Ind-Pak hackers: Peace and War
By Ria

On Aug 15, 2010, hackers took over the website of high profile Indian businessman, politician and IPL team owner, Vijay Mallya.  The hackers posted pro Pakistani messages and signed off as Pakistan Cyber Army.  At least half a dozen national Indian media interviewed Vijay Mallya about his site being hacked. Techgoss spoke to all the key players to work out what really happened.

Over the weekend of August 21, 2010, Techgoss made contact with one of the most powerful hacker groups in the sub-continent – Pakistan Cyber Army.  On August 25, the Pakistan Cyber Army (PCA) released a statement to Techgoss clearly denying any attack on Vijay Mallya’s website.  The PCA made it clear that they dislike any such website defacement, but if Pakistan ever undergoes a critical cyber attack, they will rise to its defence.

Techgoss also interviewed super techie Gaurav who heads the Indian Cyber Warriors (ICW) and has worked closely with the Pakistan Cyber Army to prevent attacks on each other’s websites.  We had published an exclusive article on how many key Indian and Pakistani technology gurus were working together to avoid a cyber war.  (Article republished below).

There was much talk as early as August that some hackers from both countries would attack each other on the 26/11 anniversary of the terror attacks on Mumbai. And it happened.

On November 26, 2010, some members of the Indian Cyber Army (ICA) hacked more than 40 official Pakistani websites. The Indians left an image of Indian soldiers and patriotic music on the sites they hacked.  In their words, it was to pay homage to the martyrs of the Mumbai terrorist incident.

While the Indian hacker’s defacement operation of Pakistani official websites was reported in India, the Pakistani counter attack was not.  As light follows day, the Pakistani hackers attacked the very next day.  The Pakistani hackers say they hacked BSNL and more than 100 other Indian websites

Are we going to witness a full fledged cyber war again the likes of which we have not seen in the last couple of years?

(Techgoss had published the following on Sept 6, 2010)

How Ind-Pak hackers work together
By Ria and DJ

On Aug 15, 2010, hackers took over the website of high profile Indian businessman, politician and IPL team owner, Vijay Mallya.  The hackers posted pro Pakistani messages and signed off as Pakistan Cyber Army.  At least half a dozen national Indian media interviewed Vijay Mallya about his site being hacked. Techgoss spoke to all key players to work out what really happened.

On Aug 16, Techgoss (TG) had published an article speculating whether the long standing cyber cease fire between organized Indian and Pakistani hacker groups had broken down and if we were witnessing an organized hacking war again.  A couple of years ago,  powerful, well meaning hacker groups in both countries had met and worked out a cease fire in the larger interests of citizens in Pakistan and India. The Governments of India and Pakistan were not involved at any level in working out this cyber peace deal.

Over the weekend of August 21, 2010, Techgoss made contact with one of the most powerful hacker groups in the sub-continent – Pakistan Cyber Army.  On August 25, the Pakistan Cyber Army (PCA) released a statement to Techgoss clearly denying any attack on Vijay Mallya’s website.  The PCA made it clear that they dislike any such website defacement, but if Pakistan ever undergoes a critical cyber attack, they will rise to its defence.

The Pakistan Cyber Army made it a point to thank Indian super techie Gaurav who heads the Indian Cyber Warriors (ICW) for helping make the cyber peace treaty between both countries.  By all accounts, both PCA and ICW are keen to prevent anyone from defacing websites in each other’s countries.

Techgoss recently spoke to Indian Cyber Warriors’s Gaurav to understand how these powerful cyber groups operate in both countries and how they made peace.

Techgoss (TG): In previous articles, Techgoss had reported that in 2008, the Pakistan Cyber Army (PCA), Chowrangi and PAKBugs had signed a cyber peace treaty with ICW (Indian Cyber Warriors) and HMG (Hindu Militant Group)  And a joint statement between Pakistani and Indian hacker groups was published in Chowrangi about this peace treaty which held up for a long time.  Please could you tell our readers how this peace deal was worked out?
Indian Cyber Warriors (ICW): In the year 2008, after the Mumbai incident, a group of India hackers ICW - HMG got a little frustrated by the response and behaviour of Indian Govt. and the way they were handling the case.  So, they got aggressive and to show their anger and protest against the weak behaviour of the Indian Government they decided to take this war in there own hands and make some impact on there own.  The ICW – HMG first took down Pakistan’s OGRA website. And after OGRA, a series of web defacements and other network level intrusions were initiated about which no one knows till now. And thus started a new cyber war between India and Pakistan.

In the month of November, 2008, after a long series of defacement of websites from the hackers of both sides (PakBugs, ICW & HMG, and PCA), both sides realized that this is not the solution to achieve anything and neither is it going to resolve any issue. That cyber war was more like a prestige issue for the hackers of both sides. But because of some responsible hackers from both sides, PCA and ICW–HMG, took an initiative to stop the cross border attacks. The very first step was taken by PCA who sent me (r45c4l) a message to hold a meeting and talk about the possibilities to end this cyber war.

All of us did realize that ultimately because of our actions, we are causing trouble for others.  So, the guys from both the sides agreed that it is not about proving who is best or something like that. We know all of us are very talented and instead of harming and destroying resources of each other, we should get united and help each other and help our government and other agencies to improve their security. This is how the concept of peace deal came and the guys from each team, like Zombie_KSA from PakBugs, Haroon, Hamza and Abunasar from PCA, and r45c4l on behalf of ICW and HMG, agreed to release an official statement in 2008 of behalf of our teams about the peace deal and all of us apologized also for our actions and the trouble caused by us.

TG:  How much time and effort went into signing such a peace treaty in 2008?  How did such groups communicate between the two countries to sign this peace treaty? How did they manage to trust each other?
ICW:  When it comes to India and Pakistan, getting agreement on such kind of deals and forging a cyber peace agreement is not easy.  It takes a lot of effort to convince the team mates and others who give their support. But fortunately the best part is if you talk about hackers in the real sense, there are some principles and philosophy on which we believe in very strongly.  And that is what which makes us exist beyond boundaries, nationality, religion, colour and stuff like that on the basis of which ordinary people divide themselves. Fortunately we have some great people in both the teams of PCA and ICW - HMG.

The channel on which we communicate and talk to each other is very much secure as we don’t want govt. Agencies to watch on us :). So we make sure that we talk over safe channels. Most of the time we talk over private IRC servers to contact each other. Once you reach at a certain level of co-operation, few things come naturally like the respect of other hackers be it from the same country or some other country and yes the trust factor is also one part of it. Those who are seriously dedicated to this work start knowing you and respecting you, and if someone of the same level and reputation wants to contact you, he can get the details via other common hacker friends or from some communities where the entry is restricted for selected people only. So, when PCA contacted me, it was easy for them to find me because of the work done by me which is published on many security sites and blogs.  And Yes, I do have some very good hacker friends in Pakistan also.

As far as the trust factor is concerned, it is said and a well known fact that in our society (hackers society or u can say underground) the only thing which matters is "trust", because this is the only thing which gets you respect. Once you loose your trust, you lose your dignity and  all your hard work of all these years and the reputation you have is gone in a second, and then it will take you years to gain that respect and trust again. And you can say, we have that natural instinct on the basis of which we can tell after talking to someone that if we can trust them or not.

One very interesting fact is, even during tension filled situation when the hackers from both the countries worked against each other, this did not make any impact on our personal relations. At the end of the day we are good friends.

TG:  Most of us don't really know how the hacker groups in both countries operate.  Please could you give our readers a broad idea on the names of the top hacker groups in both countries? Who are the kind of people in both India and Pakistan that join such groups in both countries.  In your view,  how did the hacker wars begin before the peace treaty was signed in 2008?
ICW: Actually this is really a nice question. The thing is that a majority of people don’t know about hackers or their lifestyle and the way they work. Different people have different stories. And the majority of people thing that a ‘hacker’ is a criminal and they are bad people. But they are wrong.

There are basically 2 types of modules on which hackers work - one who work in a team and others who prefer to work alone. The concept of working alone is very much outdated now because of the advancement of technologies and the kind of security measures taken by the organizations/companies, its really a tough job for a single person to do all this alone. The best part of having a good team is that then we have different people who are masters in there respective fields, as hacking is such a big and vast concept that it’s impossible for a single person to master all those things. But still making a good team and working with them is not an easy task as hackers do have a lot of attitude problem. But anyways that’s a long story :).

About the top names of hackers from both the countries, it’s hard to take the names of all, but yes I can surely mention the name of some great hackers.

Let’s start with Pakistan: One of the most famous hackers of Pakistan is known as “Dr. Nuke”, and he is the one who actually worked during the very first India-Pakistan cyber war. After that, I will like to take the names of PCA guys- Haroon, Hamza and Abunasar. When you talk about them, you can say that they are really great hackers.  Then there are many more names too of the wannabe kids who just learned few skills like how to deface a website and all and they think themselves as l33t hackers. There are some notorious guys/groups also there, and a very fine example of Pakbugs is there in front of us. This really shows the mentality and maturity of those kids.

In India, we have a lot of great hackers like Shesh Bhai, WIPU, b0nd, beenu, Godwin etc. I am sorry, as I cant take the name of every accomplished Indian expert, otherwise the list will get too long.

In this virtual world, I am known as “r45c4l” and I am one of the founders of ICW and also used to manage the group HMG. Recently, few new groups from both the sides have come up with the name of Indishell from India and groups like PCA (of course fake one), pakhax0rs, etc.

Now if you look at the type of persons who joins these groups, it varies from group to group. Like in our ICW, all the core members are working at very senior posts in various security firms, and in our free time, that is at night we spend our most of the time for R&D and reading. There is a nice saying that "with great knowledge come great responsibilities". Same way in PCA also, all the 3 guys are working at reputed software companies. But if you look at the new emerging groups, they are all college going students, and that’s the main reason why they sometimes lack maturity and cannot see the future impact of there actions. They just jump into this because of excitement and to impress others. But whatever it is, they are doing a good job and they are working hard on polishing there skills.

Now the question that how the actual war started in 2008, it’s a kind of long story, which I will try to tell you in brief. There are few communities and groups on Orkut (HMG is also one of them), the fight started over there, and then slowly it became dirty as small group of Pakistani guys started abusing innocent girls, they started posting their morphed nude pictures, pictures of there family members, their personal details and all those kind of things. At first the group HMG tried to talk to those guys and tried to convince them that not to drag girls in all these things.  But HMG could not convince them.

At that time, I was not a regular user of Orkut or any social networking site as I have my own group of hackers from all over the world, and I used to hang out with them and work together. During that time, I had participated in few cyber wars also like between Georgia and Russia, then Albania and Serbia.

The owner of HMG is a very close friend of mine, and he asked me to come and join their group and see whats going on. This is how I started forming a team of some good hackers to take down the Pakistani sites. And then one day, we hacked OGRA. And just after that, we knew that the next target of Pakistani hackers will be ONGC only. We checked the site of ONGC and we informed the authorities about the vulnerabilities we found in the site, but they did not fix it and that is how it got defaced by PCA, and after that we all know what happened.

TG:  There are many people in both countries - politicians, businessmen, students and even techies - who believe we should have good relationships between the two countries.  Will we ever see a permanent cyber peace treaty between the hacker groups of both countries?
ICW: This is really a nice question. Politicians and bureaucrats talk a lot and make a lot of promises that we are conducting a peace dialogue or make statements like “We are a peace loving country and blah blah blah”. Because of the kind of job I have and the kind of info and real inside stories I come to know about, I am very much sure that this is an issue which is never going to be resolved.

If you talk about a permanent cyber treaty between the two countries, all I can say is that being senior and because of the good links and trust we have among each other, we are trying our best to do whatever we can do, and we will surely continue doing this. But there is always a new generation of kids who don’t actually understand the situation and circumstances, and they do such stuffs just for fun or thrills.

The only possible way I can see about the solution of this problem is if the government really comes forward and at least allows us to do something about this issue and to prevent it also in the future. But its really sad that the government still don’t take this problem seriously.

Haroon from the PCA and r45c4l from the ICW are working on this issue to make people understand and try to make a peace deal between these 2 new groups, but lets see, if they can understand our point or not.

TG:  In a statement to Techgoss,  Pakistan Cyber Army specially thanked you (Gaurav from ICW)  for helping create the peace between the two countries.  How were your views formed about Pakistan?
ICW: I would really like to thank Haroon bhai and Bozi bhai for mentioning my name in their  statement. And this is not the first time, if you will see the peace deal we made in 2008, my name is mentioned there also. Though people think that we are from opposite groups and moreover from different countries, so how something like this is possible? But thats what I said, this is the real beauty of hacking. After a certain point when you really understand the meaning of hacking, you will realize its not the religion, colour, language, appearance or anything which matters to us. The only thing which matters is knowledge. The respect and love which we have for each other is not something artificial, it comes directly from the heart. 

The concept is very similar, just as being an Indian, I love my country, same way they love there country. I have a lot of very good friends from Pakistan and even from AJK/POK .

See, the people of all the places are very nice, its just the dirty politics and sometimes the irresponsible way of reporting and portraying things by the news media, which actually causes real problem.

TG:  Currently, both the Indian and Pakistani Governments do not have the resources to hire the best computing security experts.  But the private sectors of both countries have the top techies.  Even if the leading hacker groups in both countries work out a peace treaty,  the Governments of both countries do not have the resources to stop individuals in both countries who may decide to attack websites in the other country (this applies to both countries).  How can we ensure that individuals (one person) does not create cyber attack misunderstanding between the two countries?
ICW:  This is a very genuine doubt on this issue. Lets see it by an example. Take the case of the site defacement of Vijay Mallya, the hacker had posted the name of PCA on the hacked page, but we who know PCA, we knew its not the work of PCA just by looking at the page once.

Moreover, if it would have really been done by PCA, there are friends of PCA here whom they would have told about this. Its very easy for us to understand and identify the truth and false claims made by anyone as we know each other so well and we are aware of the way they actually work.

Regarding your question about the resources with the governments of both the countries to hire good hackers, I will say according to my personal experiences and what all I have seen, governments lack the resources the infrastructure and other things which we need in case if we want to work for the government and protect our critical infrastructure. But they are simply not interested in it and the worst part, they don’t understand the danger and the scale of damage which can be caused in case a cyber war happens between the countries like India-Pak or India-China. Today, Pakistan is not a threat for us, but its china. The Chinese govt have a group of 10,000 skilled hackers working for there govt, and you can’t see anything like that in any of the agencies in India. China is a tougher target too because of the language problem, all their work is in Chinese, so it makes it very difficult for us to understand and figure out the things. This is a very sad situation and I feel really bad to say that if we talk about our capabilities and the amount of preparation for such kind of situation, we stand no where in front of China. Pakistan is a different case, so there is nothing much to worry about it as we both stand almost at the same level.