ON THE NIGHT OF 7 JANUARY 2012, hackers found a security loophole in Ankit Fadia’s website. Fadia, a self-proclaimed technological wunderkind who was then 26 years old, had published numerous books on cyber security, hosted a show on the subject on MTV India, and trained thousands in ethical hacking: probing computer networks for weaknesses, not to cause harm but to alert their administrators to vulnerabilities. The previous August, appearing on CNBC-TV18, he had issued an open challenge to hack into his website, promising anyone who did a full-time job.
The hackers broke into a directory containing passwords and other sensitive information. They emailed Fadia, threatening to go public with the data unless he admitted to being a fraud. After eight hours without a response, they uploaded a press release claiming credit for the attack, leaking Fadia’s information and identifying themselves as Team Grey Hat, or TGH. They were soon flooded with congratulatory emails and tweets from other hackers.
This June, I telephoned one of the founders of TGH, which, among other exploits, claims it temporarily brought down the email service Hotmail in 2011. Taking time out from his day job as a server administrator in Kolkata, he relived the incident and its aftermath. He rehearsed the accusation, now well accepted among technology experts, that Fadia is a phony—in 2012, Fadia was declared the Security Charlatan of the Year at DEF CON, a major annual convention of hackers, and the following year, Charles Assisi, a technology journalist, published a piece rubbishing his supposed credentials. But the TGH hacker, who did not want his name revealed, also claimed a previously unacknowledged motive for the 2012 hack: vengeance for an act that, perplexingly, might never have taken place.