sreangsu acharyya rearranged electrons thusly:
> As far as penetration testing goes its fine, but if they ( script kiddies? )
> are the guardians of security...*ahem*.
here's what I sent the ET ...
----- Forwarded message from Suresh Ramasubramanian <[EMAIL PROTECTED]> -----
> Date: Thu, 4 Jan 2001 20:59:01 +0530 (IST)
> From: Suresh Ramasubramanian <[EMAIL PROTECTED]>
> Subject: Feedback, contributions, Printedition [Re: India enlists teen hackers
> to play cybercops]
> To: ET Editor <[EMAIL PROTECTED]>,
> WebEditor <[EMAIL PROTECTED]>
>
> Hi
>
> I read this article in the ET (and also in CNN) and could not stop
> laughing - but stopped long enough to make a few points ...
>
> http://www.cnn.com/2001/TECH/computing/01/03/india.crime.reut/index.html
> http://www.economictimes.com/today/04tech09.htm
>
> As he's advocating "teenage hackers" to break into foreign servers, here
> are a few comments ...
>
> 1. System administration and security is not a matter for 14 year old
> schoolkids ... and what they learn is often just "download this c program
> from such and such a website and run it against such and such a version of
> operating system - say redhat 6.2 - and you can get root access". That is
> just not enough. Breaking into "defence ministry servers and websites",
> most of which are running totally outdated software, is not tough at all.
>
> Mr.Mehta ludicrously claims:
>
> > "They are brilliant. They told me that within five minutes they can hack
> > the (Indian) defense ministry Web site...," he said.
>
> Since when has breaking into a completely unprotected web-site / server
> required brilliance? Any kid with programs freely available on the net
> can do this, without effort. All he needs to do is to have access to
> linux on his own computer and the relevant program (which usually comes
> with full instructions). These can be downloaded from perfectly
> respectable - and mainstream - security sites like securityfocus.com which
> are read and contributed to by sysadmins around the world.
>
> Another howler in the article is Mister Mehta saying
>
> > "The 14-year old attends school. None of them (the 19 teen-agers) have a
> > criminal record."
>
> I wonder what the 14 year old (as he is computer literate) would be doing
> if not attending school? In India, having a computer is a sure indication
> of being moderately well-off, and being educated. As for the absence of
> criminal records, we all live in a country where cybercrime is closely
> monitored and prosecuted, right?? If they break into any network, they
> are automatically subject to these very same cyberlaws, and will
> therefore have criminal records. Does Mr.Mehta intend to consign young
> kids to jail?
>
> 2. Hacking is a crime according to India's cyberlaws (and those of several
> countries around the world). It is also strictly prohibited by the terms
> of service of various networks around the world (VSNL, NICNET and ERNET
> get connectivity from Cable and Wireless, MCI and UUNET, which ban hacking
> etc etc). If it looks like NASSCOM is extending active support for such
> people, their website would get into some difficulties with regards to
> connectivity ... [actually, there was an article in late December in the
> Hindustan Times by one Mr. Ravi V Prasad recently on this concept ...
> saying that India was interested in hiring teenage hackers to carry out
> counter-terrorism by breaking into foreign networks ...]
>
> 3. If India claims to implement "cyberlaws" but encourages "teenage
> hackers" to break into systems, most server admins will calmly go to their
> routers / firewalls and block ALL Indian IPs. This is already the case -
> I can name several dozen admins (small ISPs, large corporate networks etc)
> in the USA who have blocked all of China, which has a similar "young
> hackers" program.
>
> 4. India has several insecure servers - if we advocate hacking, we will
> get hacked back. Before securing this, it is totally stupid to announce
> "we are supporting teenage hackers to attack foreign networks" is not
> wise, to say the least.
>
> Mr.Mehta seems to have (again) let his love for publicity override his
> sad inability to grasp facts.
>
> -suresh
>
> --
> Suresh Ramasubramanian + President, CAUCE India
> Stopping Spam In India + http://india.cauce.org
>
----- End forwarded message -----
--
Suresh Ramasubramanian <--> mallet <at> efn <dot> org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
----------------------------------------------
Find out more about this and other Linux India
mailing lists at http://lists.linux-india.org/
