ON THE NIGHT OF 7 JANUARY 2012, hackers found a security loophole in Ankit Fadia’s website. Fadia, a self-proclaimed technological wunderkind who was then 26 years old, had published numerous books on cyber security, hosted a show on the subject on MTV India, and trained thousands in ethical hacking: probing computer networks for weaknesses, not to cause harm but to alert their administrators to vulnerabilities. The previous August, appearing on CNBC-TV18, he had issued an open challenge to hack into his website, promising anyone who did a full-time job.
The hackers broke into a directory containing passwords and other sensitive information. They emailed Fadia, threatening to go public with the data unless he admitted to being a fraud. After eight hours without a response, they uploaded a press release claiming credit for the attack, leaking Fadia’s information and identifying themselves as Team Grey Hat, or TGH. They were soon flooded with congratulatory emails and tweets from other hackers.
This June, I telephoned one of the founders of TGH, which, among other exploits, claims it temporarily brought down the email service Hotmail in 2011. Taking time out from his day job as a server administrator in Kolkata, he relived the incident and its aftermath. He rehearsed the accusation, now well accepted among technology experts, that Fadia is a phony—in 2012, Fadia was declared the Security Charlatan of the Year at DEF CON, a major annual convention of hackers, and the following year, Charles Assisi, a technology journalist, published a piece rubbishing his supposed credentials. But the TGH hacker, who did not want his name revealed, also claimed a previously unacknowledged motive for the 2012 hack: vengeance for an act that, perplexingly, might never have taken place.
By his own telling, Fadia took up hacking aged just 12, and released his first book when he was 15. He then hit the lecture circuit, while continuing to publish. By the time of Assisi’s piece in 2013, he asserted, without substantiation, that his books had sold a staggering 25 million copies worldwide. Earlier, Fadia had boasted, again without proof, of helping American intelligence agents decrypt communications from al-Qaeda. In an interview in 2002, he also claimed that, in 1998, he had hacked into and defaced the homepage of the Indian edition of the technology magazine Chip. “The editor even offered me a job as a system administrator then,” he said. “But once he found out how young I was he retracted his offer!”
Assisi, Chip’s India editor between 2002 and 2005, dismissed this story in his exposé, stating that neither he nor his predecessor or successor remembered any such thing. The TGH hacker, however, insisted when we spoke that the Chip attack did take place, and that Fadia betrayed several other hackers to execute it.
In 2002, the hacker said, he and a group of like-minded enthusiasts were discovering and sharing security flaws in websites, but without publicising them. Around this time, he claimed, he met Fadia online and brought him into the loose collective. One day, a Punjabi hacker pointed out a way to crack the Chip website. Without telling or crediting the group, the TGH hacker said, Fadia did just that.
After that, I was told, Fadia started ignoring the hacker’s messages and calls. As Fadia’s star rose, many hackers started noticing plagiarised code and text in his books, and marked him out as a con artist. In 2010, three members of the earlier group formed TGH, which they declared to be neither ethical nor malicious—neither “white-hat” nor “black-hat,” in hacker lingo—but, as the hacker told me, “good at times, and bad at times.” Around the end of 2011, putting aside Fadia’s alleged earlier slight, the hacker reached out to him for help in finding a TGH member a job. Fadia challenged the jobseeker to hack into his site. TGH, miffed and reminded of the betrayal, mobilised to unmask him.
Last month, I emailed Gourav Jaswal, who was the India editor of Chip in 1998, when Fadia claims to have perpetrated his hack. “I have no recollection of this event,” he wrote, “and it is highly unlikely that it happened.” But, he admitted, “It is possible that it happened in some less dramatic way than has been subsequently portrayed.” When I challenged the TGH hacker with Jaswal’s reaction, he claimed that “Ankit’s hack did not happen in 1998, it happened far after that,” and insisted that Fadia had exploited ideas from the Punjabi hacker. I tried numerous times to contact Fadia, but he never replied.
Despite repeatedly being denounced as a sham, Fadia still claims on his website that he is “widely recognized as a computer security expert.” He continues to offer courses on ethical hacking, and asserts that he has “trained more than 20,000 people in India and China.” The TGH hacker wasn’t planning further action, and was content with having robbed Fadia of a good part of his luster. “I wouldn’t attack his site again,” he said. “Let him be at peace.”