Many young Indians are turning to the dark side to generate additional income, a new report claims

Youth unemployment risks fueling Indian cybercrime boom, according to new research

India’s young, tech-savvy population is facing limited access to careers in the domestic technology sector, leaving them at greater risk of being lured into cybercrime activities.

While Bangalore is often referred to as the ‘Silicon Valley of India’ due to its rapid economic growth and tech adoption rates, unemployment remains high throughout the south Asian country, even for skilled workers.

“This opens the door for trained computer programmers to put on a black hat and turn to cybercrime to make money,” according to a new report (registration required) by threat intelligence firm IntSights.

“Job growth is not keeping up with the sheer volume of new technically skilled workers, and many are turning to hacking as a means to generate income,” it added.

Tech support scams

Elements of India’s booming cybercrime underground are posing as legitimate tech firms like Amazon, Microsoft, or Samsung during the recruitment process, according to IntSights.

In an interview with an IntSights researcher, one employee at an Indian scam center said that “lack of proper education”, as well as employment opportunities played a role in those who find themselves working in scam call centers.

The average income for scam center employees is only about INR15,000-20,000 ($200) per month, although this is still a modest amount for Indian workers.


RELATED Indian national pleads guilty to role in Microsoft tech support scam


“While things in India are cheaper, that is still a minimal income – but also significantly more than many other jobs,” the worker told IntSights researchers.

Threat actors use dark web cybercrime forums and black markets to buy stolen data, and then use that data to target victims with pre-written scam scripts.

Scams, fraud, extortion, sale of narcotics, use of cryptocurrency, and advanced persistent threat (APT) groups working both independently and as state-sponsored entities are all commonplace on the Indian dark web.

Dropping Elephant, Viceroy Tiger

Geopolitical and economic power struggles between India and its neighbor China have led to an increase in cyber-attacks and other cyber threat activity between the two nations.

Political tensions with India’s historic rival Pakistan have also carried over into cyberspace.

There are a number of prominent APT groups in India, some of which have engaged in state-sponsored activity, according to IntSights. In addition, hacking-as-a-service (HaaS) has emerged as a lucrative venture for Indian APT groups.

For example, a threat group nicknamed ‘Dropping Elephant’ is said to be running military and intelligence focused campaigns targeting Pakistan and China.

Known targets, like China’s foreign relations workers, were attacked through spear-phishing and watering hole attacks.


Read more of the latest cybersecurity news from India


Another Indian hacking group, dubbed ‘Viceroy Tiger’, also primarily attacks government and military entities, including various targets in southern Asia, the US, and Europe.

“They have targeted American civilian organizations, telecommunication corporations in Norway, as well as organizations and government agencies in Pakistan and China,” IntSights reports.

“Viceroy Tiger has been known to use a weaponized Microsoft Office document as a spear-phishing campaign.”

Playing catch-up

India’s military seems to be playing catch-up. Kiren Jijiju, Minister of State for Home Affairs, stated in 2017 that there was a huge gap in India's cyber capabilities and that narrowing this gap was imperative to discourage cybercriminals.

“It was not until 2019 that the Defense Cyber Agency (DCA), a new tri-service agency for cyber warfare, was established,” IntSights reports.

“It is said to have more than 1,000 experts who will be distributed into a number of formations in the army, navy, and Indian Air Force.”

“The DCA’s goal is to become capable of hacking into networks, mounting surveillance operations, and laying honeytraps.”


RECOMMENDED XSS vulnerability in Instagram’s Spark AR nets 14-year-old researcher $25,000