Ankit Fadia........ a fake Geek!

We all know who Ankit Fadia is. He is self proclaimed child prodigy in ‘hacking’ , a self proclaimed ‘world famous’ expert is computer security and  digital intelligence consultant (digital intelligence? Does he mean AI. I never heard this term getting used anywhere in print other than by Mr. Fadia though I agree its a perfectly meaningful amalgamation of the two official sounding words ‘digital’ and ‘intelligence’) .

However that picture of Ankit Fadia is very likely untrue and let me present a few findings so that you can decide for yourself. Please understand that the findings are either my own of collected from various websites. Wherever I have gathered info from any site, I shall mention the link so that you can find out. The information provided here is true to the best of my knowledge (and googling skills). And I request you to point out if I am wrong. The views expressed are my own and issues in public interest. I shall be constantly updating the information on this post as and when I gather more information on Mr. Fadia. Hence the v 0.0.1 at the end of the title. 

So lets begin with his profile on http://www.hackingmobilephones.com/courses/about.php . I will highlight the interesting parts in blockquotes and add my view and/or proof below.

1.His profile on http://www.hackingmobilephones.com/courses/about.php

a.Milestones in Ankit Fadia’s LifeAGE 14 Published his first book titled The Unofficial Guide to Ethical Hacking which became an instant bestseller worldwide, sold 500 000 copies and was translated into 11 languages.

My opinion: Have you read that book? Here are the reasons why the book sucks

• Most of the so-called hacks are in Windows (98). Show me one hacker/cracker who uses Windows. If you ain’t using Unix/Linux/Solaris you ain’t no hacker mate. Why? Coz Windows hasn’t got half the tools and features that one requires to do a successful system penetration. For a deeper understand read a book on the Hacking Exposed series.
• Registry hacks and tweeks are passed off as hacking
• At many places credit has not been given to the person who found the exploit. For that matter, most of the exploits were very very outdated by the time the book published. Even in his Certified Hacking Courses by Reliance, he shows exploits which have been patched several years ago and are therefore useless
• Many of the exploit code given in his book have errors and some very obvious ones. :p

b.AGE 16 After the Sept. 11 th attacks, cracked an encrypted email sent by the Al-Qaeda terrorist network for a classified intelligence agency.

• Again only Ankit Fadia says he has done that. No other sources including any intelligence agency has corroborated the statement.
• Most intelligence agencies like NSA have expert cryptanalyst with PhDs and super fast clusters to get their job done. They wont require a 16 year old. Cryptanalysis is a serious job. Just read Applied Cryptography by Bruce Schneir or Introduction to Cryptography by Tanenbaum to get an idea how challenging it is. It would be like putting the control of India’s Moon Mission in the hands of a monkey instead of ISRO’s Madhavan Nair.

c. AGE 21 Widely recognized as an Ethical Hacker, Computer Security Expert and Cyber Terrorism guru. Written 13 bestselling books, delivered more than 1000 seminars in 25 countries, received 45 awards, provide certification courses on Computer Security, is writing a script for a movie, runs his own consulting company and is a senior at Stanford University.

• Best selling books? By whose standards? I don’t find him anywhere in New York Times, Book Sense, USA Today, Publisher’s Today. A sales figure of 3 million as he proclaims is nearly a third of what Mein-Kampf or Catch 22 reached  and his books did that in a fraction of the time. Sounds shaky, doesn’t it? Does to me
• Most of his books have been published in India only. Other than The Unofficial Guide to Ethical Hacking, Network Security: A Hacker’s Perspective, Hacking Mobile Phones,Email Hacking, Windows Hacking most of his books are hard to come by. Also Windows hacking is nothing but a compendium of  Registry Hacks readily available from the Internet. Do read the comments on his books at amazon.com and you will get a clearer picture.
• Almost all the content in his book are copy-paste work from the Internet, that would even put the laziest Computer Science student to shame.
• The best I can say about Mr. Fadia is that he is a very good salesman because time and again he has convinced his publisher to publish his books. Thats no mean feat considering the shit that he peddles as ‘hacking’.
• Its been mentioned time and again that he runs his own consulting company but I have never come across the name of the said company.

2. Again, as per http://www.hackingmobilephones.com/courses/about.php his clientèle includes Google, Citibank, Shell, Volvo, Thai Airways, UOB Bank, PT Cisco Systems, Bank of Thailand, Bangkok Public Bank, Amari Hotels, BlueScope Steel, Jumeirah International, Wipro, Singapore Health Promotion Board, Infosys, Satyam, Schering Ltd.

My opinion: This list seems too good to be true. It exceeds clientèle of various well know security consulting firms. Again, none of the above mentioned organizations have corroborated Fadia’s claims.

3. Widely celebrated in international media publications, Fadia is also regularly invited by BBC Radio World News, London to share the latest updates on virus outbreaks, loopholes and cyber crime trends.

My finding: I searched the BBC site to find one reference to him being on the said show. Guess what I found? Nothing. Nadda. Zilch.  So if anyone can give me the link to any of his interviews on BBC, I will agree. Until then, let it hang in balance.

4. For his outstanding contributions in the field of computer security globally, Fadia has been honored with numerous awards namely: Indo-American Society Young Achiever Award 2005, IT Leader Award 2005, Person of The Year 2002, Limca Book of Records, Hall of Fame Award, Outstanding Young Achiever’s Award, Silicon India Person of the Week, Embassy State Award, Best Speaker Award (4 occasions), Student of the Year 2002-03 and many more.

My findings on his awards:

• Microsoft Most Valuable Professional Award: A search on https://mvp.support.microsoft.com/communities/mvp.aspx?name=ankit+fadia yields nothing about Mr Ankit Fadia
• Indo-American Society Young Achievers Award: The award exists but nowhere is it mentioned that he received it ever.
• CNBC Young Turk : I have not been able to verify this. Tough it is probable he did come on the show.
• Person of the Year India 2002, Limca book of records: Again a search on the site yields nothing about any Ankit Fadia
• Gold Medal 2003 from Institute of Defense and Strategic Studies, Singapore: I could not find anything on it. So its neither proved nor disproved.
• Asian American Outstanding Achievement Award Nominee at Stanford University: Again he claims to be a nominee which cannot be proved unless I contact Stanford and ask them. Their site only maintains list of people who have won the award or a nominee for the current year. There is no list of nominees for previous years.You are requested to kindly dig up about the other awards. I am bored now.

5. Fadia is also a consultant to many universities in India, Singapore, China and USA on the design and structure of their computer security courses.

My question: Will Mr Fadia be so kind as to provide references and/or links to universities for which he designs courses? You will find this thing occurring over and over. Fadia never provides links or references to many of his achievements. Isn’t that strange? I have gone through profiles of various researchers and they all provide links and references wherever possible.

6.According to Wendy McAuliffe at ZDNet UK, Fadia’s Hacking Truths website was judged “second best hacking site” by the FBI, though no ranked list of “hacking sites” has been published by the FBI.

7.In April 2000, Rediff.com published an interview with Ankit Fadia. Anti-India Crew (AIC), a Pakistani hacker group noted for defacing Indian Government websites, rubbished the claims that Fadia had made in the interview. Fadia had claimed that his alert to a U.S. spy agency had prevented an attack by Pakistani hackers. However, he never divulged the name of the agency, citing security reasons. AIC and another Pakistani hacker group WFD defaced an Indian Government site, epfindia.gov.in, and “dedicated” it to Fadia in mock deference to his capabilities to hack or prevent hacking. AIC also said that it would be defacing the website of the Central Board of Excise and Customs (CBEC), www.cbec.gov.in, within two days and challenged Fadia to prevent the attack by patching the vulnerable website. AIC maintained that Fadia should stop calling himself a hacker, if it succeeded in hacking the CBEC website. AIC kept its promise and defaced the CBEC website after two days. At another defaced website (bhelhyd.co.in), AIC termed the claims of Indian media about Ankit Fadia as “Bullshit”.

So why is he famous?  There are various reasons.Firstly, masses are computer illiterate. They see computer security as some sort of dark magic wheres it is a systematic process, a science. Hence these people can be easily fooled by the FUD campaign that are done by the likes of Ankit Fadia. They instill fear and show some nice tricks that fool everyone into a false sense of vulnerability. While I would not be so naive as to suggest that Internet is very secure but many such ‘independent’ security experts make tall claims and demonstrate their attacks in a very controlled environment on a weakened security set up that just asks for a break in.

The other aspects that contribute to such fakes getting attention is obviously shoddy journalism. They print whatever might catch readers’ attention and a child prodigy in computers does that like nothing else in a ‘idol crazy’ nation of ours. Most journalists are either too lazy or do not have the necessary competence to evaluate his credentials.

As to why Reliance does a Ankit Fadia Ethical Hacking Course. The answer is simple. It sells. And it seems the certificate given by Reliance are not valid either. Read this http://lists.sarovar.org/pipermail/plus-discuss/2006-April/000288.html I am sure about the current status of the certificate.

And Ankit Fadia is neither the first nor the last of these fakes. Go to http://attrition.org/errata/charlatan.html for a larger list.

You may also read this email sent to FSF mailing list http://tutorial.web4all.in/archives/fsf-tn/2006-April/000293.html