 |
"Most people view hacking as a cyber attack and one that deserves the severest of punishment where possible. However, 21-year old Ankit Fadia belongs to the rare breed of ethical hackers around, whose sole passion in life is to identify or pinpoint the gaping holes in website or online security that might otherwise be used to
penetrate a company's defences". - by Ankit Fadia |
For the heck of hacking
Ankit should know, as he was one of the early converts to computers who got into hacking purely for the `heck' of it when playing computer games became a lot more boring than sneaking into someone's database or server. He was only 11 years old when he was first seated in front of a PC and left to his own devices. Like any intrepid youngster he obediently started playing games, surfing the Internet
and chatting online for hours and yes, even days on end.
Then a year and a half later, sheer boredom set in and Ankit began cyber-roaming into other dark online underground areas, one of which was hacking. Untutored, untrained and unrestricted by his ever busy parents, Ankit took to hacking very naturally and learnt as he went along.
Yours ethically
The learning process itself was slow and tedious but with hardly any books to refer to or
rely on, Ankit found himself on the journey of self discovery, enough to want to make him into
an ethical hacker. An ethical hacker? Is there such a thing as an ethical hacker? Isn't this a contradiction in itself?
Ankit doesn't think so. Just as there are good spirits and bad spirits in the nether world, there
also exist ethical hackers and (unethical) hackers in the cyber realm. "The difference is that while a hacker hacks into a website just for kicks, an ethical hacker does it to test any potential vulnerability so that these potentially breached areas can be effectively plugged to prevent any unauthorised theft of vital information or any disruption to the company's online business," Ankit explains.
Writing his bestseller
His thirst for more knowledge led him to read up on how programming and networking function, but Ankit realised that there were hardly any books both online and offline that could slake his thirst for learning and sharing. So he did the next best thing - he decided to become a writer himself and write whatever he had learnt!
Naturally being too young to convince any traditional publisher of his ability to author a book, Ankit chose the online realm to publish his findings because really, age does not matter
when your information is exactly what the market wants. This enterprising youngster at the tender age of 14 was soon juggling his time between experimenting with programming,
hacking and creating his own website for educational purposes
(www.hackingmobilephones.com).
His efforts culminated in his first book The Unofficial Guide to Ethical Hacking which became an instant bestseller and a hacker's bible on a worldwide scale. Now at 21 he has
written a total of seven books on computer security and some 180,000 copies have been sold worldwide as well as been translated into Polish, Korean, Portuguese and Japanese.
What's more he has become a much sought-after seminar speaker, delivering inspiring talks in more than 700 seminars at 25 different countries!
Business ventures
This anti-hacking genius also co-founded his own security company in Malaysia called Kunal Ventures Sdn Bhd in 2005, which offers security solutions, consultancy services, training
and publishing on all things related to hacking and security, for the Asia Pacific region.
To inspire and train like-minded ethical hackers of the future, Ankit was also instrumental in starting security-related courses in colleges and universities across Asia such as with
the Singapore Management University, the Shanghai Jiao Tong University and as well as in his own motherland India. All his books have now been printed and are relied upon as
textbooks by these colleges and universities.
Dynamic self-learning
Has Ankit opted for any formal learning to complement his hacker trail educational journeys? Ankit still prefers the self-learning route where hacking is concerned even though he is currently doing a Bachelor's degree in Management Science and Engineering at Stanford University. He reckons he learns most and fastest from being on the job itself because
security is a very dynamic issue.
"Every week there are new loopholes, new viruses and new problems being discovered. So one cannot really update one's knowledge by merely browsing websites and reading news on the Internet. The best way to be updated is to actually work with the inner industry, to work on real plans, real computers that are facing the latest problems. Testing something from a `hands-on experience' is still the
best way to keep oneself abreast with the latest developments," he says. Hence his determination to remain self-taught and self-learned where hacking is concerned because only by keeping his fingers on the pulse of hacking and its underground activities can he authoritatively share with his `students and readers' his latest findings.
Intrigued by the forbidden
But what's the motivation to go for hacking? Ankit reckons that hacking intrigues him because of the `forbidden fruit' factor. "Forbidden fruit is always irresistible and hacking is clearly something that is forbidden by society. Hacking allows one to do something `illegal' and gives one direct access to files that one is not supposed to access - that's the thrill of it. It is what really gets you
excited and gives you the motivation to actually spend so many hours trying to break into the so-called secure computer!"
The road to hacker fame is not smooth of course. Ankit confesses that most times, people view him as nothing more than a criminal and a dangerous one at that. But once they
grasp the concept of an ethical hacker and that ethical hackers are actually the good guys that can be hired to try to break into your computer firm's network to test your system's `loopholes and pain points' as well as to suggests the right counter measures, they understand and begin to accept the ethical hacker's role.
For young Ankit, it was a challenge to convince others of his capabilities, but a project he worked on during the September 11 terrorist attack was a significant turning point. "The US
government had intercepted certain encrypted e-mails but they could not figure out what the messages really meant. The US government had heard about me and sought my help.
I helped to decrypt the e-mails and told them what the messages was all about and that proved a big breakthrough," he shares. That one unforgettable instance of him assisting the
government authorities sealed his credibility as an ethical hacker and catapulted his name into the annals of the hacker kingdom.
Knowledge management and security
What are his views are on knowledge management especially from the angle of a hacker? Ankit says that knowledge management involves intellectual property, that it is "the core of a
company, it is what really drives the company, what makes it so unique and makes it stand out from the competition. It is therefore vital for any company to securely protect its knowledge and its intellectual property.
"Employees in organisations possess the access to the knowledge and the intellectual property concerned, and unfortunately, they can be tempted to steal the intellectual property and sell it to any of the competitors. As more and more companies start depending on intellectual property for their company's success, IT security will be the biggest
challenge they are likely to face," Ankit predicts.
CEOs not serious enough
Are organisations taking cyber security seriously? Ankit doesn't think so. He opines that organisations are not taking enough precautions to protect themselves because the biggest problem lies with the CEO. "The CEO does not see the co-relation between spending on
computer security and increasing profits. He wants to increase profits but when his IT manager tells him he has to invest US$10,000 on a specific security software, he baulks at making such an investment.
"The CEO doesn't see the advantage of IT and how it can improve the profits of the company, so the CEO needs to be made aware and made fearful of the possible threats to his bottom line - only then will he end up investing in security," Ankit asserts.
He elaborates that worldwide awareness of cyber security is extremely poor because the common problem is that no one will take security seriously until something goes wrong. Only when that happens, will the CEO view security as very important and sometimes, that knowledge comes a little too late!
The CEO, he stresses, needs to invest money, effort and time to educate the employees to actually re-run the whole security system, to implement the latest security policy and one that involves buying the latest security software products. "This is because with security, nothing is 100% secured. A multi-tiered strategy needs to be strictly followed by all the different levels within the company
itself," he recommends.
Increasing awareness
So what should one do to raise the level of awareness? Ankit reckons information can be shared through seminars, educational programmes; case studies, books and magazine articles so that CEOs get to read real case studies or see things happening live during a workshop
or a seminar. Then and only then will they realise that something might go very wrong and it needs decisive action on their part. What about threats to organisations in Malaysia for instance? "The intellectual property issue is the main problem and it is the same in Malaysia or elsewhere. Employees work with intellectual property on a daily basis. They have access to the intellectual property and
they know the company extremely well. So they can be easily tempted by anyone to steal data and sell the company data. So bosses need to take precaution and be very careful of employees selling them out," Ankit advises.
He adds that losses from intellectual property thefts are hard to ascertain because companies do not want to reveal the figures since such information will impact negatively on its brand image. Incidentally, the FBI Intelligence Report states that a 1152% growth in hacking incidents were reported worldwide, beginning from a mere 21,756 incidences in 2000
to a whopping 250,675 cases in 2005 alone. Perpetrators included a lady living in a one-room apartment in Mumbai, India and an 11-year old Russian that succeeded in changing
the flight path of a NASA spaceship!
Ankit says that with globalisation, outsourcing and offshoring, so much intellectual property is being sent from anywhere in the world, so the biggest threats don't just lie with one's own employees but also the employees of the outsourcing companies. "This makes intellectual property harder to control as it can be sold to competitors or terrorist organisations
easily."
Home security
What about security in the home itself - with many youngsters getting onto the Internet, how does one ensure safety on the Internet? Ankit knows how well and easily children can be
led down the wrong path.
"Children now use computers at a very young age and it's great. Unfortunately, the Internet has an evil side to it. It is important for parents to educate their children and inform them about the good and bad of the Internet. For example, they should not communicate with strangers on the Internet because there are lots of chat rooms, message boards and
friendship websites that may contain anti-social elements, all targeted at youngsters.
"If you have a computer, keep it in a room where someone is always there, so the child can only assess the Internet when someone is around and for only a limited time," Ankit states.
Cyber-terrorism
And what's his view on cyber-terrorism itself? Ankit feels that there is little that the cyber-terrorist can actually achieve. "More damage is carried out by spreading the call or the social
messages. Implementing a firewall, patching the system and applying the right security policies can be initiated to block these acts. The Internet has no boundaries and each country has its own cyber laws, so that makes it even more difficult to catch criminals."
Management philosophies
As the owner of a company himself, what are his management philosophies like? Ankit says that he is an unconventional manager who doesn't really care about the qualifications or age of the people he takes on. "I don't care what their qualifications are and I have staff as young as 15 and as old as 45 working in my company. I'm trying to emulate the Google
environment by creating a stimulating and fun environment. The employees are recognised as knowledge workers and we have put in the right people with the right knowledge there.
"Hackers are jealous people and do not want to work with others. They prefer to work alone. So we have everyone who is young and jealous of each other and each wants to create a
name for himself. In this kind of environment, it is not easy to cultivate knowledge sharing even if they work for the same company and have the same goals. I get them to work together by talking to the employees to get them to be more engaged, more participative within in the company itself."
Remembered forever
So what are his plans for the future? Ankit says his passion for writing books will always continue. Already he has seven books to his `fame' and now has another five more books in
the pipe-line, all of which will be released sometime in early 2007! Upon his graduation from Stanford, he will focus fulltime on growing his company and his customer base. As for
Asia, he says he will definitely return to Asia because Asia is where he sees the growth coming and he just loves Asia.
And what does he do when he's not involved in hacking activities? Ankit puts travelling first on his lists of `loves'. Next is watching movies especially Bollywood movies, followed by music and reading.
He tops that off with his insatiable appetite for pizza and coke. And oh yes, his motto is to be remembered forever...considering his many achievements and accolades won so far
- IT Leader Award in 2005, Person of the Year in 2002, Limca Book of Records, Hall of Fame Award, Outstanding Young Achiever's Award, Silicon India Person of the Week, Embassy
State Award, Best Speaker Award (on four separate occasions) and Student of the Year 2002-2003 - at so tender an age, you can bet Ankit Fadia won't be so easily forgotten!
