Proprietor of a Cyber Security firm caught for Hacking for Profit

Two members of a pan-India hacker group, "Indishell", and its offshoots were arrested on Saturday 1 Sept 2012 for hacking into an e-commerce website that specializes in mobile recharge. The hacker in question was the owner of a cyber security firm. This highlights the dangers of choosing pen test vendors as the loss of vulnerability information is a significant threat.

The Government of India via its cyber institution CERT-IN, has a high quality empanelment process, which includes a detailed expertise evaluation, and involves a thorough check of the company’s background, experience and personnel. The test challenge is of high quality (requiring both tool and manual expertise). With a cut off score 90%, it is difficult to pass.

At the moment, we do not have an independent Indian body to individually assess, background verify and accredited pen testers. Some large companies do this on their own, undertaking external background verification check for every consultant, and mandating basic qualifying certifications like CEH.