Ethical hacking

[Sridhar]

Ethical hacking, the Ankit Fadia way

​

Pavan Vangipuram
First Published : 16 Nov 2009 08:15:29 AM IST

HYDERABAD: Cameras flashing, film rolling, Ankit Fadia sits unfazed by the lavish media attention showered upon him. He answers questions with a coy smile and modesty beyond his years. At 24, he has accomplished more than many have in their entire professional careers. He is the author of more than 14 books, runs his own consulting agency, and has emerged as an India’s cultural icon.
Governments, newspapers, television shows and book publishers all want his ear, yet he takes it in remarkable stride. Humbly, he shrugs. “I’m used to it.” A rising star on the computer security scene, Ankit Fadia likes to call himself an “ethical hacker”, a computer specialist allied with the Government and police forces.He has assisted Police Departments in several Indian states, as well as Singapore, Malaysia, and the Central Forensics Laboratory in New Delhi. His accolades include the Indo-American Society Young Achiever Award, the IT Leader Award, and the MTV Pepsi Youth Icon. His computer security training program, Ankit Fadia Certified Ethical Hacker (AFCEH) started in 2006, and has trained more than 10,000 computer specialists across India.“Well, I got my first computer at age 10, and like most kids I wanted to use it to play games,” he explains of his early years, “I developed an interest in hacking at around age 12. It was like a forbidden fruit, a grey area. Something you weren’t really supposed to be doing.” By age 13, Fadia began writing a website on computer security and started his own Internet forum.He recounts his first foray into the world of hacking. “My first hack was somewhat unethical. When I was 13 my favourite publication was CHIP Magazine, and I wanted to see what I could do, so I defaced their website. Instead of going to the main page, people who accessed CHIP India saw a large portrait of me.” “I spent the whole weekend terrified that I was about to be arrested. On Monday I emailed the webmaster saying I was sorry about what I did, and let them know how I did it, and how they could prevent such an attack in the future.” CHIP was so impressed that they offered Fadia a job on the spot, not knowing that he was only 13.He laughs. “They told me to wait five years, until I was 18, and then I could work for them.” By then, however, Fadia had already gone far beyond magazine journalism.At age 14 he authored his first book, The Unofficial Guide to Ethical Hacking, and from there his career flew.Today, Fadia juggles his time between independent consulting, authoring, and media appearances. He was recently awarded a television show on MTV India called “What the Hack”, where he and a colleague inform the audience of the various tools at his disposal. He is also at work on a spy thriller which he also plans to make into a movie.“If you’re not a criminal, if you’re not a terrorist, then you have nothing to worry about,” Fadia says, “I think that sort of monitoring is fine.” In the end, Fadia expresses an unremitting faith in technology to improve the lives of citizens.“Technology is definitely changing things for the better,” he says, “Now a farmer can look up crop prices online - he doesn’t have to walk 100 kilometres for them.”

​

Ethical hacking, the Ankit Fadia way

​

 

[Sridhar]

Crack the code

PRIYADARSHINI PAITANDYSHARE · PRINT · T+

STAY SECURE Ankit Fadia Photo : R. Ravindran
Unethical activities land one in trouble right? Wrong! Not if you are Ankit Fadia, India’s first and youngest ethical hacker. At the age of 13, he hacked the website of his favourite magazine CHIP and instead of being handed over to the cops, he was offered a job by the editor of the magazine.
“I was 13 then and I defaced the website and put up my photo on it. Later, I was worried about the consequences so I called up the editor and confessed to him. He took it well and offered me a job in his organisation. When I told him my age he said I could join them when I turn 18,” says Ankit.
It all started when he got a computer at the age of 10 and developed an interest in hacking and related issues. You can’t really penalise the boy if he is using his skill for a good cause. After the September 11 attacks, the U.S Government found some encrypted mails. The mails apparently had only pictures and no text accompanying them. “The pictures followed the steganography pattern where in photographs with embedded messages are used. I gave a few suggestions on decoding them. It was exciting as I was only 16 then. They usually never give any feedback as it is classified information but since I received a few projects even after that I feel I have been of use at some level,” smiles the 24-year-old.
Back home, he has also assisted Indian authorities when a Pakistani hacker group had defaced an Indian Government website. “I submitted a report for which I received threats,” he adds. In August 2008, Fadia was consulted by the Navi Mumbai Police Department to trace the terror email sent just before the Gujarat serial blasts. The baby-faced mastermind also feels that if there is another World War it will be through the Internet. “If a country’s network is attacked it won’t be able to function,” he adds.
Ankit is also an independent computer security and digital intelligence consultant. He conducts a course titled ‘Ankit Fadia Certified Ethical Hacker.’ But what if the students misuse what they learn through the programme? Smiling he explains, “We follow a lot of procedures and comply with the guidelines set by the Ministry of IT. And we don’t teach students the final two steps.”
Ankit has also made his television debut with ‘What The Hack?,’ aired every Saturday on MTV at 8.20 p.m. The show tells the viewers interesting things they can do with their computers and answers queries. Apart from this, Ankit is working on a dating show with a technology twist and a programme based on real and horrifying cyber crimes, a fiction novel and a movie script.
So which is the toughest database to crack? “Nothing is impossible. Even CID and FBI accounts are hacked once a month. But bank websites are difficult to crack simply because they have teams monitoring them 24/7.”


The Hindu : Life & Style / Youth : Crack the code


​

 

[RPK]

'Supply of ethical hackers in India short of demand'


THIRUVANANTHAPURAM: This has very much to do with the nation’s security, but not one that the political leadership is being pulled up for. As
hackers from across the border in Pakistan mount a cyber attack against the country’s websites, Indian hackers seem to be falling considerably short in firepower.

“In the ongoing cyber warfare between the two countries, roughly 40-50 Indian sites are being hacked on a daily basis by Pakistani hackers while about 10 Pakistani sites are being hit by their Indian counterparts”, says Ankit Fadia, Mumbai-based ethical hacker and an expert on cyber crime.

Mr Fadia is clear that breaking into foreign country’s websites does not fall within the realm of ethical hacking, but mentions how Pakistanis outdo Indians in hacking to underline India’s reactive, rather than proactive, approach to hacking issues.

He says the attitude of the corporate sector towards cyber security is almost as laid back as that of the government agencies, with the result that ethical hacking is still at a low key across the spectrum. Ethical hackers, who also go by names such as white hackers, white knights or sneakers, are computer security experts who specialise in penetration testing and related testing methodologies to check the vulnerability of a company’s information systems.

Nasscom surveys have pointed out that information security threats have created an “unprecedented demand for qualified and experienced information security professionals”, but Mr Fadia reckons that the supply of ethical hackers in the country is far short of the demand of corporates and government agencies.

“Ethical hacking does come with a cost, but it is not prohibitively expensive, either. But often, corporates appreciate the need only after a security breach happens”, Mr Fadia told ET.

According to him, social networking sites have become hackers’ favourite hunting grounds these days, marking a clear break from the e-mail route to passing on a virus.

Ethical hacking communities are operating in the country but Mr Fadia says a strong and serious community operation of ethical hackers is virtually absent in the country.

“When they pass out of engineering college, classmates may form a community of ethical hackers, but these fritter away, starting as a hobby and ending as one”, he says.

Industry players opine that structured courses could be one way to generate the required number of ethical hackers. The first generation of sneakers were self-taught. Mr Fadia says it may just be the right time for colleges to have formal courses in ethical hacking.

 

[RPK]

Pakistani hacking onslaught makes India a hapless prey

The saga is not new and starts from the partition of the erstwhile British India into two dominions, India and Pakistan. From the very beginning animosity of Pakistan to India has been explicit and from time to time it has been found to change and adopt new strategies with the sole intention – to dismantle the democratic fabric of India and also to balkanize it. However, it has faced reverses too that led to the breakaway by the then East Pakistan, now Bangladesh.

But its deep-rooted hatred to India is unabated and now it has brought to the fore a novel mode of onslaught and it’s hacking. As per hordes of latest reports, hackers from across the border in Pakistan are leaving no stone unturned to build up a determined cyber attack against the country’s websites. Nevertheless, Indian hackers appear to be falling a great deal short in firepower. What is most striking hardly any Indian political party is aware of this phenomenon!

This fact may send a shudder through the backbones of Indians. Reports state that in the region of 40-50 Indian sites are being hacked on a daily basis by Pakistani hackers while about 10 Pakistani sites are being hit by their Indian counterparts. What ails India then? Well, it’s the same reactive stances instead of proactive, the greatest stumbling block for more than last millennium.

There are other factors as well. Studies suggest how the slipshod attitudes of both corporate sector in addition to the government regarding cyber security impede any positive approach. Ethical hacking seems to prevail India still! Who are these ethical hackers? Well, ethical hackers are usually computer security experts who concentrate in penetration testing and related testing methodologies to test out the vulnerability of a company’s information systems.

Nasscom surveys have pointed out that information security threats have created an “unprecedented demand for qualified and experienced information security professionals” but India is yet to get smart to comprehend this crucial issue.

What should India do then? God knows!

 

[S.A.T.A]

There is more to ethical hacking than taking down lousy paki portals,hardly worth the time or effort.Moreover pakis have very little or no laws focusing on information security,which is one reason why Pakistanis/Pakistan is the preferred place to fence stolen digital information like credit card numbers.........

 

[RPK]

Indo-Pak cyber war claims 40-50 Indian sites daily news

India and Pakistan, not the friendliest of neighbours, have fought three major wars and are now engaged in another in cyberspace. As per latest reports, hackers from across the border are working overtime to launch cyber attacks on Indian websites in their cross hair.

Though the Indian side is known for its prowess in IT and related fields, it is becoming apparent that a dearth of firepower has left the Indian cyberspace particularly vulnerable to Pakistani attacks.

Reports indicate that around 40-50 sites are being hacked by Pakistani hackers on a daily basis whereas around 10 Pakistani sites are being hit by their Indian counterparts. According to analysts, one of the reasons India has been forced on the backfoot in this cyberwar is the reactive attitude it has chosen to adopt instead of being a proactive player.

There are other factors as well and studies suggest how the laidback attitude of both corporate sector and the government on cyber security has impeded a positive approach.

Cyber security expert Ankit Fadia was quoted inthe media as saying that the need to counter such attacks usually sets in after an attack happens. He adds that though ethical hacking is the answer to such attacks and does come at a cost, it is not prohibitively expensive.

Ethical hackers are also known by such names as white hackers, white knights or sneakers. They are computer security experts who specialise in penetration testing and related testing methodologies to check vulnerability of a company's information systems.

According to Nasscom surveys there exists an unprecedented demand for qualified and experienced information security professionals in the wake of increased information security threats, but Fadia says the supply of ethical hackers in the country falls much short of the demand for qualified information security professionals.

According to Fadia, social networking sites have become hackers' favourite hunting grounds these days marking a change in strategy from the e-mail route of passing a virus.

Fadia says ethical hacking communities have been operating in the country, however India does not have a strong and serious community of ethical hackers.

He says after passing out of engineering colleges classmates do form ethical hacking communities but these turn out to be short lived affairs not going beyond the level of a collective hobby.

According to industry sources, the shortfall could be made up by starting structured courses, though the first generation of ethical hackers was largely self-taught. Fadia says it may be time for colleges to introduce formal courses in ethical hacking.

 

[youngindian]

Why can't India have its own 'patriotic hackers'?

Sunday 11 Apr 2010

Revelations by Canadian investigators that a cyber spy ring based in China specifically targeted India's defence establishment are expected to set off a major cyber security overhaul by New Delhi.

Privileged information suggests the Indian government could seriously consider creating the position of a cyber security czar whose mandate would be to fundamentally overhaul cyber security and bring the currently fragmented networks under a clearly defined structure.

The overhaul will demand a whole new approach outside the bureaucratic confines considering that it necessarily requires tapping the cyber security community constituted by young professionals in their 20s and 30s. Since this community is used to working in a highly non-hierarchical environment with a great deal of personal freedom the government will have to use the office of the cyber security czar as its interface with the young professionals.

Although cyber security had already been coming under government focus for some time now, a 10-month-long investigation by the University of Toronto's Munk Centre for International Studies, Canadian security firm SecDev Group and US-based cyber sleuthing organisation Shadowserver Foundation has added extra urgency to the task. The investigators have issued a report titled "Shadows in the Cloud: An investigation into cyber espionage 2.0" which highlights how India's defence establishment was seriously penetrated by cyber attackers based in Chengdu, the capital of Sichuan province in southwest China.

The report exposes widespread penetration of computer systems at the National Security Council Secretariat (NSCS), which is part of the Prime Minister's Office, Indian diplomatic missions in Kabul, Moscow, Dubai and Abuja, Military Engineer Services, Military Educational Institutions, the Institute of Defence Studies and Analyses, the National Maritime Foundation and some corporations. It is hard to quantify the damage the information obtained by the hackers can cause, but it could be potentially significant.

The report has served to highlight serious flaws and vulnerabilities in India's official information networks. Those who know how the systems work point to a "lack of discipline" in even seemingly trivial details such as senior government officials in sensitive positions still using email addresses on Yahoo, Hotmail and Gmail. They say inasmuch as no email system can be made foolproof, these free accounts are even less so. Even the use of social networking sites such as Facebook and Twitter are known to be prone to systematic attacks.

Apart from the inherent interest in India's defence and other establishments because of its rise as a major power, there is also another reason why the country has emerged as an important target. Its position as home to large IT companies which are in turn repositories of vast global information also makes India particularly attractive to hackers. In a sense hacking India could lead to a great deal of diverse economic, financial, health and other forms of valuable intelligence.

One of the primary mandates of any future cyber security czar would be to create a multi-layered security system around its national assets in a manner that no single successful penetration would yield a treasure trove of information in one place. The cyber security czar could also be mandated to lay down standards and code of conduct for those in the government handling data of certain sensitive nature. Informed sources say the czar would report to the National Security Advisor and would often end up operating outside the traditional command and control structure of the Indian bureaucracy because of the kind of monitoring the office would be expected to do.

One specific approach that the Indian government might have to consider adopting relates to what in industry parlance are known as defensive and offensive hackers. While the former's job would be to ensure strong defences against all attacks, that of the latter would be to actively be part of hackers worldwide who perform the role of flooding malware or malicious software codes used to infiltrate large systems. Such participation is crucial to pre-empting attacks. It is in this context that the Canadian investigation makes an interesting point.

Under the section "Patriotic Hacking" the report says, "The PRC (People's Republic of China) has a vibrant hacker community that has been tied to targeted attacks in the past and has been linked through informal channels to elements of the Chinese state, although the nature and extent of the connections remain unclear. One common theme regarding attribution relating to attacks emerging from the PRC concerns variations of privateering model in which the state authorizes private persons to perform attacks against enemies of the state."

Unlike China, which has developed a sizable community of defensive as well as offensive hackers, India has not even begun to evolve a cohesive approach to what cyber security experts regard as a decisive aspect of the information technology-driven world. Since the government cannot officially or even unofficially recruit these hackers, it will have to find creative ways to utilize their services and create enough indirect protections in the event some of them run afoul of law-enforcement agencies which may not know about their existence.

This is clearly a grey area which many cyber security experts say is a necessary evil. It is conceivable that India may have to create its own version of "patriotic hackers" if it has to effectively thwart hacking attacks.

(Mayank Chhaya can be contacted at [email protected])

Copyright Indo Asian News

http://www.littleabout.com/news/90158,why-india-patriotic-hackers-comment.html

 

[A.V.]

who said that india dosent have patriotic hackers the problem is summed up below. its the lack of joint approach and support

Unlike China, which has developed a sizable community of defensive as well as offensive hackers, India has not even begun to evolve a cohesive approach to what cyber security experts regard as a decisive aspect of the information technology-driven world.

 

[Kingmaker]

I think certain acts are to be done secretly... information related to National security cant be disclosed as such by any elected government nor an official... Thats why even in our country no one really knows about the vision, hierarchy, budget allocations, etc of the intelligence agencies...

all we can do is just speculate.... hence instead of doubting our capabilities on such critical issues we need to take a pragmatic stance that all such important issues will be dealt with utmost sincerity by our government...

 

[Yusuf]

IT capital in the new world order and you think india is not hacking others? India will never confirm such things. However i do remember an army chief was it? I fail to recollect , who had said that the army has its own cyber cell for both offensive and defensive hacking and protection.

Also china being a closed society esp at the top level, you would not get any info on chinese systems being hacked. The chinese dont crib about. They go about their work learning from an attack.

 

[Agantrope]

India will maintain such things very secret. Believe there are scores of hackers of hackers are employed in the Army's Cyber Warfare wing. Does anyone knows that IA have cyber warfare? Most of them are operating from the asia pacific islands where there is no cyber crime laws. Leaking these things will hamper the good boy image of india in the world level. Another information, india never keeps it secret document available in the network as this is vulnerable to the attacks like this. Still many documents are in the papers.

GoI is not answerable for the spendings of the RAW to the parliament.

 

[anoop_mig25]

i think lack cyber security training schools plus those which are they are very expensive . hence India private industry is laking in it.none of Indian university has cyber security as its subject at under-graduate level or post-graduate level .and about GOI i cannot say about it,they may keep their cyber attacks on world secret as done by most of western countries

 

[biswas]

The most capable hackers are the ones that don't get caught. Chinese hackers seem to keep getting caught. I don't doubt that India has some sort of cyber warfare cell set up, probably a division of RAW or other intelligence agencies, only they are proficient enough to not leave a trail which incriminates India.

 

[Agantrope]

The most capable hackers are the ones that don't get caught. Chinese hackers seem to keep getting caught. I don't doubt that India has some sort of cyber warfare cell set up, probably a division of RAW or other intelligence agencies, only they are proficient enough to not leave a trail which incriminates India.

Exactly, law of land also plays an important role in that. A good hacker is a one like a silent assassin. He do the job, but will not leave an evidence. IA and RAW operates different Cyber warfare cells.

 

[Super Commando Dhruva]

The most capable hackers are the ones that don't get caught. Chinese hackers seem to keep getting caught.

China has potentially over 100,000 hackers for data theft and about 200,000 blogger to manipulate public opinion.

China's hackers get caught because Uncle Sam and Euro powers are sniffing them real hard. Also west is decades ahead of China in tech but they will soon catch up as China's cyber force is huge and China has one of the highest PhD's

I don't doubt that India has some sort of cyber warfare cell set up, probably a division of RAW or other intelligence agencies, only they are proficient enough to not leave a trail which incriminates India.

Affirmative, NTRO Under RAW

http://en.wikipedia.org/wiki/National_Technical_Facilities_Organisation

The organization develops technology capabilities in aviation and remote sensing, data gathering and processing, cyber security, cryptology systems, strategic hardware and software development and strategic monitoring.[5]

I believe there are more particularly under DIA that hasn't been disclosed yet.

 

[IBRIS]

India has very large network of hackers in it's inventory. I had a first hand encounter of Indian hackers during 26/11 attacks, when all of pakistani defence sites were hacked with Indian Flag all over them.

 

[biswas]

China has potentially over 100,000 hackers for data theft and about 200,000 blogger to manipulate public opinion.

China's hackers get caught because Uncle Sam and Euro powers are sniffing them real hard. Also west is decades ahead of China in tech but they will soon catch up as China's cyber force is huge and China has one of the highest PhD's

My statement still stands, a good hacker doesn't get caught.

 

[sandeepdg]

I too believe that there are numerous hackers in this country secretly working against our cyber opponents ! I also believe that our defense forces and intel agencies have this kind of capability but aren't interested in showing it to the world to maintain secrecy. And , I think that's the best thing thing to do, as these kinds of capabilities are best utilized in the covert mode !

 

[geeknix]

I found this on net so, sharing this with u guys

Hot Note: This article is posted by Kalpesh Sharma for Public Interest and National Interest, so that every concerned person can be aware and alert.

Directly, coming to point I am in touch with you for a matter which is the first part of the protest against Ankit Fadia. I am writing on this forum in current article about truths and facts behind Ankit Fadia who is a self claimed ethical hacker. He has hacked many of my national citizens, media, publishers, even many across the globe. I need your valuable support and co-operation in this matter, so that we can save the citizens of our nation and other nations also. Along with media peoples, publishers, government and non-government sectors as well as inform CBI, CIA and FBI that how this person is misusing every honorable names by false comparisons and attachments with them. And the biggest exclusive and breaking news is that world's biggest encyclopedia wikipedia's two indian administrators are behaving as if they are ankit fadia's relatives or near - dear ones. A very hot comment is going on between a wikipedia administrator and me on wikipedia articles mentioned on below pages where this reputed and notable ankit fadia is using a very bad language. This is evidence for us and all emails about his comments are saved in my inbox. These nominated indian administrators of wikipedia are also equally responsible for spoiling wikipedia reputation. Whereas I am trying to save the wikipedia and all others mentioned here in this matter.

Other then evidence that below links are referred to. I have some hard copies too which I recieved from various sources. These are also very important evidence against him. He has earned crores of rupees in last 7 - 8 years from these activities from indian citizens and threating the country peoples. He is not limited to India, instead hacked several national citizens across globe. Now he has started a course which runs in every reliance web world. I don't know whether it's tie-up with reliance or he is just using reliance services on a payment term. But he has started hacking courses also. Name of the course is AFCEH, as most of you know. So, in short similarly there are several 100's of points which all can be included together which proves that Ankit Fadia is an Ethical Hacker who is unethically hacking my nation's citizen ethics(you, me, everyone). One thing you remember that this will be the first time ever across globe any one is showing the real face behind ankit fadia. This is first part, kindly wait for my second part on the same forum.

He has spoiled prestigious names by falsely misguiding them. Some of them are:

1) Stanford University
2) President of India
3) Amazon
4) Wikipedia
5) Rediff.com
6) Similarly many other media agencies by giving them incorrect information that he is digital intelligence personnel.

In short, you are also part of public and I am trying to do something for you. So Kindly please follow as much as you can from the below links below and give your suggestion and opinion on them:

 

[plugwater]

India is no. 3 haven for hackers

KOLKATA: India may be poised to become a software superpower by 2020, but it has already emerged as one of the top three spawning grounds for Web-based attacks.

India at third slot, stood next to the US and Brazil in 2009, in terms of countries where such malicious attacks originated, according to Symantec's Internet Security Threat report. The Web security firm says India figured 13th on the list the previous year.

In terms of overall Web-based malicious activities, India already managed to hit the third slot during 2009, up six notches from 11 during 2008. Countries who outdid India were the US, China, Brazil and Germany.

Additionally, we were the third-highest spam generating country in the world, contributing about 4% to worldwide spam volumes. Spams are bogus mails targeted to extract sensitive information from PC users for wrongful financial gains.

In the Asia Pacific and Japan (APJ) region, India ranked first in terms of spamming and contributed 21% to the regional total. About 6% of the world spam zombies and 28% of the APJ regional spam zombies resided in India. Around 1% of the world phishing hosts and 7% of regional phishing were in India.

A zombie, in tech parlance is a computer wired to the Net that has been compromised by a hacker. Zombies are used extensively to send e-mail spams, referred to as spam zombies and most owners of such PCs are unaware that their systems are being used in such ways.

Phishing, on the other hand, is an identity theft in which spammers use an authentic-looking e-mail to trick recipients into providing personal information such as credit card numbers or social security numbers.

What's more, India ranked first in terms of worms and viruses and second for trojans and backdoors in the APJ region. A worm is a self-replicating malware computer program. It uses a computer network to send copies of itself to other computers on the network all by itself. Trojans and backdoors, on the other hand, are malware programs which keep sending sensitive information to hackers from the infected computers.

The country saw an average of 788 bots per day during 2009. Bots are malwares that turn computers into zombies and there were 62,623 distinct bot-infected computers observed in the country during 2009. Amongst the cities in India with the highest number of bot-infected computers, Mumbai figured at the top with 50% followed by Delhi at 13% and Hyderabad at 7%.

According to Symantec, majority of the malicious codes were propagated through file sharing and executable files. File transfer and common internet file system was the second-most preferred means while the rest was through remotely exploitable vulnerability. Other popular means included file transfer, email attachment, instant messengers, data-bases as well as backdoors.

http://economictimes.indiatimes.com...o-3-haven-for-hackers/articleshow/5857812.cms