Interview with a Teenage Hacker

When Keith asked if anyone from the team wanted to interview a self-professed teenage hackerfrom India, I was cynical. Usually script kiddies in India who are also kids in real life suffer from delusions of grandeur along with the need to impress the fellow man his or her importance to India’s Cyber War against (who else?) Pakistan.


minhal mehdiis no different, for he is quite the teenager (but asked me to refrain from revealing his true age in this post) and has been hacking his way into some low security websites for about six months now, along with his friend and seniorNoTty_rAJ.

Minhal claims to hail from Lucknow, the capital of Uttar Pradesh and is [hopefully] a high-schooler with some years of school still left. He also believes hacking is not always a crime, and that it is an art and his passion.

He also has a blog with a single post and twelve comments from his own person about how good his hacking skills are. (Thank you Pallab!)

In his introductory email, minhal claimed to have hacked manywebsites a short list being posted here. His claim to fame, in other words, is hacking one server’s root with an SQL vulnerability.

An abridged chat transcript follows with minimal editing pertaining to minhal’s answers.

Techie-Buzz (TB): What prompted you to start hacking?

minhal: i saw many forign hackers are hacking indian website, feeling of revenge motivated me for hacking. My hacks are payback to forign hackers for hacking indian websites.

TB: Which Indian websites were hacked that motivated you?

minhal: cbi website and thousends of indian websites.

TB: But you’ve mostly hacked low-security websites whose domain registrations have expired by now.

minhal: i’m new in cyber wolrd and trying to do my best for india

TB: What kind of loopholes did you find in these websites?

minhal: shell upload vlun. or SQL vlun. i found XSS in nasa’s website.

TB: So these were from exploit-db or bugtraq, right?

minhal: nah ,, its was my own

TB: So did you hack the NASA website?

minhal: it was president Xss but XSS is too long and boring

Editorial: LulzSec, AntiSec and Why the Internet is a Sadder Place Now

About thirteen hours prior to the writing of this piece, a very special surprise bootywas dropped by the infamous hackergroup LulzSec, over Twitter. The 50 Days of Lulzstatement and the accompanying torrent link with their last bountiful booty of 812,000 emails, AOL and AT&T internal dataand some other random information hacked off several servers, signified the end of the six-man self-appointed hacktivist group.


Their almost poetic farewell message was all about saying how much they cared about the very people they chose to disrupt, and how the world is a better place now since they have shown how a common man can spread anarchy so easily (emphasis added):-

We are Lulz Security, and this is our final release, as today marks something meaningful to us.

For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.

While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you.

Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.

So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance…

Extremely magnanimous of these fellows, is it not? These fine gentlemen showed us that a small bunch of people could bring the world down to its knees, all through open exploits and SQL vulnerabilities that anyone can search for from the comforts of their establishments.


I would have tapped my hat respectfully at LulzSec if I did not know more about the entire debacle of the past fifty days.

Actually, no, I would not have tapped my hat respectfully at LulzSec at all. If I did, my name would be OddJob and I would be throwing my hat at them. Why? Because LulzSec was never a hackergroup it was a group that used to search for known exploits online, and then use them to take down, deface and otherwise maim a server or a company. In the event that there was no known exploit, they would rely on Distributed Denial of Service (DDoS) attacks using the Low Orbit Ion Cannon (LOIC) to take down a website. All of this in the name of lulzand, later, antisec/wikileaks movement.

Microsoft at the E3: Force Kinect Kinect Kinect And Oh Some More Kinect Into Everything

Do not get me wrong, I am a huge supporter of the Kinect peripheral from Microsoft. It is a revolutionary piece of hardware which will most likely pave the way for the extremely high-tech gesture-based input that we have seen in the realm Science Fiction (such as Minority Report, for example). Its use in video games for the Xbox 360 is fabulous in most cases, and is an instant party ice breaker, or a great way to relax (not really!) with friends and family. It’s the Wiimote all grown up. There have also been numerous modifications and excellent uses of this brilliant little peripheral in a lot of places.


Yes, the Kinect is a great peripheral. However, it is just that for now. The Xbox controller is still the controller for games. It worked for Nintendo when they launched the Wii. It was great it was fun and it was casual.

I would like you, Mr. Doubter-of-why-Kinect-should-not-be-in-everything to play a semi-serious game such as Star Wars: The Clone Wars using a Kinect. I had to stifle the biggest cringe of my life when the presenter jumped’ and said Lightsaber On!.

The Kinect works on some games admirably. Dance Central, for example is one of the prime reasons one should consider buying a Kinect (if one harbors a secret or open love for terpsichore). But, for some other games there is absolutely no need for it to even be there. How would you play Minecraft on an Xbox 360 with the Kinect, is my question. They way things work with Minecraft, your real arms will wear down sooner than the miner’s as you are mining for diamonds!


Of course, I understand that there will always be takers for these games since they look cool, and that everyone is entitled to their own opinion. However, going for the development of rather horrendous Kinect titles while sacrificing the development of better titles is not how a company caters to its core customer. The Kinect on Fable is not immersive, but slightly dorky. The Kinect on Star Wars looks like what my imaginary younger brother would stick his tongue out at.

What would work well (and has been put to good use) is using the Kinect as a peripheral rather than a main game controller. Perhaps using the mic to issue voice orders (like it has been implemented in Mass Effect 3), or using gestures to give orders to your AI teammates while continuing to play with the controller.

It is quite sad that Microsoft is trying desperately to cash in on the interest of the Kinect. It will lose its charm frightfully soon if it is forced down our throats in every possible way.

Are you listening, Microsoft?

Fy_Abbottabad, With Apologies To Edgar Allan Poe

Once upon a midnoon sweaty, while I pandered Counter Strike wary,
Over many a quaint and curious servers begotten from a store,
While I play’d, clearly pwning, suddenly there came a tapping,
As of some one gently rapping, rapping at my Steam chat door.
`’Tis some Scrim-er’ I muttered, `tapping at my Steam chat door –
Only this, and nothing more.’

Ah, distinctly I remember it was the server of the IndiaGunner,
And each separate dying Terrorist wrought his spray upon the floor.
Eagerly I wished for de_dust2; – vainly I had sought to burrow
From my inventory surcease of sorrow – sorrow for that lost Lenore –
For the rare and radiant Desert Eagle whom my CTs named Lenore –
Bullet-less here for evermore.


And the sudden and uncertain dingof each little chat curtain
Distracted me – filled me with terrible aiming that I could ne’er before;
So that now, to still the beating of my AWP-er heart, I stood repeating
`’Tis some Scrim-er entreating entrance to his server door –
Some bored Scrim-er entreating entrance at his server door; –
For they have less than ten [players], and nothing more,’

Presently my skills grew weaker; hesitating then no longer,
`Dude’ said I, `or Guy, truly your forgiveness I implore;
But the fact is I was gaming, and so gently you came chatting,
And so engrossed I was with my laming, walling at the double door,
That I scarce was sure I read you’ – here I opened wide the chat door; –
A link there was, and nothing more.


Deep into that link peering, long I stood there wondering, fearing,
Doubting, dreaming dreams no mortal ever dared to dream before;
But lo and behold it was a CS map, and the link gave no token,
And the only comment there spoken was the upvoted ment, `Awesome Ore!’
This I whispered, and an echo murmured back the comment, `Awesome Ore!’
Merely this and nothing more.

Back into the game turning, all my soul within me burning,
Soon again I heard a chat pingsomewhat louder than before.
`Surely,’ said I, `surely that is a player from my server;
Let me see then, what the problem is (probably lack of $$$), and this mystery explore –
Let my heart be still a moment before I recharge the $$$ and this mystery explore; –
‘Tis the starting money and nothing more!’

This is where I pause my plunder of Poe’s poem full of insanity, and get to the meaty part of my experience with fy_abbottabad, a map for the game Counter Strike: Source (as if you do not know this already).
This is the reviewof a map some random scrim friend posted on my chat box while I was playing de_dust2. He was very excited that the rumor mill of the internet had, for once, said something true that right when the news of Osama Bin Laden’s death reached an ardent CS:S fan, he immediately shouted Counter Terrorists Winand gone ahead and made a map for the game based on this lavish estate of Osama’s.

The result is an extremely good virtual representation of the Abbottabad complex where Osama Bin Laden was allegedly shot dead by a US strike team. The terrorists spawn inside the main building, while the counter terrorists spawn right outside.

The difference between the complex in real life and in CS:S is that the Terrorists also have weapons. They also have a bias in this map since they have a great view of the CT entry points from higher ground (the balcony):-


Open here I flung the shutter, when, with many a silenced bullet’s splutter,
In the distance stepped a Terrorist of the violent days of yore.
Not the least obeisance made he; not a minute stopped or stayed he;
But, with mien of a fanciful sniper, AWP-ed me in front of the entrance door –
Perched upon a balcony just in front the entrance door –
Perched, and sniped, and nothing more.

Okay I’ll stop. But the point is as you can see from the screenie, it’s very easy for a sniper vs. sniper battle to go in the Terrorist’s favor at this balcony. Especially if some Terrorist decided to nade the tiny enclosure.

There are three main entry/exit paths (one of which is the balcony/tiny room) where the T stronghold meets the CT spawn point very alike de_dust2’s triple points. But there are a thousand ways in which I would get team-flashed, smoked and generally easily killed in this map (with the classic maps, it was simple you get flashed by your team rather than by your opponent wherever there’s a nice little tunnel). (Elucidated in screenies below)




This map is an excellent novelty item and something that I would play with a small bunch of CS:S players when I get bored of the normal maps. But the point is, I have probably played… four maps (?) from the stock so whenever I get spare time I ask for some exotic map like cs_italy or something.


In summary, I am a terrible parody maker, fy_abbottabad is a fun novelty item and CS:S is still the bee’s knees on Steam.

(To view an unedited clump of the screenshots I took, please have a look here) Is The New Image Board From The Founder Of 4Chan–Invites Inside

After all the trolling, the hating, the hacking and the lulz-ing it must be hard for anyone to not know about 4chan. Yes, the same 4chan that allegedly gave birth to Anonymous (although I personally maintain that the image board is just a dumping ground for untargeted hate by the rest of the internet, and 4chan soaks it up because… well because it’s 4chan and they largely do things for the lulz) and the same 4chan that is the creator of mostly every meme on the internet right now such as Lolcats and the Rage Comics.


However, 4chan is also full of extremely terrible images and pornography, making it unsuitable for children or those with a poor hearts or bowel movements. It is also an especially fertile breeding ground for those who wish to do unlawful things online. This is because it is very easy to be anonymous on 4chan. The image board does not store its images indefinitely on the servers and thus has no archive of all the discussions that go on there. Stuff that may (and allegedly has) caused a lot of harm in real life.

So Moot (the founder of 4chan whose real identity is Christopher Poole) decided to make a better image board system one that took all the good points of 4chan (relative anonymity, fast posting, instant remixing of content) and threw away the questionable points (not safe for work/lunch images, complete anonymity) and put in a few fun parts (stickers!) to create is a new community that compels you to participate actively right from day one. Activity is extremely high and lurking is not as much fun here. Even the act of likinga post or even sharing a post, per se demands some amount of activity on your part, as explained later. The jokes range from hilarious to vile to what-in-the-world-is-this-and-why-am-i-looking-at-it (although admittedly not as bad as 4chan). It is the bright artsy little sister to 4chan and she’s just getting warmed up with her creativity, jokes, memes and wants every sticker you have.

Lots of Stickers!

Stickers are the refined response to Facebook’s bland Likebutton, in my opinion. They are also the only way you can hide or flag a post.’ stickers are round symbols of a small range of human expression viz. =D, D=, =O, LOL, ?, <3, #1, Cookie, and the inimitable gentleman with a handlebar wearing a monocle. These stickers are to be dragged and stuckinto posts which elicit the appropriate expression. As the community has expanded, a few thumb-rules for a few select stickers follow:-

If it has a cute girl or a   cat in an appropriately cute pose give it a <3.
If it has a moustache and a monocle somewhere give it the appropriate monocle-moustache salute.
If it has #1 anywhere blindly give it a #1. 101: Guess what stickers this post is going to get?

So, in summary, what is beyond the image-board part?

Very good question, internet newbie. Unfortunately, it’s also a question that cannot be answered in a few words since, well it is an image-board and you know the old adage about pictures, right? There was no way we could classify 4chan and the other slew of image boards under the overarching banner of image boards(I know what I just did and I am hoping you will keep quiet about it before everyone gets to know. Hush!). is a natural progression of the 4chan of yesterday as a meme factory.

A lovely way to introduce people to!

One of the reasons for its label as a meme factorythat I easily applied is that it is extremely easy to change or add things to a picture on it. The remixbutton opens up a toned-down Photoshop on-site for you to play with, complete with layer importing. It is extremely simple to use and its always-available nature makes users want to change an image to their liking.

It is extremely dynamic (the memes there hardly stay for more than half a day), but is not completely original as yet, mostly because the /b/-tards (users of the 4chan random image board) feel like dumping the memes from 4chan back there on a day-to-day basis and also because many people prefer to have yesteryears’ memes have a short run for free karma.

Necessary Minecraft Post

So amidst the general son-i-am-disappoints and One does not simply QWOP/walk into Mordorgifs, there are also draw yourself, especially if you are a bad artistthreads, and threads that mostly constitute adding moustaches and monocles to every upper-lip and left eye one finds (respectively).

It is an endearingly interactive group much more interactive than 4chan could have ever been, and it allows you to maintain relative anonymity. What’s not to like?

So if you wish to participate in this new melting pot of pop-cultures, comment on this thread with a request for a invite. We have plenty to give away!

The Witcher Promo On

I have sufficiently managed to create a large amount of hatred (from my Twitter followers) for The Witcher 2 just by tweeting about it every single day. I cannot help it. The closer the game gets to release day, the more my intensity for the game grows. It is looking fantastic and promises to be the best role playing game this year (and I am making this statement knowing full well that Bethesda is developing The Elder Scrolls V: Skyrim).


There are quite a number of reasons why this sequel promises to be the best RPG this year. For one where other developers pushed into the limelight after a cracking introductory game try to make the sequel more presentable and less controversial, CD Projekt Red have made sure that there is no dilution to The Witcher. The world of The Witcher is still in many shades of gray with racism, sexism and controversial quests with no correctsolutions as well as strange characters who tread way beyond our moral upbringing (such as the King who has an incestuous relationship with his daughter, but is an extremely just and kind-hearted father otherwise). The main character himself gets laid way too many times throughout the original game (and perhaps this one as well).


In celebration of The Witcher 2: Assassins of Kings‘ release on (CD Projekt Red’s sister company), the site has launched a two-week sale of the original game for the mind-numbingly low price of $5. Pre-ordering The Witcher 2 costs $44.99, so both the games together cost about $50. Not bad, considering you will be getting to know about a real dark-fantasy world full of parallels to our own world.

In case you did not know both the prices are for the digital download version of the DRM-free games. Yes, even The Witcher 2 is available DRM-free only on, and it releases on the 17th of May. Go buy!

DICE Helping Out Bioware With Mass Effect 3

Electronic Arts’ subsidiary studio Digital Illusions Creative Entertainment (DICE) is helping out Bioware with the final installment of their epic space opera role playing game Mass Effect 3. DICE is the studio behind Battlefield 2, Mirror’s Edge, and the latest Medal of Honor. While they are frantically in pursuit of Need for Speed The Run‘s development schedule, they are also helping out Bioware with the audio realismof the guns and bombs in Mass Effect 3. While they are not actively working with Bioware, some ideas were apparently shared between the two studios on the upcoming action role playing shooter.


In other words: Oh my god, Mass Effect 3 is going to be so awesome not only will the story come to a great ending [we hope], it will also have great characters, an amazing soundtrack and, most importantly, realistic physics driven guns. What more could I possibly want?

Although I can assure you that it is the minority that will probably say What more could I possibly want?(especially since The Witcher 2 is looming large on the horizon) there will be quite a few notable representatives of our esteemed gaming community who will.


However, DICE’s site has no such affirmation on the news and we could only find one citation on the Wikipedia page for DICE. Not that big an issue, am I right? It’s going to be awesome, right? Right?

Need For Speed The Run Announced

Need for Speed is easily the most recognized racing game franchise in the entire world. That is because mostly all games in the franchise fulfill the insane craving of adrenaline junkies the need for speed, per se with great visuals, astounding locations, thumping audio tracks ,and of course, the super fast cars that you take out for races.


Need for Speed The Run will take players on yet another action-filled joyride through different locales where players flirt with danger at 200 miles per hour. While there are no substantial screenshots or details of the game as yet, it looks like the game will deliver what it usually delivers fast cars.

Executive Producer at Electronic Arts, the publisher of The Run, Jason DeLong commented that we think that Need for Speed The Run is going to surprise people with its intense, thrilling story and big action feel. But the game would be nothing without hot cars and crazy-fast chases.

The game is being developed under the cutting edge new engine from DICE (the developers of Battlefield 2, Mirror’s Edge and other fantastic games) called Frostbite 2. The visuals and feel of the game is bound to be more immersive and gorgeous than any of the previous Need for Speed games. Not only that, apparently the game will also take immersive storytelling to a new level with cutting edge performances that will draw the player into a world with no speed limits, rules or allies.

Well, you are excited, are you not?

First Portal 2 Downloadable Content Is Free!

Portal 2 as we all know has stolen our collective hearts (not mine, because I have sadly not played it yet) and is fast becoming the greatest game Valve has ever released (what was that? Oh yes, Half Life and Counter Strike are definitely up there, but we shall not follow that course of conversation for it inevitably leads to one of us giving the other a virtual punch on the nose) and is still racking up about 18,000 players on Steam these days. (Of course Counter Strike is still at the top. I shall politely refrain from saying anything further)


Of course, since it is one of Valve’s newer games, it needs Downloadable Content (DLC) to stay afloat (unlike some other Valve games) and Valve has announced that there is a new Downloadable Content Pack that is in the works for Portal 2. This content pack will contain new test chambers for players, leaderboards, challenge mode for single and multiplayer modes, and more, and will be completely and utterly free on all platforms!

Again Portal 2 is going to have a free DLC pack in the near future for all platforms and will   make sure that Portal 2 stays on top of Steam’s gaming stats.

(Addendum: This post was written in a strange kind of anti-Valve’s-new-games point of view. I assure you that it was humorous, and not cynical in any way. Counter Strike Portal 2 is the pinnacle of modern first person games.)

Sony Public Relations Posts Grim Update On PSN Situation.

HUGE ALERT TO ALL THOSE READING THIS: If you use one password on all services online then stop reading this post and go change ALL of those passwords. Done? Okay, good. Read on.


Here is the bad news: your Credit Card information has probably been stolen. Here is the extremely bad news: the hackers also know where you live and your phone number, as well as the password that you use on most of your services (if you are the one password is enough for a bajillion accounts I am very secure!kind of person). Here’s the gist:-

What they have stolen:-

  • Name
  • Address
  • Country
  • Birthday
  • Email Addresses
  • PSN ID/Password
  • Probably Your Trophies As Well

What they might have stolen:-

  • Purchase History
  • Credit Card numbers used for purchase
  • Security question on your PSN account (which is usually the same across many platforms, so change this one too)

What Sony officially advises you to do:-

If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

How did the hackers obtain your password in the first place?

Why, it was in plaintext, my good man!

<user2>  creditCard.paymentMethodId=VISA&creditCard.holderName=Max&
example street%2024%20&

<user2>  sent as plaintext

<user3>  uh

<user3>  did you censor that card?

<user2>  ya its fake

<user3>  good

<user1>  wow, plaintext :S

<user5>  plaintext wow

<user3>  im never putting in my details like that

<user2>  ya is all fake lol

<user2>  i never used cc on ps3

<user2>  normally you ATLEAST enccrypt the securtity code, even if its ssl


As the entire chat log of the hackers while they were penetrating the PlayStation Network shows at one point of time, I really cannot believe that a network that puts so much Digital Rights Management (DRM) protection on every game manages to store passwords without any kind of encryption. Thoroughly unbelievable. It is going to take a lot of coaxing from them for me to get back to the network. Thoroughly disgusting and outrageous.