A bit of a background before I begin this post. Ankit Fadia is zis guy, an alumnus of Delhi Public School R K Puram, who claims he’s this hotshot hacker, over whom ‘certain undisclosed security agencies in the USA’ always call using the Bat-signal whenever Osama bin Laden sends an email ordering Viagra. This, from a guy who’s never written a single hacking tool or algorithm of his. So when I came to know that Career Launcher, of all places, was gonna start an ‘Ankit Fadia Certified Ethical Hacking Course‘ and was holding a seminar at Karnataka House (a stone’s throw away from my home), I couldn’t resist meeting the moron.
I might add, I have read some of his books. To the normal guy, he’ll be ultra-impressed; for the discerning reader, he’s a whore bore. There’s this book of his, where he actually gave the STEPS to view the source code of a bloody HTML page, and then proceeded to fill some THREE pages with the HTML source of Yahoo!’s home page. That, was touche in the long line of idiotic stuff. I don’t even WANT to start off discussing stuff like filling pages after pages on the ‘ping of death’, an issue which is practically obsolete in modern operating systems.
Anyway, I turn up at the venue (it has a nice restaurant there too, BTW, maybe I’ll write about it some other day); to find nobody to guide people around. Mystified, I found my way around and made it to the auditorium. Surprised to find it almost packed, full of college students, portly gents and behenjis, and people who seemed to have been hired on-the-spot by Career Launcher at the Karnataka Restaurant just to fill up the space. Anyway, I was lucky enough that I found a seat right behind the Moron in the second row.
After making everyone wait for about 30 minutes beyond the schedule time, this CL guy Harpreet Dhody goes on stage, and makes cheesy lines like (my commentary in square braces)…
If you got an opportunity to meet Einstein or Stephen Hawkins [yup, THAT’s what he said], will you give it away? No! Same for Ankit Fadia…blah…blah…
…a premonition of how bad the evening was gonna be. Anyway, the show must go on, and Mr Fadia came on stage…
The dude himself
How many use the Internet? Stop using it, it’s unsafe…
How many use Google? Stop using it [yay!], because it keeps logs [duh, they need to make money]…
How many use web mail like Yahoo, Hotmail or Gmail? Stop using it, they keep records too…
…and RIGHT there on the screen, in the presentation we had…
Ankit Fadia
fadia.ankit@gmail.com
It seems that although he’s studying at Stanford, they didn’t deem it necessary to give him a stanford.edu ID; because of which the poor guy is forced to stick to Gmail. Too sad that it was a dark hall, and the pictures didn’t come out well for me to show you guys this. Interestingly, his site is www.hackingmobilephones.com; which seems the result of the fact that he forgot to pay the bill on his older ankitfadia.com domain. Aw, I forget, ankitfadia.com was hacked (LOL, by a person named SkriptKiddie no less) pretty soon after it was put up.
Anyway, he got on with great relish to start explaining about how privacy is a big issue; and told the case of some woman staying in one-room apartment in Mumbai four years ago who had broadband Internet (Eh? Broadband, FOUR years back? Must’ve been Sify, who still call 64 kbps ‘broadband’), and how some Big Bad Wolf turned on her webcam 24×7 or something. Then he took another case…
…NASA’s systems were hacked by an 11-year old Russian teenager, who diverted a rocket around in space after it was launched…caused billions of dollars in damage as the spacecraft was lost…
Point one: an ELEVEN year old is NOT a TEENager (read the words carefully). Point two: I’ve never heard of this incident, neither is there any mention of it online anywhere. I don’t deny NASA has been hacked – it has, and various of its bodies’ sites have been defaced. There was a case when a hacker even delayed transmissions during a space shuttle mission once, but a Russian KID hacking in and resulting in loss of a space mission – never heard of it. Someone please enlighten me if I’m wrong.
He moved on to talking about hiding IP addresses, which he made pretty interesting for the general audience, I must admit. After that, and after mentioning about proxy servers, proxy bouncing, etc; he decided to speak on anonymising…
[yahoo 5284776]
…and then how he saved paying Australian $20-30 at some Sydney hotel because he found unsecured hotspots nearby…
[yahoo 5284996]
He went on to say that the way to solve the problem of people war driving (and guess what, he didn’t even KNOW about tools like NetStumbler; hell, there’s a whole Linux distro dedicated to this called WarLinux) and fucking (my language) around with your Wi-Fi network is to…
…use encryption standards like WEP…
For the slightly intelligent people out there, you’d probably be knowing that WEP was a standard dropped WAY back in favour of newer stuff like WPA and WPA2; because WEP has flaws which enables stuff like AirSnort and AirCrack to prise open the Wi-Fi clamshell in a short time. Boy, is this guy outdated…
Next up was email spoofing, where he didn’t even bother to show the theory behind it. Instead, he opened this page; and proceeded, with utmost pride, to show that he knew how to fill an HTML form, explaining each and every step (“press tab to shift focus to the next field” – sounds hi-fi, doesn’t it?), and then finishing with “all you need to do now is click submit”, on a laptop which didn’t have an Internet connection.
After that, he showed steganography, which is basically encrypting images in innocent looking photos (like that of Avril Lavigne, which he used). Now what he claimed then (and has for quite some time is) that after the 9/11 attacks in USA ‘certain undisclosed security agencies in the USA’ intercepted messages from Al-Qaeda and sent them to our dear friend because they couldn’t figure out what it was. Our dear friend, as he says, couldn’t figure out anything for 3 weeks, and in the 4th week (yay, Google search!) it struck him that it could be this. Our dashing young frood then told his masters in the US, and got the license to have his martini shaken AND stirred. I might add here that the sarcasm + wisecracks here are by me, lest you think he’s a (non)sense of humor.
Amazing story, except for the fact that NO publication except the USA Today ever spoke of US agencies intercepting ‘such messages’ – and I might add that the guy (Jack Kelley) who wrote the story was later fired in 2004 for ‘fabricating false stories and sources’. Hmm.
Mr Fadia then proceeded with a ‘live hacking demo’, where he had installed a trojan (NetBus, in case you’re curious) on his OWN laptop and ‘connected’ to it on his own laptop, and showed its various features (he can be a good salesman). He then proceeded on how India has been losing out in the cyber war against Pakistani hackers…
…they hack 50-60 Indian sites daily, while we can only do 10-20 of theirs…
Thanks to the 9000 Ankit Fadia Certified Ethical Hackers till now! Anyway, there’s this interesting aside where a Pakistani hacker group once challenged Ankit to patch an Indian government site from being hacked within two days, which they eventually did.
The session was (thankfully) coming to a close. He now switched laptops with the CL guy Harpreet (this one had a net connection), and after doing the boilerplate…
Don’t try this at home, this IS breaking cyber law, but since it’s Harpeet’s laptop, he’ll be legally responsible if anything is caught…
…during which time that CL guy’s EXPRESSION was (MasterCard) priceless. Anyway, he opened up BSNL’s admin page, and proceeded to do his ‘live hacking demo’, where he entered username as admin and password as ‘=’ OR ‘=’, which he referred to as the magic code. Even on being asked multiple times by some people in the audience. Nothing ‘magic’ about it, it was a simple SQL injection attack.
With that, we came to and end, and I asked for his autograph; which, BTW, I was not supposed to get unless I’d joined his course, but I haven’t come across too many people who refuse autographs…
Ankit Fadia’s autograph
The absolute fun part was at the end, when the ‘horkud’ using crowd descending on him, including a portly gent who said he was an ‘ISO 9001 certified hacker too’. All that is left now is for some bright entrepreneur to to shrink-wrap ‘ISO 9001 hackers’ and start selling them on eBay. Anyway, Ankit was fully cornered by the crowd, and asked questions like…
My company is blocking peer-to-peer software, and traffic can only be sent via port 80. Now you talked about proxies, how do I get to use a proxy to send it via some other port, while keeping in mind the fact that I need to keep the proxy settings for my company’s internal LAN?
Confused question, but I hope you get the point. To this, our networking guru Mr Fadia said…
Er, iske bare me mujhe itni zyada jankari nahi hai…
This, from a guy who is consulted by ‘undisclosed US security agencies’ to ‘hunt down bin Laden’ (his words, not mine).
Now I have to admit at the end that Ankit Fadia is stunningly brilliant at explaining dry-as-Egyptian-mummies (for general people) topics like proxies to portly gents in an easy manner. He’s also pretty good at keeping audiences engaged with such boring stuff. I’d therefore say…
My rating of how useful Ankit Fadia’s Certified Ethical Hacker Course will be for a normal Joe: 5.9 / 10
As I said, geeks won’t find anything here they don’t know; and the title is pretty pretentious anyway. Yes, for normal people however I’d say this course would be pretty good to get them stuffed with basic knowledge on what the fuck exactly is going on when they use the Internet and HOW they might be conned. However, it WILL sorta give them the feeling that they’re top class hackers now, which they aren’t. That false sense of security isn’t something very good on the Internet.
In fact, I wouldn’t have had so much to say about Ankit had it not been for the huge amount of unsubstantiated claims that he keeps on making every now and then. So basically, they should STOP calling it a ‘certified hacker’ course, and simply call it an ‘Internet Security Bootcamp’ or something; that way, Ankit can stay credible while being an icon for the masses at the same time. Calling it ‘Certified Hacker’ is, IMHO, an exaggeration.
43 replies on “Ankit Fadia : Certified Ethical Idiot”
He is one of the biggest lies, i also remember a similar seminar in some college of DU, man these people download trojans, and think they are geniuses.
It was this another dude, claiming to do certified courses too, Also this guy types in the standard factory menu code into a mobile phone and amazed the crowd of gullible people (he claimed to have hacked the phone :P)
But for all the ‘praise’ you’ve endowed on him, everyone seems to be making a big fuss about Fadia and this workshop.
According to Mail Today, the police is worried that this workshop might produce
a)hackers who might later turn out to be a pain in the bum for ‘certain undisclosed security agencies in the USA’ or
b) 11-year old Russian ‘teenagers’, who divert NASA rockets around in space after launch, causing billions of dollars in damage as the spacecrafts get lost.
@Tikna: Exactly! I mean, if you’ve read his ‘Hacking Mobile Phones’ book, that’s all he’s written about – mostly entering factory codes. LOL. And the crowd was so gullible, to believe a guy who only downloads stuff from http://www.packetstormsecurity.org and infect his OWN computer without an anti-virus to show stuff. Nothing about real breaking in or anything.
@Rach: IMHO, the Indian media simply hypes Ankit Fadia. The point is, in India there aren’t ANY good tech reporters in the regular beat. Period. They send their Page 3 people to cover up for that, who frankly don’t know the ABCD of tech and get wowed as soon as they hear words like ‘IP address’.
Yes, it is all true. He is a good documenter (if there is any word). Collecting and downloading materials from Internet, here and there and compiling them as a hacking/security book. One my colleague show me exact material in book as copied from Internet. I went to one of his book launching event some two/three years back. He was talking rubbish about “this and that” regarding “cyber Security”. I tried to confort him the way he mis-informed general masses. As it turns out that he is interested only in media coverage and most of the invitess are just non-techies. I have forgotten about him until this recent, CEI, thing. As a mass educator regarding cyber security, he is ok, but “Installing trojan to his own computer and showing how hack the same computer” is really going to far. Hackers don’t brag, they just keep hacking.
This is the difference between you & him. You people are a bloody bunch of lurkers who will never do anything useful except winning silly crosswords…
M a system hacker too,Yes i agree wid u tikna,raat,rach,gq. just 3 days ago there was a seminar of MR. ANKIT FADIA he was boasting of all d same shits which u told us,j have read all the books of ankit fadia they have some material but they use most of the tools present itself on the net,that’s it.I dunno whether this man is a real one or he just wanna wants fake attention…
@Raat & Hemant: Agree totally with you guys…
@Anon: I’m not saying I’m a hotshot hacker, but neither is Ankit Fadia. And at least, I do win ‘silly crosswords’, which speaks more about my knowledge of tech than a guy whose knowledge of tech stuff borders on basics.
http://www.amazon.ca/Unofficial-Guide-Ethical-Hacking/dp/1931841721
Haha, I agree with you GQ. Read his customer reviews…
i did go to his seminar and to be frank i am no hacker or sorts as u guys r expertly disecting his comments but what i fail to understand is if he is no techno expert then how the hell did he get addmision in standford (guys who addmited him must not be that idiot who will admit a guy like him as u potray)so shut the crap and do some thing useful with u r life
@Maneel: LOL, that was a pretty long list there. Yes, I’ve read the book, and the whole thing is just stuff copied off resources of the Web, that too the basics.
@VK: Fortunately, for Ankit Fadia, you don’t need to be a hacker to get admission into Stanford. Dude, I’m not denying he’s capable of getting a high SAT score, but that doesn’t make him a hacker. I advise YOU to do something meaningful in your life, and stop attending stupid seminars, unless it’s to prove a point like I did.