Google PlusFacebookTwitter

Ankit Fadia : Certified Ethical Idiot

By on Dec 5, 2007 in Reviews, Tech Takes | 43 comments

Share On GoogleShare On FacebookShare On Twitter

A bit of a background before I begin this post. Ankit Fadia is zis guy, an alumnus of Delhi Public School R K Puram, who *claims* he’s this hotshot hacker, over whom ‘certain undisclosed security agencies in the USA’ always call using the Bat-signal whenever Osama bin Laden sends an email ordering Viagra. This, from a guy who’s never written a single hacking tool or algorithm of his. So when I came to know that Career Launcher, of all places, was gonna start an ‘Ankit Fadia Certified Ethical Hacking Course‘ and was holding a seminar at Karnataka House (a stone’s throw away from my home), I couldn’t resist meeting the moron.

Ankit Fadia poster
I might add, I *have* read some of his books. To the normal guy, he’ll be ultra-impressed; for the discerning reader, he’s a whore bore. There’s this book of his, where he actually gave the STEPS to view the source code of a bloody HTML page, and then proceeded to fill some THREE pages with the HTML source of Yahoo!’s home page. That, was touche in the long line of idiotic stuff. I don’t even WANT to start off discussing stuff like filling pages after pages on the ‘ping of death’, an issue which is practically obsolete in modern operating systems.

Ankit Fadia banner
Anyway, I turn up at the venue (it has a nice restaurant there too, BTW, maybe I’ll write about it some other day); to find nobody to guide people around. Mystified, I found my way around and made it to the auditorium. Surprised to find it almost packed, full of college students, portly gents and behenjis, and people who seemed to have been hired on-the-spot by Career Launcher at the Karnataka Restaurant just to fill up the space. Anyway, I was lucky enough that I found a seat right behind the Moron in the second row.

After making everyone wait for about 30 minutes beyond the schedule time, this CL guy Harpreet Dhody goes on stage, and makes cheesy lines like (my commentary in square braces)…

If you got an opportunity to meet Einstein or Stephen Hawkins [yup, THAT’s what he said], will you give it away? No! Same for Ankit Fadia…blah…blah…

…a premonition of how bad the evening was gonna be. Anyway, the show must go on, and Mr Fadia came on stage…

Ankit Fadia on stageThe dude himself

How many use the Internet? Stop using it, it’s unsafe…
How many use Google? Stop using it [yay!], because it keeps logs [duh, they need to make money]…
How many use web mail like Yahoo, Hotmail or Gmail? Stop using it, they keep records too…

…and RIGHT there on the screen, in the presentation we had…

Ankit Fadia
fadia.ankit@gmail.com

It seems that although he’s studying at Stanford, they didn’t deem it necessary to give him a stanford.edu ID; because of which the poor guy is forced to stick to Gmail. Too sad that it was a dark hall, and the pictures didn’t come out well for me to show you guys this. Interestingly, his site is www.hackingmobilephones.com; which seems the result of the fact that he forgot to pay the bill on his older ankitfadia.com domain. Aw, I forget, ankitfadia.com was hacked (LOL, by a person named SkriptKiddie no less) pretty soon after it was put up.

Anyway, he got on with great relish to start explaining about how privacy is a big issue; and told the case of some woman staying in one-room apartment in Mumbai four years ago who had broadband Internet (Eh? Broadband, FOUR years back? Must’ve been Sify, who still call 64 kbps ‘broadband’), and how some Big Bad Wolf turned on her webcam 24×7 or something. Then he took another case…

…NASA’s systems were hacked by an 11-year old Russian teenager, who diverted a rocket around in space after it was launched…caused billions of dollars in damage as the spacecraft was lost…

Point one: an ELEVEN year old is NOT a TEENager (read the words carefully). Point two: I’ve never heard of this incident, neither is there any mention of it online anywhere. I don’t deny NASA has been hacked – it has, and various of its bodies’ sites have been defaced. There was a case when a hacker even delayed transmissions during a space shuttle mission once, but a Russian KID hacking in and resulting in loss of a space mission – never heard of it. Someone please enlighten me if I’m wrong.

He moved on to talking about hiding IP addresses, which he made pretty interesting for the general audience, I must admit. After that, and after mentioning about proxy servers, proxy bouncing, etc; he decided to speak on anonymising…

…and then how he saved paying Australian $20-30 at some Sydney hotel because he found unsecured hotspots nearby…

He went on to say that the way to solve the problem of people war driving (and guess what, he didn’t even KNOW about tools like NetStumbler; hell, there’s a whole Linux distro dedicated to this called WarLinux) and fucking (my language) around with your Wi-Fi network is to…

…use encryption standards like WEP

For the slightly intelligent people out there, you’d probably be knowing that WEP was a standard dropped WAY back in favour of newer stuff like WPA and WPA2; because WEP has flaws which enables stuff like AirSnort and AirCrack to prise open the Wi-Fi clamshell in a short time. Boy, is this guy outdated…

Next up was email spoofing, where he didn’t even bother to show the theory behind it. Instead, he opened this page; and proceeded, with utmost pride, to show that he knew how to fill an HTML form, explaining each and every step (“press tab to shift focus to the next field” – sounds hi-fi, doesn’t it?), and then finishing with “all you need to do now is click submit”, on a laptop which didn’t have an Internet connection.

After that, he showed steganography, which is basically encrypting images in innocent looking photos (like that of Avril Lavigne, which he used). Now what he claimed then (and has for quite some time is) that after the 9/11 attacks in USA ‘certain undisclosed security agencies in the USA’ intercepted messages from Al-Qaeda and sent them to our dear friend because they couldn’t figure out what it was. Our dear friend, as he says, couldn’t figure out anything for 3 weeks, and in the 4th week (yay, Google search!) it struck him that it could be this. Our dashing young frood then told his masters in the US, and got the license to have his martini shaken AND stirred. I might add here that the sarcasm + wisecracks here are by me, lest you think he’s a (non)sense of humor.

Amazing story, except for the fact that NO publication except the USA Today ever spoke of US agencies intercepting ‘such messages’ – and I might add that the guy (Jack Kelley) who wrote the story was later fired in 2004 for ‘fabricating false stories and sources’. Hmm.

Mr Fadia then proceeded with a ‘live hacking demo’, where he had installed a trojan (NetBus, in case you’re curious) on his OWN laptop and ‘connected’ to it on his own laptop, and showed its various features (he can be a good salesman). He then proceeded on how India has been losing out in the cyber war against Pakistani hackers…

…they hack 50-60 Indian sites daily, while we can only do 10-20 of theirs…

Thanks to the 9000 Ankit Fadia Certified Ethical Hackers till now! Anyway, there’s this interesting aside where a Pakistani hacker group once challenged Ankit to patch an Indian government site from being hacked within two days, which they eventually did.

The session was (thankfully) coming to a close. He now switched laptops with the CL guy Harpreet (this one had a net connection), and after doing the boilerplate…

Don’t try this at home, this IS breaking cyber law, but since it’s Harpeet’s laptop, he’ll be legally responsible if anything is caught…

…during which time that CL guy’s EXPRESSION was (MasterCard) priceless. Anyway, he opened up BSNL’s admin page, and proceeded to do his ‘live hacking demo’, where he entered username as admin and password as ‘=’ OR ‘=’, which he referred to as the *magic code*. Even on being asked multiple times by some people in the audience. Nothing ‘magic’ about it, it was a simple SQL injection attack.

With that, we came to and end, and I asked for his autograph; which, BTW, I was not supposed to get unless I’d joined his course, but I haven’t come across too many people who refuse autographs…

Ankit Fadia's autographAnkit Fadia’s autograph

The absolute fun part was at the end, when the ‘horkud’ using crowd descending on him, including a portly gent who said he was an ‘ISO 9001 certified hacker too’. All that is left now is for some bright entrepreneur to to shrink-wrap ‘ISO 9001 hackers’ and start selling them on eBay. Anyway, Ankit was fully cornered by the crowd, and asked questions like…

My company is blocking peer-to-peer software, and traffic can only be sent via port 80. Now you talked about proxies, how do I get to use a proxy to send it via some other port, while keeping in mind the fact that I need to keep the proxy settings for my company’s internal LAN?

Confused question, but I hope you get the point. To this, our networking guru Mr Fadia said…

Er, iske bare me mujhe itni zyada jankari nahi hai…

Ankit Fadia
This, from a guy who is consulted by ‘undisclosed US security agencies’ to ‘hunt down bin Laden’ (his words, not mine).

Now I *have* to admit at the end that Ankit Fadia is stunningly brilliant at explaining dry-as-Egyptian-mummies (for general people) topics like proxies to portly gents in an easy manner. He’s also pretty good at keeping audiences engaged with such boring stuff. I’d therefore say…

My rating of how useful Ankit Fadia’s Certified Ethical Hacker Course will be for a normal Joe: 5.9 / 10

As I said, geeks won’t find anything here they don’t know; and the title is pretty pretentious anyway. Yes, for normal people however I’d say this course would be pretty good to get them stuffed with basic knowledge on what the fuck exactly is going on when they use the Internet and HOW they might be conned. However, it WILL sorta give them the feeling that they’re top class hackers now, which they aren’t. That false sense of security isn’t something very good on the Internet.

In fact, I wouldn’t have had so much to say about Ankit had it not been for the huge amount of unsubstantiated claims that he keeps on making every now and then. So basically, they should STOP calling it a ‘certified hacker’ course, and simply call it an ‘Internet Security Bootcamp’ or something; that way, Ankit can stay credible while being an icon for the masses at the same time. Calling it ‘Certified Hacker’ is, IMHO, an exaggeration.