RSA Conference | Ben Rothke: Security Reading Room : Tags : plagiarize

Ben Rothke: Security Reading Room

2 Posts tagged with the plagiarize tag

Fair use, plagiarism and the World’s No. 1 Hacker book

Posted by Ben Rothke Jun 14, 2010

O'Reilly Media is one of the premier technology publishing companies, who like all serious publishing houses have strong policies and guidelines regarding plagiarism. They also have a Missing Manuals series of books. The goal of the Missing Manual series, is to “produce sterling, beautifully written manuals for popular consumer software and hardware products”

So with license, perhaps this post should be titled How To Become The World’s No. 1 Hacker – The Missing Bibliography.

In my initial review of How To Become The Worlds No. 1 Hacker, I noted that the author plagiarized most of his sources.

Of the books 26 chapters, I used iThenticate plagiarism checker from iParadigms to check the 13 largest chapters. Many of the smaller chapters were 1-2 pages in length, and were not analyzed.

The following iThenticate screen shot speaks for itself. The report field is an overall similarity index for each submission. This index determines the percentage of similarity between a submission and information existing in the iThenticate databases selected as search targets.

So how much can an author legitimately copy under the fair use doctrine? As to the notion of fair use, the U.S. Copyright Office notes that the doctrine of fair use has developed through a substantial number of court decisions over the years and has been codified in section 107 of the copyright law.

Section 107 contains a list of the various purposes for which the reproduction of a particular work may be considered fair, such as criticism, comment, news reporting, teaching, scholarship, and research. Section 107 also sets out four factors to be considered in determining whether or not a particular use is fair, namely the:

1.       purpose and character of the use, including whether such use is of commercial nature or is for nonprofit educational purposes
2.       nature of the copyrighted work
3.       amount and substantiality of the portion used in relation to the copyrighted work as a whole
4.       effect of the use upon the potential market for, or value of, the copyrighted work

The distinction between fair use and infringement is not easily defined, and in fact, seems to almost defy definition. There is no specific number of words, lines, or notes that may safely be taken without permission. Anytime a specific number or percentage is used, that refers to general guidelines, not the copyright law.

But even before the plagiarized text begins in the book, there is misrepresentation of the truth. The following is a screen shot from page 24:

The author states that LIGATT is the official cyber security provider for the Phillps Arena, Atlanta Hawks basketball team, and Atlanta Thrashers hockey team. The firm also noted this in a October 2009 press release, which was then picked up as a news story by the Atlanta Business Chronicle and Sports Business Journal.

But no such deal ever took place. Tracy White, Chief Sales Officer and Senior VP of Sales and Marketing for Atlanta Spirit LLC, the parent company of the Atlanta Thrashers, stated that “LIGATT doesn’t provide (nor have they ever provided) services for the Hawks, Thrashers or Philips Arena.”

With that, the following are the sources copied in the book:

Chapter 2

Number of words	Source
1392	http://www.auditmypc.com/freescan/readingroom/port_scanning.asp
1109	http://securityfocus.com/archive/101/310004/2003-01-29/2003-02-04/0
1094	http://www.grc.com/oo/packetsniff.htm
823	http://www.cromwell-intl.com/security/monitoring.html
468	http://www.realexam.net/ciscoport-scans-ping-sweeps/394.html
312	http://www.itbuzz.co.cc/2008/11/developing-your-ethical/
193	http://www.valuesys.net/content/view/191/50/

Chapter 4

Number of words	Source
3219 (plus screen shots)	http://www.ibm.com/developerworks/library/s-crack/
2867	http://host14.ipowerweb.com/~hackerth/org/texts/hacking/howtobrute.php
1302	http://starbase.airweb.net/tech/hack-faq.html
892	http://sectools.org/crackers.html
327 (plus screen shots)	http://www.raymond.cc/blog/archives/2006/09/02/how-to-hack-into-a-windows-xp-computer-without-changing-password/

Chapter 5 – Single source makes up the entire chapter

Number of words	Source
1081	http://starbase.airweb.net/tech/hack-faq.html

Chapter 7

Number of words	Source
2658	http://www.securiteam.com/securityreviews/5OP0B006UQ.html
577	http://searchsecurity.techtarget.com/searchSecurity/downloads/WebappattacksLG.pdf
399	http://starbase.airweb.net/tech/hack-faq.html
367	http://www.e-secure-db.us/dscgi/ds.py/Get/File-8852/Writing_Buffer_Overflow_Exploits_-_a_Tutorial_for_Beginners.txt
223	http://arhiva.elitesecurity.org/t132220-Insecure-Programming
589	http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1048483_mem1,00.html

Chapter 8

Number of words	Source
2559 (includes screen shots)	http://www.squidoo.com/spyphone_flexispy
1239	http://www.securityfocus.com/infocus/1829
756	http://www.spyphoneguy.com/page/4/
666	http://www.spectorsoft.co.uk/products/index.html?UK=true
500	http://www.keyloggers2010.com/index.html

Chapter 9

Number of words	Source
2195	http://www.nmrc.org/pub/faq/hackfaq/hackfaq-08.html
1750 (includes 29 screen shots)	http://www.ethicalhacker.net/content/view/106/24/
942 (includes 20 screen shots)	http://www.dedoimedo.com/computers/backtrack.html

Chapter 10 – Single source makes up the entire chapter

Number of words	Source
2940	http://starbase.airweb.net/tech/hack-faq.html

Chapter 11

Number of words	Source
1967	http://docs.athenawebsecurity.com/ceh_athena/CEH.pdf
1870	http://starbase.airweb.net/tech/hack-faq.html

Chapter 12

Number of words	Source
5894	http://www.informit.com/articles/article.aspx?p=472323&seqNum=5
59	http://www.nmrc.org/pub/faq/hackfaq/hackfaq-19.html

Much of the last half of the book is single chapter cut and paste, in which a single large source makes up the entire text of chapters 13, 14, 15, 18, 19, 20, and 21.

Chapter 13

Number of words	Source
696	http://www.nmrc.org/pub/faq/hackfaq/hackfaq-27.html

Chapter 14

Number of words	Source
1488	http://www.nmrc.org/pub/faq/hackfaq/hackfaq-28.html

Chapter 15

Number of words	Source
677	http://www.nmrc.org/pub/faq/hackfaq/hackfaq-29.html

Chapter 18

Number of words	Source
2962	http://ethicalhacking.org.ua/8794final/lib0063.html

Chapter 19

Number of words	Source
2025	http://hacker-dox.net/Que-Certified.Ethical.Hacker.E/0789735318/ch07lev1sec4.html http://docs.athenawebsecurity.com/ceh_athena/CEH.pdf

Chapter 20

Number of words	Source
3593	http://docs.athenawebsecurity.com/ceh_athena/CEH.pdf

Chapter 21

Number of words	Source
4106	http://www.cnhacker.com/bbs/read.php?tid=161454&fpage=8

Chapter 23

Number of pages	Source
6	Scanned article directly from http://hakin9.org/magazine/995-hardware-keylogger-a-serious-threat

Ben Rothke, CISSP is the author of Computer Security: 20 Things Every Employee Should Know, and now knows more about section 107 of the copyright law than he would like to admit.

8125 Views 0 Comments 5 References Permalink Tags: rothke, gregory_evans, 0982609108, 978-0982609101, plagiarize, ligatt, ithenticate, plagiarism, how_, to_become_the_worlds_no._1_hacker, cyber_, crime_media, fair_use, phillps_arena, atlanta_hawks, atlanta_thrashers, section_107

How To Become The Worlds No. 1 Hacker

Posted by Ben Rothke Jun 10, 2010

[For an update to this issue and a comprehensive list of the plagiarized text, see Fair use, plagiarism and the World’s No. 1 Hacker book]

When I first saw the title of How To Become The Worlds No. 1 Hacker by Gregory Evans, it reminded me a pitch I get from people trying to hawk Amway. But just as there is a limit to the amount of people who can buy and sell soap, there can only be a single #1 hacker in the world. With that, let’s hope no one buys this book, so Neo can keep his title.

The book does get your attention with its audacious title. But a more appropriate title, albeit less flashy, would be The Not So Refined Art of Cut and Paste.

Using Princeton University’s definition of plagiarize of “take without referencing from someone else’s writing”, the book is a poster child for plagiarism. This is somewhat ironic in that the book has a disclaimer of “All rights reserved. No part of this book may be used or reproduced in any manner whatsoever without written permission except in the case of brief quotations embodied in critical articles and reviews”.

This is a 342 page book, of which the first 25 pages are somewhat self-serving with an extended biography of the author, and dated letters of praise from former clients.

In short, this is merely a work of cut and paste. In the parts of the book where the author attempts to write original text, it’s ripe with various errors. I could list many such errors, but why bother. In fact, the errors start in the preface, where the author calls GLBA the “Gramm-Leach-Billey Act”.

On page 5, the author states “first before you start any hack, security audit or any other computer security testing you must have all the write tools in place”. Ironic that he meant to use the word right.

On the next page, he recursively writes about Wireshark when he says it was “originally named Wireshark, in May 2006 the project was renamed Wireshark due to trademark issues”. It was actually originally named Ethereal. But this is just one of many spelling, grammar, and factual errors in the book. If nothing else, this book screams out for editorial review. But it was self-published, with seemingly no oversight.

But the real offense is the author’s blatant use of unattributed sources. I am not talking about a paragraph here or there, it is about wholesale plagiarism, often taking the form of an entire chapter.

Here are a few of the many examples of where the author copies extensively without attribution:

Page/Section	Source
Page 16: section 2.3 - port scanning?.	Over 1,700 words taken verbatim from http://www.auditmypc.com/port-scanning.asp
Page 22 – section 2.5 – packet sniffing	Over 260 words from http://www.grc.com/oo/packetsniff.htm
Page 25 – section 2.8 - wireless LAN/WAN monitoring	Over 300 words from http://www.cromwell-intl.com/security/monitoring.html. The book states “also see the COMSEC section of another page of mine for details on how GSM encryption can be broken”. But “another page of mine” refers to Bob Cromwell, the site’s author.
Page 29 – section 3.1 - What are Accounts?	over 400 words directly from http://www.nmrc.org/pub/faq/hackfaq/hackfaq-03.html
Page 31 – section 4.0 - What are Some password basics?	Over 1,600 words http://www.nmrc.org/pub/faq/hackfaq/hackfaq-04.html
Page 61 – section 7.1 - Buffer overflows	Direct copy of the entire 589 word article Buffer-overflow attacks: How do they work? by Brien Posey
Page 65 - section 7.2 - How do I write a buffer overflow?	Copy of the entire 3,100 word article Writing Buffer Overflow Exploits.

My approach until page 70 was to check the text against a Google search. The results were immediate, apparent and undeniable: this book is a systematic cut and paste effort.

Wanting a more sophisticated approach, I used the iThenticate plagiarism checker from iParadigms. The iThenticate scan of the book confirmed what was obvious. In fact, some sections averaged as high as a 95% plagiarism rate, with one chapter coming in at 100%.

While there is no hard and fast definition of where fair use ends and plagiarism begins, Bob Creutz, General Manager at iParadigms told me that “if I had to offer an average, I would say a 10% or greater similarity index warrants editorial scrutiny.”

Plagiarism.org notes that it comes down to the amount you've used. The more you've borrowed, the less likely it is to be considered fair use. What percentage of your work is borrowed material? What percentage of the original did you use? The lower the better.

iThenticate is a powerful and fascinating tool, as it shows exactly what web sites the author copied from. It identified the biggest plagiarized section, namely the 5,354 words, which is the entire chapter 12. The author never mentions that he copied it verbatim from the Hacker’s Center Security Portal.

Even when plagiarizing, most authors will attempt to cover their tracks somewhat by making even trivial changes to the text; Evans never does that. In the areas the original text has hyperlinks, he neglects to modify his text, in which the paragraph ends on a loose end, confusing the reader.

The author scoured the web and copied information from hundreds of web sites. And therein is the problem of such plagiarism; the output, in which the author calls a book, is a confused assortment of ideas, lacking a coherent stream of thought.

The books failure is not that it is plagiarized; even if the author would have attributed his myriad sources, the book still would have been equally incoherent. This so called step by step guide is simply a disjointed set of topics, slurred together.

For anyone who wants to learn the art of hacking, this book will only serve to give them a lukewarm taste at best, while confusing them the entire time. Used copies of first edition of Hacking Exposed are available for 1 cent plus shipping in the used book section on Amazon.com. Even though it is a decade old, it will serve you much better than this title. As to How To Become The Worlds No. 1 Hacker, it’s an epic fail of a book.

8605 Views 1 Comments 1 References Permalink Tags: rothke, hacking, hacker, how_to_become_the_worlds_no._1_hacker, gregory_evans, cyber_crime_media, 0982609108, 978-0982609101, plagiarize, iparadigms, amway, ligatt, ithenticate, plagiarism

Ben Rothke, CISSP, CISA is an Information Security Manager with Wyndham Worldwide. He is the author of "Computer Security - 20 Things Every Employee Should Know" and writes book reviews for Slashdot and Security Management magazine.

View Ben Rothke's profile