The setting at this Gurugram office building basement could resemble a cool startup software company, complete with bean bags, bright furniture and Red Bulls instead of coffee. A group of 5 computer professionals work around a huge table, engrossed in their laptops. But that’s where the similarity ends. The young men are busy trying to hack into one of India’s largest banks.
A race is on. The first one to hack into the bank’s system gets a few lakhs. Once inside, they could wreak havoc, moving hundreds of crores, opening and closing accounts at will and potentially do anything they want.
The silver lining — this is a group of ethical hackers hired to test the bank’s online security.
It does not take long. Less than three hours after they started, Harjeet or Harry as he is known, makes the breakthrough, hacking the main router of the bank.
“The router directs all requests from genuine online bank customers. I now have the password and control of the router. If I want, I can direct all online requests from customers to a fake site and literally trick them into giving their login and passwords to me,” Harry said, a huge grin on his face.
At the age of 22, he is the youngest in the group and everyone is happy that he has made the first break.
There is camaraderie in the group. But they also believe in healthy competition and after a few minutes of checking Harry’s progress, the rest get back to their computers to try and hack further into the bank’s systems.
“A malicious hacker will not wait for an invitation to hack. Every day, thousands of hack attempts happen on major websites but go undetected and unreported. Companies invite us to deliberately hack their systems to check vulnerabilities and plug those gaps,” said Ankush Johari, the founder of BugsBounty.
Two hours later, they managed to get deeper into the banks computer systems.
At this stage, the ethical hackers can virtually move crores across accounts, open and close accounts and practically run the bank.
“We can do a lot sitting at our homes in pyjamas than a person out with a gun,” said Mr Johri. “We do what we can to make systems secure for all of us and safe from malicious hackers.”