Computer bug hunters rejoice. The law is, finally, by your side.
The Cyber Defence Research Centre (CDRC) of Jharkhand Police launched its “responsible disclosure system” on Friday to arguably become the first law enforcement agency in the country to offer ethical hackers, individuals and groups a concrete platform to expose vulnerability of any government or private website.
Like all whistle-blowers, it is a tightrope that computer bug hunters have had to walk so far in the absence of a support system. Now, the CDRC will help ethical hackers significantly contribute to proactive cyber crime control without fear.
A few months ago, a Ranchi resident had reported transaction anomalies in his account with a private bank. An IT engineer by profession, he had suspected viral invasion and responsibly warned bank officials of data plunder. But, instead of gratitude, he earned their wrath. The bank allegedly sent goons to his door, threatening him with dire consequences if he dared to disclose the discrepancies in its transactions.
Chief technical officer of CDRC Vineet Kumar said they launched the “responsible disclosure system” to get around this particular problem.
“We have opened a new avenue for people who identify weaknesses and holes in websites and wish to report it. We do not encourage anonymous reports, but those who come forward can rest assured that their identities will be kept under wraps. We will take the case ahead by contacting the organisation concerned and ensure rectification of the defect, if found true,” he said.
According to the senior CDRC official, anyone willing to make a disclosure could simply fill up a form at http://cdrc.jhpolice.gov.in/ with details of the vulnerability detected in a particular website.
“A screen shot of the vulnerability also needs to be uploaded. After submission of the form, the complainant will receive an SMS with a tracking ID, which can be used as a reference to communicate with us in the future to know about the status of the case,” Kumar said.
The CDRC’s primary objective is to ensure national security. The responsible disclosure system, he added, would serve a dual purpose.
“First, it will help us connect with the masses for information about problems in the cyber world. Second, bug hunters will be able to contribute to crime control without fear of retribution. We had activated the responsible disclosure link on our website a couple of days ago and the response is already good. From today, we are making the system public.”
Since its inception some three years ago, the CDRC in Jharkhand has emerged as a potential cyber security force in India. It has earned accolades from Nasscom and the Data Security Council.