When Keith asked if anyone from the team wanted to interview a self-professed teenage hackerfrom India, I was cynical. Usually script kiddies in India who are also kids in real life suffer from delusions of grandeur along with the need to impress the fellow man his or her importance to India’s Cyber War against (who else?) Pakistan.
minhal mehdiis no different, for he is quite the teenager (but asked me to refrain from revealing his true age in this post) and has been hacking his way into some low security websites for about six months now, along with his friend and seniorNoTty_rAJ.
Minhal claims to hail from Lucknow, the capital of Uttar Pradesh and is [hopefully] a high-schooler with some years of school still left. He also believes hacking is not always a crime, and that it is an art and his passion.
In his introductory email, minhal claimed to have hacked manywebsites a short list being posted here. His claim to fame, in other words, is hacking one server’s root with an SQL vulnerability.
An abridged chat transcript follows with minimal editing pertaining to minhal’s answers.
Techie-Buzz (TB): What prompted you to start hacking?
minhal: i saw many forign hackers are hacking indian website, feeling of revenge motivated me for hacking. My hacks are payback to forign hackers for hacking indian websites.
TB: Which Indian websites were hacked that motivated you?
minhal: cbi website and thousends of indian websites.
TB: But you’ve mostly hacked low-security websites whose domain registrations have expired by now.
minhal: i’m new in cyber wolrd and trying to do my best for india
TB: What kind of loopholes did you find in these websites?
minhal: shell upload vlun. or SQL vlun. i found XSS in nasa’s website.
TB: So these were from exploit-db or bugtraq, right?
minhal: nah ,, its was my own
TB: So did you hack the NASA website?
minhal: it was president Xss but XSS is too long and boring
TB: Right, sure. Moving on, are you part of any organization?
minhal: i joined Team NUTS 1 week ago. team nuts is a anti hacking organization.
TB: Your friend NoTty_rAJ is part of this organization? How do you know each other?
minhal: NoTty_rAJ is my best friends. he is senior. we are facebook friends.
TB: On to other questions. The Pakistani site you defaced: http://www.mgw.punjab.gov.pk/jaihind.html hasn’t been put back at all. It’s like the government doesn’t care at all. It’s the same with the Indian site: http://www.apdes.ap.gov.in/hacked_by_minhal.html it’s like both the websites are quite unnecessary. Don’t you feel your efforts were in vain, since you haven’t received the attention you wanted?
minhal: http://www.apdes.ap.gov.in/hacked_by_minhal.html its not hacked by me ……….. i have too many enemies. i never hacked any indian website. yes pakistani hacked by me.
TB: Why did you hack the Pakistani website?
TB: Don’t you think that’s kind of immature? A vendetta will go back and forth and accomplish nothing.
minhal: cyber wars starts by pak hackers. indishell.net is currently down
TB: I’m very sure the Pakistani hackers would say that we started it. But I ask: isn’t friendship more important than a test of skill? I mean, instead of taking down sites, setting up RATs and other mischief between countries, why don’t you two make relative peace and chit chat?
minhal: pak hackers nt support in peace. and pakistani says indian hackers r resposble 4 it.
minhal: LulzSec was a relity 4 the world. means nothing is secure from hackers. lulzsec down everything thst he want.
TB: But all they did was use exploits that were freely available. They spread havoc for no reason, and in fact angered many gamers such as myself. They were pretty much anti-antisec in that way, and instead of increasing positive awareness against white hats, they increased negative responses to the word “hacker”. Don’t you believe that’s a bad thing?
minhal: yes ,, everyone sholud hacker but not for hack for protecting from bad guys.
TB: Final question: is Ankit Fadia your role model?
minhal: nopes. every real hacker of india hates ankit fadia.
TB: Correct answer! Thanks for your time, minhal.
As you can see from the snatches of this chat, that minhal mehdi does suffer from these delusions. However, for all I know he is a normal fun-loving (read: angsty) teenager (as is evident from the many good-natured :Dthat pervaded throughout the chat). The real hackers of the country do not needlessly go around asking to be interviewed for the truest test of their work is to not ever be found or linked to a takedown.
I wish minhal mehdi lots of luck for facing the real world.