'I earned a lot at 13, it's a lot more at 24'
Initially it was the forbidden fruit that attracted me," says 24-year-old Ankit Fadia who wrote his first book on ethical hacking when he was 14, studying in Class IX at Delhi's DPS R K Puram. Till date he has authored 14 books on ethical hacking and the 15th one on how to hack into Windows Vista and Windows 7 is in the works.
For the record Ankit's first book The Unofficial Guide to Ethical Hacking has sold more than 7.5 million copies worldwide and is still counting.
In simple terms hacking is all about gaining unauthorised entry into someone's computer and either stealing confidential data or misusing the data for criminal activities," explains Ankit from inside MTV's Mumbai studio as he, in his new avatar, is co-hosting a 10-minute show What The Hack on the channel.
"Ethical hacking," says he, "is all about hacking for a good purpose". "It is about helping governments, intelligence agencies and corporates tackle espionage, crack on terrorist activities and prevent cyber criminals from misusing confidential data."
And in his 11-year career as a consultant Ethical Hacker he has helped intelligence agencies and police across the world -- including India's after 26/11 terror attacks and serial bomb blasts in Ahmedabad in July 2008 -- nail cyber crimes.
"I've traveled to almost 50 countries across the world because of the nature of my job," says Ankit. His ambition, though, is to travel to all the 195 countries in the world and he is sure he will do it one day.
Today Ankit travels in India and abroad for more than 20 days in a month. His data card, laptop and blackberry act as his office.
In an interview with Prasanna D Zore, Ankit talked about what attracted him to hacking, how he helps various government agencies crack cyber terrorism and what kind of career opportunities are available to ethical hackers.
What attracted you to ethical hacking and when did you start?
Initially it was the forbidden fruit that attracted me. I was always attracted to the power of being able to do things that most people could not or the power to access things that most people cannot. So I started hacking into a friend's computer or snooped on their emails for fun.
That's how my love for hacking began. People always say that the forbidden fruit is always sweet. The more somebody discourages you from doing a thing the more you feel like doing it. That's how it all began for me. Because of the success of my first book I realised that what was my hobby I could absolutely convert that into a profession as well.
How did you manage to write your first book at 13?
I got a computer at home when I was 10 and I got interested in computer hacking when I was 12. While I was learning the tricks of the trade I realised that in India there are no books or resources that can help one learn hacking. This kind of inspired me to write my first book on hacking when I was 14. The book sold 7.5 million copies and has got translated into 11 different languages. That was A one big milestone that kind of inspired me to turn my hobby into my profession.
Was it very difficult for you to write at such a young age?
It wasn't very difficult actually. I had started my own Web site where I wrote I was writing tutorials on different computer hacking techniques and the feedback was very positive. My readers asked me to write a book on the subject. Then I decided to convert my tutorials into a book by adding more information.
When I set to write a book I had not told any of my family or friends about it. When I finished it I called my mom and told her I have written a book on computer hacking. She thought I was playing a prank on her. Obviously, she believed me only when I showed her the manuscript.
What was McMillan's (the publisher fo his first book) first reaction when your mother told them that you wanted to publish a book?
My mom told them that my son has written a book on computer hacking and we want to get it published. The person on the line asked her if I was a professor in a college. My mom told them that I was in school. The editor then asked if I was a teacher in the school. And my mom was like he's studying in Class IX.
The editors Sumesh Sharma and Joseph Mathai then asked my mom to bring the manuscript and author to their office to talk about the matter. Later Sumesh told me that when he received a call from my mother he thought somebody was playing a prank and he did not believe us. He thought that nobody would show up.
I became the youngest author of a technical book in the history of McMillan's authors worldwide.
How did it feel after your first book was published?
I felt good but I was only a small kid then. So I didn't realise the consequences of failure or success.
Till now I've written 14 books dealing with different topics on ethical hacking. My next book will be on how to hack into Microsoft Windows Vista and Windows 7. The fact that these two operating systems (OSs) were touted as the most secure is not true at all. You can hack into Windows Vista and Windows 7 pretty easily.
'There is no protection to users who are on social networking sites'
What kind of threats are we looking at from social networking sites, SNSs?
The youth in India spend a lot of their time on SNSs like Orkut, Facebook, Twitter etc. What people don't realise is these SNSs come with their own set of breaches that can be real threats to your identity on the web.
Today the latest viruses are coming through SNSs. What happens is you get a message from your best friend and you trust it without thinking twice. And that message will be something like 'hey, are you there in this video?' You get curious about what is this video in which you have been caught. When you click on this link it takes you to You Tube where it plays on the screen and stops midway. It then asks you to download a flash plug in, which being a common occurrence, you click on it. But what gets installed on your computer is a virus.
What's the protection against such threats?
Only awareness. Until now the anti-virus companies have not upgraded their systems to give protection to users who are on SNSs.
Is What The Hack all about creating this awareness?
What The Hack is not about hacking, not about security. It's about cool stuff that you can do with your computers and Internet technologies. It's humorous and light-hearted but we also teach interesting things. It's neither too technical nor too basic.
Image: From left: MTV VJ Hose and Ankit Fadia
'I told the Mumbai police I am always available for training or any investigation'
At different points in my life I've worked with different police departments, the CBI and other intelligence agencies. At 15 I worked with the CBI on the India-Pakistan cyber terrorism war. Pakistani hackers were defacing Indian Web sites so I helped find out who these hackers were, what tools were they using and who were funding these guys by hacking into their e-mail accounts.
Immediately after that 9/11 happened in the US, and the US government got in touch with me via the CBI on steganography, a technology which allows text messages to be hidden in photographs.
More recently, after the 26/11 attacks in Mumbai the Navi Mumbai police, working with the Anti Terrorism Squad, contacted me as I live there. I was also involved in finding out who was trespassing on Ken Haywood's wi-fi account after the blasts in Ahmedabad in July 2008.
In 26/11, voice over Internet protocol (VOIP) was used for the first time against India for terror attacks. The problem was the data packets that run on this protocol are encoded which makes it difficult for investigating agencies to break it down, then reverse engineer it and recreate the communication. I worked on these two weeks after the attacks because I was called in only then.
What was this experience like?
Two things startled me: First I was shocked with the preparedness/training level of some of the police officials who were in the team. The second thing was that it was just shocking to be on the receiving end of a terror attack wherein the terrorists were very tech savvy. Terrorists today are ordinary people who live amongst us and live like you and I do.
What was your advice to Mumbai police? Did you convince them about the new face of terrorism and the tools required to handle tech savvy terrorists?
The problem is that there are a lot of egos involved. There is a power centre that you got to respect and you got to be very careful what you say to them. But I told them that I am always available for training or any investigation that happens. I run a one-month course called Ankit Fadia Certified Ethical Hacking Course, AFCEHC. This course is based on the guidelines enumerated by the Ministry of Information Technology. We train more than 15,000 people a year and many of them have been police officials in different parts of India.
'For ethical hackers in India salaries range between Rs 25,000 to Rs 35,000 per month'
What are the career opportunities that one can look at as an ethical hacker?
Every company, irrespective of what they do, need to have ethical hackers. The maximum demand for ethical hackers comes from financial institutions and banks. They are also high in demand from the IT companies, BPOs, KPOs and LPOs. Telecommunication companies also hire them. Hotels, aviation companies, retailers all of them need ethical hackers to prevent misuse of data as well as online credit card transactions.
Interestingly, most of these industries have been hiring ethical hackers in good numbers to protect their information systems and infrastructure.
As far as remuneration is concerned those who work full time are paid monthly salaries and those who work as consultants are paid on a per-day, per-hour basis. However, consultants make more money than employees as ethical hackers but then it also depends on your skills and value add.
The starting salaries range for ethical hackers in India is between Rs 25,000 to Rs 35,000 per month and outside of India US $ 50,000 to 90,000 per year.
Also, most companies don't advertise for ethical hackers because the word hacker still carries some stigma. Companies post advertisements for network engineers, system administrators or network specialists.
Lots and lots of my students write to me saying that they have been hired by big companies as such but what they actually do is work as ethical hackers.
What are the courses that you offer that can help people get jobs as cyber security professionals?
We have a one-month certified course called AFCEHC available at all Reliance World outlets that will cost you around Rs 6,999. We also have a one-year postgraduate diploma course on cyber security that is India's first government accredited/approved certified course with IMT Ghaziabad as my partner. The fee for this distance-learning course is Rs 37,000 per year.
Then there is the two-year master's degree course in cyber law and cyber security.
You have authored 14 books at 24, with the first one selling more than 7.5 million copies and you also act as a consultant. Can you tell us your net worth? How much do you earn in a year?
It was a lot when I was 13, it's a lot more at 24.