Monday, January 15, 2007

The Ethical Hacker: Ankit Fadia

So would you call yourself an entrepreneur or hacker?

Hacker turned entrepreneur. Or, I would say, hacker turned author turned entrepreneur.

A large potion of criminal activity seems to be coming out of Eastern Europe and Asia. Do you think that the struggling economies of these countries turn them into breeding grounds for crackers?

I don’t think so. I think the quality of computer hackers or criminals is spread quite equally the world over. You have viruses coming out of pretty much every country. I wouldn’t really rate one country above another as far as the quality of criminals or quality of anti-criminals coming out of the country.

What made you go down the track of using your skills and knowledge to assist businesses rather than potentially going the other way and tearing them down?

I think that both hackers and crackers require pretty much the same knowledge, the same expertise, the same experience. The only difference lies in how they utilise the knowledge. I guess at that point in time I was too young to realise what I was doing. Fortunately for me, I chose the right path. And now I realise that if you use your computer security skills in a positive manner, you can end up making more money, making a better name for yourself, and will probably end surviving longer as well. Because, at the end of the day, if you choose to be a criminal, sooner or later you will get caught.

Given your position in the hacking community, do you feel that you’re obliged to use your status to point other young hackers in the right direction?

My books are being used as text books in computer security courses across South-East Asia. And I offer lectures, reading and exam material for students. That’s my way of giving back to society, or giving back to the hacker community.

I’ve also started a course in India. We’re using the latest e-learning techniques and people from across 110 different cities in India registered for the course simultaneously.

For a small or even medium sized business reading this publication, would there be one key tip that you would give them in terms of internet security, apart from unplugging their computer?

I think they should just install a basic firewall – there are a lot of freeware firewalls. Just download one and start using it. Patch your systems regularly. Run windows update regularly. Have a good anti-virus and update the virus definition files. And choose a good password!

What are the most devastating things cyber crackers have done to a business you’ve worked with?

The biggest problem or the most dangerous type of attack that I have seen is something known as a distributed DOS attack, or distributed denial of services attacks. They actually change the source IP address, or source computers, that are being used to send out the attack.
Say, for example, an attack initiates from Australia. So I lock out seven IP ranges in Australia, but very soon they moved the range, so then I have to block out Japan. Soon we end up blocking out two or three continents – completely. It means none of a client’s customers or employees can access their services. It can take us a couple of weeks to fix.

What kind of advice do you have for someone who is young, seen the allure of hacking and has probably even touched the dark side a little bit?

First of all, learn at least one programming language. Read as many networking books as possible, because at the end of the day, computer security is about nothing more than combining networking and programming. And learn Unix for sure. And learn how to think like a hacker. Learn how to think like a criminal; adopt a crooked mind, or a cracking attitude, so that every time you see a service or piece of software you need to think of ways in which you can break it. Only then can you become a good security expert.

Can you explain the real risk of cyber terrorism?

Cyber terrorism is indeed a big issue, but I have never really seen terrorism taking place purely on the internet. Most of the stuff that happens on the internet is more of something known as Hactivism – that is, hacking for a social or political cause. Take, for example, the India-Pakistan cyber war. They break into the opposition’s government’s websites and deface them by posting social or political messages. Its more of people who are trying to spread a political or social cause, create awareness, who like to deface popular websites. Most of the investigation I have done reveals some direct or indirect government involvement.

You’re 21 and travelling the world doing what you love. Do you sometimes have to pinch yourself to check that it’s real?

Ah, yes. There are times where I ask myself whether I can actually handle the various activities that I’m doing. But another day I just believe in my abilities and I am very passionate about what I do, and I really enjoy it. And I love travelling. I love exploring new business opportunities. I am always looking out for an opportunity to do something new, something better, something bigger.


Comment posted by Gaurav
at 1/18/2008 11:45:00 AM
i wanna contact can u call u or give u r contact no at my id ron_brawn@yahoo.com

No comments: