The mad hacker: A cyber criminal’s successful transition

Shahzad Shaikha reveals how he got a job at a bank by breaking into its website.

ISLAMABAD:


For his job interview, the man who is known mainly by his online handle of Don420, tried to bring a company he wanted to work for down to its knees.


In 2008, Shahzad Shaikha, now in his early-30s, was transitioning from a hacker who broke into websites, stole classified information and called himself an “online vandal”, into the flipside of his previous persona.

Instead of breaking into websites himself, he wanted to use his skills to make a living and so decided to work for a bank to prevent other hackers from doing what he himself was so adept at.

But before he could offer his services, Shaikha had one last act of hacking to perform. The only way he could prove himself up to the task was by breaking into the bank’s secure website and accessing the information of its customers.

Doing this, he says, was one of his hardest tasks.

Hacking a government website is easy. No one there seems to have thought of security. I could do it in my sleep.”

To break into the bank’s website, however, took him many sleepless nights.  Eventually he succeeded.

The next step was the most nerve-racking. Shaikha describes himself as a typically awkward geek who is comfortable only in the yellow glow of his monitor screen.

He steeled himself to contact the human-resources manager of the bank, tell them he had discovered a flaw in their security system and offer his services to resolve the issues.

He says, “The entire process took more than a month. Even after they confirmed that I had broken in, they didn’t know what to do.”

Shaikha says he was worried that he might be handed over to the police. Slowly, they began to trust him and got him to do some pro-bono work to prove his worth. Now, three years later, he is in charge of website security for the bank, thwarting the hacker attacks he used to love perpetrating so much.


The transition Shaika made, from a “black-hat hacker”, one who uses his hacking skills towards criminal ends, to a “white-hat hacker”, someone who is gainfully employed as a computer security expert, is one few hackers can manage.

Hacking in Pakistan

The history of hacking in Pakistan is something Shaikha has been intimately familiar with. He says, “The first hackers came soon after we got internet in Pakistan.”

He speaks with awe about the teenagers who would hack internet-service providers back in the mid-90s and then, much like Shaikha did with the bank, get themselves jobs working there.

One of the initial hackers, says Shaikha, even ended up founding his own broadband company. For every hacker who manages to convert his talents into a lucrative, legal job, there are a few dozen who embrace their life of crime.

‘Cyber war’ with India

By far, the most famous practitioners in this dark art are the Pakistan Cyber Army (PCA), which has been involved in a never-ending cyber war against Indian hackers.  The PCA doesn’t operate for profit or personal gain; it just enjoys sticking it to the Indians.

The PCA, and its many members, like the notorious “Shadow008”, are very elusive.  But one former PCA member, who after an introduction by Shaikha, agreed to an interview via GTalk, gave some information about the group.

He said, “The PCA is collective but we all worked individually. One person would hack a site but we would all take credit for it.”

He adds, “Some of us were nationalistic but mostly we were just kids having a great time.”

In recent months, among the sites hacked by the PCA was the personal website of Indian cricketer Yuvraj Singh and Indian telecom companies.

According to him, PCA members make a living by charging students Rs8-10,000 an hour to teach them the basics of hacking.

But, he stresses, “It’s not about the money. It’s all in the game.

Published in The Express Tribune, November 18th, 2011. 
Load Next Story