It all began with a simple email from the 'Hacker Underground'. Sixteen-year-old Ankit Fadia was warned of a few Pakistanis hatching a plan in a chat channel to attack an Indian Web site.
After gathering more information about the people behind the attack, Ankit pretended to be a member of the group by taking on a member's nickname and eavesdropped on their conversation.
When a sixteen year-old is able to infiltrate the 'Hacker Underground', it makes me wonder exactly how underground this group really is or if its not just another group of sixteen-year-olds trying to play
Even as they discussed how they would deface one of India's leading corporate sites, Ankit Fadia had recorded a copy of the chat transcript and mailed it to a US spy organisation that had hired him. The corporate site was then pulled down for two hours and uploaded with anti-cracking software in place.
Apparently the FBI, CIA, and NSA do not have enough ops such as these that they had to go out and hire Ankit Fadia.
Only 10 days into his job with the international organisation associated with the US government, Ankit is nonchalant about his success. The Delhi Public School student explains: "They were basically Kashmiri hackers, who wanted to deface the site and put it up with the message that Kashmir belonged to Pakistan."
Fadia just happened to get wind of what was going on. After he narced on the AIC and WFD, the two groups jointly defaced epfindia.gov.in and dedicated the defacement to him - http://www.srijith.net/indiacracked/oldnews.shtml. Moreover, I was unable to find what U.S. organization he 'worked' for.
This entire episode was a single day's work for Ankit Fadia.
But that's not all. His 'hack and tell' book titled the Unofficial Guide to Ethical Hacking has sold 18,000 copies in India and 9,000 copies internationally within its first month. His second book is due to release in May this year.
The users on antionline.com, a security Web site, ranked his security site second in the world. He was also invited by the US Federal Bureau of Investigation to lecture its agents at a convention in Florida last year, which was called off at the last minute due to the September 11 attacks.
Ankit Fadia has been proclaimed a fraud, even by the moderators of antionline.com - http://www.antionline.com/showthread.php?threadid=270899&pagenumber=1#post863804. More interesting,
it appears Fadia has spun this in later years to say that "the FBI judged [my site] as the second best hackingsite in the world".
Ankit has lectured professors and students at IIT Kharaghpur and Banaras Hindu University and is due to address a public meeting in Taiwan in August this year.
I was unable to find any trace of speech transcripts, date, time, and locations.
Young hackers are not news. What distinguishes Ankit is his commitment to ethical hacking, which keeps business sites going. Refusing to stay anonymous, Ankit comes out clean on his tricks so as to help improve security.
Nidhi Taparia Rathi spoke with the wunderkind
Q: When did you learn to hack?
A: I was gifted a PC when I was 12. For a year, video games fascinated me? But that was till I discovered hacking. I enjoyed it because it was an entry to something that was forbidden? That was the starting point.
I learnt how to hack on my own via books and the Internet. I wouldn't say it's simple or easy to learn. But I was very keen and that made it easier. The lack of reading material prompted me to conduct my own experiments on my PC on different operating systems and put together my own resources on hacking online. I started my own Web site, at 14.
The feedback was encouraging. Most readers were from outside the country and from ages ranging between 14 and 65.
With most of them being on the extreme lower end, undoubtedly.
They appreciated my easy, comprehensive style of writing, which in turn made me think about writing a book.
Q: What was your book all about?
A: It was a 15-day effort in my summer holidays that was an introduction to everything, which a newbie would be interested in. It dealt with various Internet tools employed by computer hackers and also has a section on dealing with viruses.
At the time of writing his book, Fadia is fifteen years of age. He started playing computer games when he was twelve. Got into hacking a year later. Published his first website at fourteen. Undoubtedly, this
guy has aspergers or he is playing everyone for a fool.
In fact, Macmillan India agreed to publish the book if their technical team okayed it. It also had to be passed by the lawyers because it was a sensitive topic. As for me, I was quite thrilled because I am the youngest author in their 110-year-old history!
In fact, no one knew that I was working on this book. I wrote it all by myself in 15 days. My mom initially didn't believe me when I went to her that I had written a book. The toughest part was to keep at it for 15 days. Because I knew I would lose the flow of writing it out if I stopped mid way through.
Fadia has been accused of producing this book via 'copy and paste' from sites such as www.winguides.com - http://mm.gnu.org.in/pipermail/fsf-tn/2006-April/000293.html - the author of this article also mentions that Fadias media celebrity is all based on Indian newspapers' being
I also co-authored a book by a Portuguese publisher on Linux along with eight other authors. I wrote two chapters in the book but I haven't received much feedback as the book was translated into Portuguese. It was again a solitary effort and there wasn't much interaction with other authors on that book.
My sequel to Unofficial Guide to Ethical Hacking is being readied for a worldwide release in May. I spent my Diwali holidays working on this advanced version? It focuses on attacks on servers, the concept, tools and the detection of these attacks.
Q: So far, what has the feedback been like?
A: I get about 100 emails a day in my inbox. Some have questions; others compliment me after having bought a copy of my book. But the best one that I received lately was of a consultant who told me how he is completely fascinated with my book. He spent three hours flipping through it before he bought it and it's completely unputdownable for him. In fact, he mentions how it has been affecting his job and deadlines because he is so enamoured by my experiments in the world of hacking.
And he doesn't respond to any the emails...even the hundred or so (major exaggeration here) I sent with a simple short list of questions. And since when has unputdownable been a word?
As far as reviews go, Indian audiences have been very complimentary. Abroad, there has been more criticism. The fact that a 14-year-old wrote a book on hacking didn't really go down very well with them. There have been allegations that a particular tutorial had been lifted from a Web site. I did write to the reviewer telling him that it was my tutorial that I had posted on the Web site and he could check my credentials below the post on the tutorial.
The Indian government's site also had earlier put up my tutorials without crediting me for it. Now with my book out, they have credited my tutorials to me!
Practice what you preach asshat.
Q: What is 'ethical hacking' that you practice?
A: I did hack the Chip magazine site (now known as Digit). I defaced it and then sent the editor an email saying what was wrong with the site and what measures they could take to rectify it. In fact, the editor even offered me a job as a system administrator then. But once he found out how young I was he retracted his offer!
Another claim for which there is no available proof.
That hacking was unethical. If he had pressed charges I would have been in trouble. The laws have been in place for a while but Indian authorities have recently woken up to implementing them.
However, I realised then that hacking brings in a lot of responsibility. I practice and preach ethical hacking. I believe that there are hackers and crackers. Both have vast amount of knowledge and information? But while hackers use it for the good, work with system administrators and catch the bad guys, crackers deface sites and indulge in criminal activities to attract cheap publicity!
I am the good hacker. I have been called by the DRDO (Defence Research and Development Organisation) to give a lecture to their system administrators. The details of the lecture are still being worked out.
Another claim for which there is no available proof. Note that law enforcement will sometimes listen to criminals speak, to better learn their methods and mindset. Speaking
to any legitimate organization does not mean anything regarding ethics.
Q: What does one need to be a good hacker?
A: One needs to know at least one programming language, understand and be proficient at Unix and be a networking guru!
Q: Any hackers you admire?
A: I admire Kevin Mitnick a lot. In fact, I copy his style of spoofing IP addresses that I picked up via his official site. I am now known by that style.
Mitnick has no whitepaper, how-to, or any of the like on his consulting site.
Security Auditor A: 'Hey, that looks like the Mitnick style of IP spoofing.' Security Auditor B: 'Where have you been dude?!? That's now known as Fadia-style!'
Q: But hackers like Mitnick usually kept their identities and work secret?
A: After the book was done, it was impossible to keep my identity secret, but yes my handles when I am chatting and I am at work is not something that people know about. Besides, hacking is not a bad word with so much awareness coming in.
In fact, because of my interview with The New York Times, I got the job that I currently have. All my team members have a copy of my book? I went through rigorous interviews online and then was selected to keep a watch, write articles on new hacker activity and their tools, along with the latest viruses in cyberspace.
Another claim for which there is no available proof.
Q: How do you keep in touch with the latest on the hacking scene?
A: There is not much that changes on the hacking scene. Only if the operating systems change, then one has to figure out new ways. For example Windows XP was tougher to break in as compared to the regular Windows. If I have any difficulties or problems when hacking, I usually use message boards on sites like neworder.box.sk.
Q: What keeps you hooked to hacking?
A: Initially, it was the forbidden because nobody knew much about it. But ever since I have begun hacking, the power to control the Internet on different operating systems has fascinated me. The power to make a computer the way you want it to work is an incredible high. My dream as a hacker today is to create a foolproof system? But that I know is impossible!
'Hacking' was popular with script kiddies in 2001/2002 when he wrote this book. It wasn't some mysterious, forbidden society made up of techno-elitists.
I don't spend more than two hours on the Internet. For me, hacking is entertainment in itself. I don't do much else when I am online.
As for the future, I am hoping to write fiction? On the lines of Sidney Sheldon! I am also currently in the process of applying to Universities abroad. Maybe, I will work with the FBI directly one day!
Oh, I feel safer already.