another guy hired by them and after working for a few days I found that guy is dvorak.. and we had a nice laugh.
So all in all, during my time, the underground here in India was very small and pretty much a closed group. Although we saw a couple of guys popping up with security forums or websites once in a while we never really interacted too much. We made a lot of friends world wide but the state of underground here during those days was no way significant compared to .eu or .us.
=[ The evolution.. Towards sanity
The Last Stage of Delirium (LSD-PL) changed many of us! The 5th Argus Hacking challenge, the Solaris LDT bug (reminds me of http://git.kernel.org /?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dc63b52673d71f9d 49b9d72d263a9f32df18c3ee) exploitation writeup, Win32/Unix Assembly Component Development, JVM Vulnerabilities etc were awesome and inspiring (yea I remember GOBBLES too :)) We decided its time to grow up and learn something real. Enough of (0xc0000000 - blah blah) type local stack overflows, enough of exploitation challenges (PTP was good.. ok!) and thus we created a so called Research Team with a website and a bunch of exploits written for public vulnerabilities. Proving lighthttpd header folding bug
to be exploitable was an interesting achievement (Securityfocus initially ranked it as DoS only). Learning about exploitation techniques for NULL pointer dereference kernel bugs from an .eu friend and realizing the obvious sometime before the first public exploit posted on DailyDave list
was also something to remember. Goin a bit back in the history, one of us worked on a hobby OS project (based on Bach's Design of Unix OS) which actually made rest of us (at least me) learn a lot and spend a lot of time on websites like osdever.net etc to learn something real, learning to debug an OS kernel was something which helped me solve a lot of problems in later days. Finally reached a state where the Intel Manuals seemed to be useful.
Starting from 2005 onwards or so, Security Companies started getting prevalent here, through various contacts an IPS startup contacted many of us for job offers. It was my early college days back then so I could not consider but others went ahead and that was probably the first time many of us learned to go ahead with bigger and better things in life like having a full time security job or in other words hack even when it doesn't makes you happy, although yes much later we learned hacking at workplace on a daily basis is an opportunity which is not easily achievable not just in India but throughout the world... oh I must also mention, by now we learned to use the word "hack" in a bit more "generic" and "abstract" sense :D
=[ Present.. The era of selling out..
Just like anywhere else, Security Industry is pretty much here now. A lot of security startups and moderately matured companies has been developed here working on consultant driven pentesting to security products development etc. Most of the old guys are either working either for some Security company or working as programmers in some software development
company. As far as I know, there is no significant underground here although there are people who are pretty much involved in interesting stuff but at a different scale in multinational groups. Web Application Security is so hot these days that I see most of the younger people are focusing
totally on Web Application security vulnerabilities without looking into lower level software security.
--[ 6 - Future
The recent shift in the mind set of some of the Govt. intel agencies towards opening up to the hacker community has brought about a lot of changes in the hacker scene in India. This collaboration is only going to increase the moral of the hacker community and thereby also helping the govt. in it's own way. As I mentioned we started a little late which is applicable for the Govt. as well, but as they say - better late than never. Things have started to pick up and we will see more of intel-hacker collaboration in the future which may prove to be good/bad for some, but yes the intent is to establised cyber warfare strategies and action plans,
which we will start to see in the next 5 years.
---Do you want to share you views?? Just leave a comment here. you can also drop an email on amarjit@freehacking.net--[ 5 - Memoirs of the underground - By dot
=[ Past.. that's where all the nostalgia and fun lies :)
So it all started sometime during late 2001 when a new variant of Yet Another "Hello World" Application spread rapidly via mostly social engineering mails and Outlook Express invalid MIME type exploit (similar to Klez.?). AV technology was not really matured back then, Kaspersky was not there with its PDM modules or its emulation heuristics, Symantec did not conceived SONAR or its Reputation Technology, it was practically open season for anybody with some programming skills to write and spread a successful worm. But amazingly a very nice and simple HTTP ping module was built into the program which used infected systems to ping (simple GET /) certain government website across the border towards the friendly neighbourhood creating a DDoS condition. News !!! News !! News !!! Cyber War between two countries.. Beware! iNDian sNakes are here !!! Hackers hacking each other's websites. Unicode double escape? Front Page is cool, lg7 (but where is the pass? :P)? dtspcd? little they knew, early stage script kids playing with public tools and little common sense without basic
computer science background.
I don't speak for the unknown elites before me who might be able to represent the scene in a much better way than me leaving me to a 1337-wannabe state.. I don't even speak for the Indian Snakes guy(s) who taught me quite a lot during my early days but I think we started quite late. Aleph1 had already written about how to smash the stack, Solar Designer had already found and exploited a heap overflow bug, Format String exploitation technique was also known among multiple circles, the world was filled with 7350*.c.. But fortunately Security Industry was not there yet or at least not so prevalent in this part of the world. We are lucky to be driven by the curiosity hormones to explore the black arts of hacking which ofcourse later turned out to be obvious computer science with a bit of innovation and passion to solve difficult problems. I remember playing with some MSN Trojan to steal passwords, I remember installing Barok in various Cyber Cafes, I remember installing Red Hat 6.2 and feeling elite after I could connect to my dial-up internet and browse the web, infact I remember doing almost everything for being a perfect script kid. I also remember finding myself neglecting everything in life and reading Phrack during all those sleepless nights.. Smashing the stack, Voodoo Malloc Tricks, Once
upon a Free.. Then after sometime actually solving PTP/0xbadc0ded exploitation challenges and hanging around with those awesome and nice people in their IRC.. but that was kind of late, a bit surpassed the prime time for ideal initiation.
So getting back to the history part, here is how it goes: If you write a worm and leave an e-mail address in messages it drops, you are bound to get a lot of fan/hate mails. It is actually a good methodology to build a community of rebels (??) or oh well people who liked Fight Club :) I think
the creators of Yaha did not initially expected to build a community, their entire purpose was to retaliate to web defacer groups like G-Force, AIC etc. but they actually ended up building a small and highly closed/private community and am happy to have known few of them. Although we had some Israeli friends (hi root, hi dak :)) the privateness of the group actually created a problem, we were starved ! Defacing seemed boring, writing exploits for public vulnerabilities were fun but quite challenging at that time, their weapons were old and obsolete. So we decided to look around and the obvious result was #darknet :)) Haha.. dvdman, nolife and the massive
list of ops there. Immediate learning from #darknet was to idle in #phrack as well for possible 0day drops :P.. Next learning was to read ~el8 and be an anti-establishment, anti-security-industry h4x0r !! Armed with newly made l33t friends and their dropped exploits (yo! we had 0days..) it was time to restart the so called cyber war in retaliation to multiple groups spreading anti-India propaganda via defaced websites.. thus born "Indian Hackers Club" :) Along with a new group name, an IRC server was created on a box with 128kbps or so ADSL line at a friend's (hi rex) work place (truly BoFH) which later got shifted to a .il server. We began meeting like minded individuals and groups... came across with Cyber Yoddha, Hindustan Hackers Organization (IIT had massive resources for hacking huh? :P), Emperor (baap
of all h4x0rs? :)), Nirvana (our own govboi :D) and slowly our IRC idlers list grew. Just like any other similar IRC, we began exercising power, control and ego... Ops were considered to be l33t, +v dudes were considered decent and the rest were considered to be wannabe creatures for the
operator's show off needs.
Then came the day of IIS WebDAV vulnerability: Kralor probably wrote the first public exploit which we took, modified it to support different shellcodes, tested it extensively and developed an internal kiddie friendly version and so began a moderate scale defacing of friendly neighbourhood websites and confrontation with FBH (Federal Bureau of Hackers later turned
Federal Black Hats (too much PHC influence?)). Netcraft was used to find suitable targets then instant connect back shells and tftp in the backdoor and defacement page :) Later I learned FBH guys also used the similar vulnerability to deface Indian websites during that time however they
either wrote or managed to obtain a mass rooter version of it. Unfortunately (perceptions change with age though) we didn't really have a lot of CVV2s back then else we could have also used techniques like: buy a shared web space on target box and use kernel exploits (ptrace_kmod fun!) to root and deface for l33t show off. But yes, we would like to laughingly say we pwned r4t's brand new shell server before the h0no guys using trojaned exploits.. err oh well, we pwned a lot of funny people with trojaned/fake exploits. I remember once dec0der @ #ukr (or something i
forgot) told me that I change boxes like he change underwares considering I was logging in from brand new boxes every other day.
Later on many of us made friends with people at #darknet, #m00, #c/c++ and even some old timers from #phrack. One of the funny moments happened when I was working for an .eu company along with another guy hired by them and after working for a few days I found that guy is dvorak.. and we had a nice laugh.
So all in all, during my time, the underground here in India was very small and pretty much a closed group. Although we saw a couple of guys popping up with security forums or websites once in a while we never really interacted too much. We made a lot of friends world wide but the state of underground here during those days was no way significant compared to .eu or .us.
=[ The evolution.. Towards sanity
The Last Stage of Delirium (LSD-PL) changed many of us! The 5th Argus Hacking challenge, the Solaris LDT bug (reminds me of http://git.kernel.org /?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dc63b52673d71f9d 49b9d72d263a9f32df18c3ee) exploitation writeup, Win32/Unix Assembly Component Development, JVM Vulnerabilities etc were awesome and inspiring (yea I remember GOBBLES too :)) We decided its time to grow up and learn something real. Enough of (0xc0000000 - blah blah) type local stack overflows, enough of exploitation challenges (PTP was good.. ok!) and thus we created a so called Research Team with a website and a bunch of exploits written for public vulnerabilities. Proving lighthttpd header folding bug
to be exploitable was an interesting achievement (Securityfocus initially ranked it as DoS only). Learning about exploitation techniques for NULL pointer dereference kernel bugs from an .eu friend and realizing the obvious sometime before the first public exploit posted on DailyDave list
was also something to remember. Goin a bit back in the history, one of us worked on a hobby OS project (based on Bach's Design of Unix OS) which actually made rest of us (at least me) learn a lot and spend a lot of time on websites like osdever.net etc to learn something real, learning to debug an OS kernel was something which helped me solve a lot of problems in later days. Finally reached a state where the Intel Manuals seemed to be useful.
Starting from 2005 onwards or so, Security Companies started getting prevalent here, through various contacts an IPS startup contacted many of us for job offers. It was my early college days back then so I could not consider but others went ahead and that was probably the first time many of us learned to go ahead with bigger and better things in life like having a full time security job or in other words hack even when it doesn't makes you happy, although yes much later we learned hacking at workplace on a daily basis is an opportunity which is not easily achievable not just in India but throughout the world... oh I must also mention, by now we learned to use the word "hack" in a bit more "generic" and "abstract" sense :D
=[ Present.. The era of selling out..
Just like anywhere else, Security Industry is pretty much here now. A lot of security startups and moderately matured companies has been developed here working on consultant driven pentesting to security products development etc. Most of the old guys are either working either for some Security company or working as programmers in some software development
company. As far as I know, there is no significant underground here although there are people who are pretty much involved in interesting stuff but at a different scale in multinational groups. Web Application Security is so hot these days that I see most of the younger people are focusing
totally on Web Application security vulnerabilities without looking into lower level software security.
--[ 6 - Future
The recent shift in the mind set of some of the Govt. intel agencies towards opening up to the hacker community has brought about a lot of changes in the hacker scene in India. This collaboration is only going to increase the moral of the hacker community and thereby also helping the govt. in it's own way. As I mentioned we started a little late which is applicable for the Govt. as well, but as they say - better late than never. Things have started to pick up and we will see more of intel-hacker collaboration in the future which may prove to be good/bad for some, but yes the intent is to establised cyber warfare strategies and action plans,
which we will start to see in the next 5 years.
No comments:
Post a Comment