An independent security researcher Rahul Sasi pocketed Rs 35,000 from the government of India-run National Technical Research Organization after he hijacked and successfully secured stealth access to a command and control centre.
The NTRO had announced the bounty to security researchers at a Nullcon ’ 13, an online security conference held in Goa recently.
“The NTRO had announced a bounty to whoever provides critical information on the command and control servers in one of the government installations in India and the prize for the bounty was Rs 35000,” Antriksh Shah the organiser and a security researcher himself, told Herald.
“It is for the first time that an Indian government agency has come forward to the community. Rahul Sasi, who incidentally was one of the speakers at the conference, was able to hack the command and control server of the ‘attackers’ and won the bounty. This clearly shows the first signs of the government and community partnership in fighting cyber crimes in the country,” Shah observed.
While details of the hacking and servers have not been revealed citing reasons of confidentiality, security researchers are happy that a precedent has been set in a country that was hitherto smug about the security of its online programmes and worse, would seek to prosecute hackers to exposed vulnerabilities.
“Details of the vulnerability and the C&C (command and control) centre were passed on the government. Nothing was touched or analysed on the C&C as that was out of scope,” Shah said seeking to allay fears that there was an existing security and that the bounty was for making systems stronger.
“The winning team was just required to show proof of stealth access which was demonstrated through a text file created on the server,” he said.
The organisers also were happy with the response from the other government officials for the conference especially Chief Minister Manohar Parrikar who at the last minute agreed to inaugurate the conference pledging to fully support cyber security initiatives.
Speaking about why he chose Goa, Shah ~who himself is born and brought up in the port town of Vasco said it was a place everybody was comfortable coming to.
“In metros, the local attendees have the burden of working while attending the conference and are more often called back to the office during the conference. Besides, there are not many avenues for exciting and different recreational activities to refresh and relax participants in a metro city,” Shah said adding that they “wanted Nullcon to be an experience in itself rather than just a plain conference and training event.” But most of all he said, “We also see Goa as an upcoming IT hub.” [H]