When a “Hack” Becomes a Virtual Sit-In Protest
Correction: Sept 5th, 2011
I mistakenly identified Aatif Khan as being a part of the group “Anonymous India.” He wrote my colleague Kate Woodsome to say that while he follows the activities of the group, “I am not a part of Anonymous India, And Moreover I do not support Anna Hazare.” The error was entirely mine, based on a misunderstanding – our apologies.
It’s long been a curiosity: why, among all the technologically advanced nations in the world, is there so little computer hacking in India?
Now don’t get us wrong. Where-ever there’s a computer, there’s probably a hacker nearby. Internet-savvy cities like Mumbai and Delhi have untold thousands of ‘crackers’ – as hackers are sometimes referred to there. And of all the sources of fraudulent economic come-ons, India probably trails only Nigeria for the persistence and brashness of its spammers.
But on a global scale, Indian hacking – the malicious breaking of computer security to seize or corrupt data – is small peanuts compared to hacker-havens like China, Russia, pockets of Europe and South America, and of course the U.S. This issue came to mind again when I heard an interview by my colleague Kate Woodsome with Aatif Khan on something Khan called “ethical hacking.”
Khan is co-founder of a group called “Hack Defense”, and also a member of ‘Anonymous India’ – a not-so-anonymous member, it would seem. Khan told Woodsome that ‘Anonymous India’ has no connection with the larger Anonymous hacker-hive. Rather, he said it exists to practice what he calls “ethical hacking.”
Ethical what?, asked Woodsome.
It seems that Khan and others wanted to do something in support of Anna Hazare’s campaign to clean up Indian politics from its current culture of bribes and corruption. Thus ‘Anonymous India’.
“What these people are doing as a sort of protest (is) they are supporting Anna Hazare,” said Khan. “So we want to shut down the government sites. They put the website down for just one hour, just as a protest. There won’t be any data loss or any harm to the website. This is only for India, and everything is for a cause.”
Khan went on to explain that, unlike traditional hacks which steal or corrupt private data – or at least deface the target’s websites and crash their servers – his group only wants to seize control of government websites for an hour and then return control with everything unharmed. Sort of like a virtual sit-in protest. This, he says, is what makes his hacking ethical:
“Ethical hackers are the people who perform hacking with ethics; ethics in the sense that they have written permission for whatever they’re doing – they’ll have written permission. And in terms of a regular hacker, or cracker, they will be doing things without permission and he can do anything at any time. In terms of legality it is wrong to be doing these things. Indian hackers sitting in India attacking Indian websites – it doesn’t make any sense. But still they don’t want to do any harm, there is no data loss or anything. What it will be like for a particular hour is that people won’t be able to access a particular website. And these are websites that don’t have a lot of controversial data. I don’t think just to deface some website and putting your own logos (up), that won’t make any sense. That’s just for publicity or fun.”
All this leaves me with more questions. First: just who provides the written permission? Certainly not the government. Second, why is this group calling itself ‘Anonymous India’ if it doesn’t want any connection to Anonymous – and why are its members being so non-anonymous in their comments? And third: has anyone ever encountered this sort of ethical hack attack before?
Perhaps it’s no coincidence that ethical hacking – a use of illegal but non-harmful tactics in support of a larger moral issue – appears to have originated in the nation that was born from the non-violent tactics of civil disobedience.