---------- Forwarded message ---------- From: Prabhat Sandheliya prabhat.news@gmail.com Date: May 3, 2006 10:34 AM Subject: Fwd: Ankit Fadia -- my childhood hero! To: lug-indore@googlegroupes.com

Hey guys,

Her is the latest news in Ankit Fadia Case. I would Like you all to introduce Mahesh Aravind. He has written, such a wonderful and though provoking mail. Thanks man !

Prabhat.

Here is the original message by him : ------------------------------------------------------------------------------------------------------------------- From: Mahesh Aravind ra_mahesh@yahoo.com Date: May 2, 2006 4:38 PM Subject: Ankit Fadia -- my childhood hero! To: prabhat.news@gmail.com

Prabhat,

Yesterday (03-04-2006)I attended a seminar by a so-called "Hacking Guru" Ankit Fadia, at DAVV, Indore (MP) auditorium. I just want to share my feelings with you.

I read your mail (re: Ankit Fadia's fraudulent certificate), forwarded to ilug-cochin mailing list. It was excellent. Other than that, I can't find words to describe it. These were the "revelations" I had in the recent few years. I thought I was the only one who didn't accept Fadia as a "hacker", knocking him off discussions as just a wannabe kid backed by a loooot of media hype. Cracked Osama's message, huh?

I'm not a hacker, just a wannabe. I'm a laaazy wannabe that 3-4 years ago I set out myself and went to get a `Hacking Book', instead of D-I-Y learning. What caught my eye (due to then recent media hype) was _Unofficial Guide to Ethical Hacking_, written by India's "young(est) hacker whiz kid" -- Ankit Fadia.

I thought: Cool, this kid is only 16 (read: younger than me!) and he wrote a (I don't feel the same today) top-notch chapter on TCP/IP, a subject, whose core is still an uncrackable nut to many network professionals. Wow, *he* is something!

At this moment I like to explain that, I hadn't reached enlightenment (or sought "nirvana") and was still stuck with (how horrible those days) Windoze. Cracking windows security, musta been something of weight. Oh, manipulating the registry(!!!), woohoo! Can be a `real hacker' among my school mates..., yipee! And at those times, I hadn't realised that a real hacker just doesn't show off!

Months later, a lot(!) learned (from other "real" books), I stumbled upon [blacksun.box.sk] -- the so-called Black Sun Research Facility. Going through their archives, I was astonished to see that many articles were a copy of the chapters from the book, I paid Rs 385/- to buy. But then I was forced to think the other way: all these articles (or "philes") had some or other cracker `handle' as the author. Hey, how can these foreign (at then mostly Israeli) hackers get an Indian book's extract?

These "philes" were word-to-word match with the Fadia's book. Then I came to know the Fadia's (then) website [hackingtruths.box.sk] was hosted in the same domain. Bingo! This kid is a fraud! I shoulda known it when I saw non-English comments to some of the so-called virus(!!) asm source code fragments. Somewhere (I don't recall where), I also read that Fadia was thrown out of BSRF for copy-pasting their articles, and not attributing the relevant credit to their authors. I think, nowadays articles at BSRF bears Fadia's name as the author. Not sure, cause nowadays I don't like (or want) to go to script-kiddie sites.

The seminar topic was "Ethical Hacking", now I want to ask Mr Fadia, what is unethical about hacking ? Hacking is very positive word and there in no need to put "Ethical" before it. By the way his seminar topic should be "Ethical Cracking".

Quite right. I think we need conduct more campaigns to restore the `media defaced' image of the `sacred word'. And, I think there's also a course called CEH (Certified Ethical Hacker); which looks like an internationally acclaimed course [ www.gocertify.com/article/ceh.shtml]. What do you think of it? Please let me know.

If you really want to become a hacker, please read an article by a real hacker, Eric Steven Raymond (ESR). The man who changed the history by writing a paper "Cathedral and Bazaar".

This is what showed me the path, got me into "it"... and _our_ history revealed to me by ESR's Jaron File. I've read (tried to, at least) *all* his articles/essays. From _Halloween docs_ to _Sex Tips For Geeks_. I owe him much more than one!

The people who can not differentiate between hacking and cracking, should read an article by the GOD of hackers Richad M Stallman (RMS), the man who started GNU movement all by himself. The gcc (compiler), gdb (debugger), emacs (editor) are some of the most popular softwares in the world written by him.

I particularly like this -- RMS *IS* GOD! (Please check the spelling: RMS is Richard Matthew Stallman)

But these s/w could have been better captioned as GCC (compiler _suit_), GNU Emacs (Integrated <substitute-what-*ever*-you-want> environment). I for one breaths, eats and sleeps inside Emacs. This very mail was composed in it. Of late, I've been plotting to put `/usr/bin/emacs' as my shell in /etc/passwd!

The things Fadia demonstrated were ancient techniques used by crackers to break into some one's machine.

In the book too, mostly he gives us a list of common, default passwords and asks us to try our luck.

IP spoofing, SQL Injection, password cracking softwares, Trojan horse programs, these are the tools of cyber criminals. So I wonder what is the significance of the term "Ethical" here ??

Did he mention all this? I wonder from what site he learns all these "theories"?

One particular book I liked very much is _Stealing the Network: How to Own the Box_, by Syngress Publications. It describes real hacking/cracking techniques, in fictional stories, using `bare' hands and crazy, creative ideas. I'll say its a must-read for anyone into computer security career.

Any pointers for a freely-downloadable _The Cuckoo's Nest_?

The entire session was demonstration of third party utilities, and the saddest thing was no mention of the name of any author of any utility. He didn't care to give some credits to the utility developers. What a shame !!!

Great! What an attitude? Something like Micro$oft's `Embrace and Extend' policy: What yours is mine, and what mine is mine!

Second most annoying thing was that he calls himself a "hacker" and was using a Windows XP operating system ????

A Windoze hacker, huh? Windows is not even an operating system; its an Un-Operating System!

To quote _Unoffical Guide to Ethical Hacking_:

There is a common belief that Windows is very insecure, but then Red Hat too is not so great in the security sphere. There are nearly 50 known ways to get root on a Linux box. The reason why hackers have found so many more holes or bugs in Windows is due to the fact that it is the most widely used OS in the world and the largest number of hackers have a go at Windows Security.

The only thing that is in support if Linux is that fact that it is free and spreads the concept of open source and well, performance. However, while Linux's performance is better, I do not agree to what people say about the low Windows security. So, I think there is nothing wrong in using a Windows box for hacking.

What can you say to this? Some people *never* learn!

Any confirmation of him decrypting Osama's message = 0 (Hahahahahahahaha)

Does Osama use Windows?

I tried to read a few books by him, but to my wonder some part of his books are nothing but simple "copy and paste" material from well known sites for Windows registry editing.

Recently a book was released by him on _Email Hacking_. Not surprisingly, many of my friends' Yahoo! a/c started disappearing, some lost their mails, others got Mailer Daemon failures for mails that they never sent but bears their email id in the `From:' column, etc. Some even accused *me* for `hacking' their a/c's (honestly, I didn't, I never wanted to, and I don't know how to do it).

Any news like this in your locality? Maybe we can sue him for promoting and encouraging criminal activities.

Oh God ! this is the clear violation of intellectual property rights of the website. Please inform the webmaster. I have done it already.

You being a fan of RMS, please don't use the term <quote>intellectual property</quote>. There is no such thing! Do visit [www.gnu.org/words-to-avoid.html]. Thoughts and ideas can't be owned and copyrighted (or patented for the matter).

I was astonished by the course he came to promote here, "Ethical hacker certified by Ankit Fadia" !

"Ethical MESS-DOS(r) Hacker certified by Ankit Fadia". Sounds cool! I wonder what language does he work on? Microsoft Visual COBOL?

Unfortunately, question and answer round was cut from the seminar,

Or he will have to *answer* some of those. How can he, when he follows some of them step-by-step from various "underground" sites?

Anyways, I went to him at the end of the seminar, and asked if Windows is so vulnerable, can he suggest audience to use Linux rather than Windows. And the reply came was straight "NO". What a shame ???

Shame? Not for him, of course. Obviously, he finds "Linux" too hard for him to contain and operate, let alone "hack"!

The reason is same why Microsoft does not patch up it's OS. Plain economics. If you make system secure with Linux who is going to ask for people like Fadia, so called "security expert" ???

Or people who are MCSEs? (MCSE: Minesweeper Consultant and Solitaire Expert)

And for god sake, stop behaving like a child, now you are in college, so GROW UP !!!

Just out of curiosity, what course does he pursue?

Anyway, its good to know that *some* action is going out there to "shed light on" this incident. I fully appreciate it, and like you asked, I'll warn my friends about it. How can I cooperate?

First of all, I think I'll subscribe to your mailing list.

Best of Luck and Happy Hacking!

Regards,

Mahesh Aravind -----------------------------------------------------------------------------------------------

-- Prabhat Sandheliya --------------------------------------------------------------------- Promote Linux - Join mailing list : http://groups.google.com/group/lug-indore (Linux Users Group - Indore)