Laura Colantoni of Syngress posted the following statement, regarding the recent discovery that a large portion of Dissecting the Hack: The F0rb1dd3n Network is plagiarized.  My commentary follows the statement:

The team at Syngress recently found out through our Twitter feed that Dissecting the Hack might have plagiarized material. The twitter feeds led us here where Wesley listed at least 125 instances of plagiarism—mostly from Wikipedia.

After talking to all involved we have determined the following:
•The book’s technical editor is the source of this plagiarism. He greatly overstepped his role.
•He did, in fact, plagiarize despite signing an agreement that explained his role was to fact check and prevent plagiarism.
•The book’s authors, Jayson Street and Kent Nabors were not involved.

As soon as we learned about this issue, we ‘froze’ the status of the books. On Monday, October 19th we made the decision to destroy all remaining titles.

We’ve learned a lot of interesting lessons in the past few days. I suspect the most important is the value of a new anti-plagiarism software program. If you have suggestions on really good ones please feel free to send them my way. But equally important has been the goodwill and generosity of so many people in this community. Our editor and the book’s authors are already working on a plan to move forward due in no small part by experts in the community who have agreed to help us replace all of the plagiarized material with new content. The previous technical editor will in no way be involved with this new project— or with any future Syngress projects. We will hire a new technical editor to review the content.

Our plan is to publish a revised edition with this new content. We’re also working on placing all the new content on completely open websites so that anyone who did have a copy of the book can get electronic access—anyone who heard about the book and wants to check it out can do a quick preview before purchasing.

I’ve talked to several experts in the field who shared good suggestions on how to ensure we deal fairly with our customers. We’ve taken the last couple days to check them all out and to try to balance them with some of the realities of doing business with global sales channels and a variety of contractual obligations. Then we took a deep breath and decided to follow the old K.I.S.S. rule. To keep it simple, we’ll accept back ‘old’ books from current customers and replace them with the new version as soon as it publishes. And we’ll also do multiple postings of the new material and keep it open to all for the life of the title. We post this information in a variety of sources and take out an ad or two in info sec publications. We’ll always have latest up-dates on syngress.com and on dissectingthehack.com.

Although I realize it’s my job to say this, I honestly believe this is a great book and can’t wait to get the REAL version in my hands and yours.

My take on this:

Syngress has done an excellent job of supporting the project and the authors of the book in this case, something that I am glad that they have done.  Unfortunately, this seems to have taken a higher priority than addressing the customers and readers.  One only has to look at the wording of this statement to see that this is more about the authors and the experts in the community (people who have a direct impact on Syngress’ reputation), than the customers who have paid their own money for a book that they had no way of knowing was a fraud.

While I approve of them continuing the project, reconstructing the STAR section of the book with actual content, I feel that it is dishonest to drag customers, who have already purchased the book, along for an indeterminate amount of time while this is completed.  The money that these customers have spent on the book was with the expectation that they were getting a complete book then.  If a customer is willing to wait and exchange it, then that’s great and I imagine most customers will opt into that, but it’s simply wrong to hold that customer’s money hostage with the promise of future content without their consent.  To put it simply:

Existing owners of this book have every right to request and receive a refund for it, if they want one, as they acquired it under the false pretense that it is an honest work.

This is something that I insisted upon in my private communications with Syngress, however they have chosen to ignore it in this statement.  This is not the “K.I.S.S. principle” at work, as Laura puts it.  The situation became miles beyond “simple” the moment the book was published.  This is about Syngress keeping the money that they have already made from customers for a book that consists mostly of others’ (not just Wikipedia’s) copyrighted content.

This is unfortunate, because otherwise they are taking a great stance with it.  They’re honest about the problem, and where the blame should be placed. I’m actually looking forward to the new edition of the book.  Syngress has gone a long way to make this right to its readers, and I hope that they decide to take the above into consideration and take the final steps that are necessary to really make it right.

Edit:

Just to clarify: my beef right now is solely with the publisher’s handling.  The project to create a legitimate STAR section is alright in my book.  I have signed up on their new social networking site for the project and posted the following, offering my help.  Jayson thought it would be nice for me to reproduce it here, so here you go:

While I have been the one to stir up a lot of the dust around this project recently, I do want you to know I like it. I like the idea of hacker fiction. I like the idea of Syngress becoming a more mature publisher (even though it sucks that this project had to be the tipping point). Most of all, I like the people who are a part of the project and that are becoming part of the community.

I have said this to Jayson and others on varying levels of public/private channels, but to make it clear: I am willing to help out and contribute to creating a new STAR section in any way that I can. I can write, I can edit. If someone else wants an interview for a topic that I’m competent on, I am happy to sit down with them on IM, Skype, phone. If you don’t want that, I can review a pre-print copy. And finally, failing all that, I’ll give the final published copy a serious review on my site (though I won’t be doing that if I am asked to participate: conflict of interest).

I do want to see it succeed. Anyone else here who’s willing to throw in a sword or axe, chime in.

If you are an infosec geek and want to contribute to their project, show support for it, or just want to see it in the making, then you should go and check it out.

 

Jayson called me regarding this post, and I promised to let him tell his side of the story, right here, at the top of the post, so here it is:

I am more stunned than anyone on finding this out. When Kent and I finally got the book deal from Syngress we were overjoyed and immediately felt the pressure of completing the book by our deadline. We had been so involved in getting the first part completed that we turned to Dustin L. Fritz to step in to write the 2nd part.

Dustin served as the Technical Editor and we were assured that he would be able to complete the 2nd part in time to meet the deadline. I trusted the material that Dustin delivered was either original or properly sourced. As people heard me say before this discovery, I gave proper credit to Dustin for the 2nd part.

I do feel betrayed that someone I trusted appears to have taken short cuts and not delivered original material. The Information Security community is about trust and I apologize to those who should feel betrayed. This is not trying to lay blame this is trying to get the full story out there. This book has my name on it so therefore the ultimate blame is with me.

I want to also apologize to Syngress, Rachel, and Angelina who were behind me 100% for this project. I will personally work to correct any plagiarism or copyright issues in this work.

Edit: Co-author Kent Nabors posted his response in the comments below (where the discussion is going very well), and I have made a couple of small edits to the post to more accurately reflect the fraction of the book made up by the STAR section (from all but 170, to all but 125).

Edit: Dustin L. Fritz (of The CND Group) has left the following comment regarding plagiarism in this book:

This was an honest mistake and I sincerely apologize for any miscommunication. I hope that the correct and proper citations can be added soon and that all questions regarding copyright and plagiarism issues can be resolved. I hope the book can still be enjoyed as a valuable contribution to the information security community and I hope it will go on to fulfill its objective in reaching anyone who desires to learn more about hacking and security. I want to specifically apologize to Jayson, Kent, Syngress, Rachel, Angelina, all the readers, reviewers, and others who have taken offense. I want to fix this and I sincerely appreciate everyone’s positive support!

I appreciate Dustin’s comment, however (as we discussed at length on the phone this morning) I disagree partially with it being an honest mistake.  When one has demonstrated in other parts of the same book, and at presentations at venues such as DojoSec, that he or she is capable of quoting and citing things properly, and knows that permission should be asked before reproducing material, it’s no accident when large sections of text are lifted from non-attributed sources and presented as the authors’ work.  The argument was made that the work was never put forth as the authors’ words, but the below information and anyone with a copy of the book can verify that this is not the case.

My original post continues from this point.

I am posting this as an amendment to my review of Jayson Street and Kent Nabor’s Dissecting the Hack: The F0rb1dd3n Network. It turns out that a large portion of the book being presented as the author’s original work (almost the entirety of the STAR section, which is all but 125 of the book’s 400) is actually plagiarized from various online sources (primarily Wikipedia).  Not much in information security angers me, but it does anger me when authors attempt to present others’ work as their own, misleading their readers and reviewers (many of which have given very positive reviews to this book).

While I was in the process of reading and reviewing Dissecting the Hack: The F0rb1dd3n Network, I promised Jayson that I would provide notes that I had taken in the process of reviewing the book.  A few days ago I posted that review, and today I reviewed my notes and edited them to be more readable than they were for his benefit.

In the process of editing those notes, I reviewed each of the problems they addressed, including where I had stated that many quoted materials were not attributed to any source.  I had also noticed normally formatted, apparently author-written text that was actually an excerpt from a Wikipedia article in one place.  At the time and in my notes, I figured that it was likely a typesetting error.

Unfortunately, this evening, I found out that this is not the case.

After reviewing my notes, I noticed other strange wording in the STAR section, which comprises all but 125 of the book’s 400 pages.  I chose some excerpts at random, and Google’d what should have been unique phrases from them.  In most cases I was given results on Wikipedia, where the text of the entry matched the text of the book exactly.  This worried me greatly.

For several hours this evening, I have gone through STAR, section by section, locating the sources of plagiarized material.  The majority of the text presented as the word of the authors’ (normal typesetting, not quoted or attributed) is directly ripped off from a number of online sources, primarily Wikipedia.  For the most part, only the sections that directly reference the characters in the story portion of the book can be trusted.

I kept notes this evening, and I have created the table below, which documents 55 instances in The F0rb1dd3n Network where the contents are directly taken from Wikipedia and other online sources.  Most of these are quite blatant, taking exact sentences and paragraphs from Wikipedia articles and using those to form the entirety of the book’s explanation of the topic.  In most cases, all that is added are references to screenshots, and small wording and paragraph break changes.

Before I found so many examples, I thought that this might be a product of my own academic background holding this non-academic text to too high of a standard, but the massive scale of it constitutes plagiarism by any rational definition, and specifically violates Wikipedia’s copyright rules, among others’ rights.  It is an insult to those that have taken the time to review it, and to those who have paid for the book under the assumption that it is an original work.  I find it hard to believe that the authors did not feel that this was wrong, and can only assume that the editors were unaware.

The following table lists page numbers, the topic being discussed, a URL of the original material, and a “length” which roughly describes how much material is lifted.  In this field, “Entire description” indicates that the entirety of the discussion of the topic in the book is taken directly from the source URL.  Other descriptions attempt to explain how much material was “lifted”, though it’s inexact, as paragraph breaks are changed from the source to the book.  In some cases, I had to go back to previous revisions of Wikipedia articles to determine what was copied, and so the revision I list may or may not be the exact revision the author used.

If you have a copy of this book that you bought or received for review, I encourage you to take a look at these pages and source URLs to see what I’m talking about:

page topic original source length
135 OSI Model http://en.wikipedia.org/wiki/OSI_model 2 paragraphs and a table
141 Maltego Old description from paterva.com 1 sentence
146 DNSPREDICT Many sources (likely original tool site) Entire description
149 Kismet http://en.wikipedia.org/wiki/Kismet_(software) Entire description
151 Netstumbler http://en.wikipedia.org/wiki/NetStumbler Entire description
153 SuperScan http://en.wikipedia.org/wiki/Superscan Entire description
154 Nmap http://en.wikipedia.org/wiki/Nmap Entire description
155 Paratrace http://linux.die.net/man/1/paratrace Entire description
156 Scanrand http://linux.die.net/man/1/scanrand Entire description
157 Amap http://freeworld.thc.org/thc-amap/ Entire description (short)
161 Plug-in http://en.wikipedia.org/wiki/Plug-in_(computing) Paragraph description
164 Vulnerability Scanner http://en.wikipedia.org/wiki/Vulnerability_scanner Entire description
164 IBM Internet Security Systems http://en.wikipedia.org/wiki/IBM_Internet_Security_Systems Entire description & history
165 Nessus http://en.wikipedia.org/wiki/Nessus_(software) Entire description
166 Nessus Goes Closed License http://en.wikipedia.org/wiki/Nessus_(software)#History quoted
167 Tenable NeWT Pro 2.0 Press release? http://www.highbeam.com/doc/1G1-115844766.html Entire description
168 Rapid7 http://en.wikipedia.org/w/index.php?title=Rapid7&oldid=301929477 Entire description
169 Microsoft Baseline Security Analyzer http://en.wikipedia.org/w/index.php?title=Microsoft_Baseline_Security_Analyzer&oldid=225194910 Entire description
170 eEye Retina http://en.wikipedia.org/wiki/Retina_Vulnerability_Assessment_Scanner Entire description
177 Exploits http://en.wikipedia.org/wiki/Exploit_(computer_security) Entire description (full page of text)
179 Buffer Overflows http://en.wikipedia.org/wiki/Buffer_overflow Entire description
180 SubSeven and Stopping SubSeven http://en.wikipedia.org/w/index.php?title=Sub7&oldid=299155522 Entire description
186 Metasploit http://en.wikipedia.org/wiki/Metasploit Entire description
187 Core Impact http://en.wikipedia.org/w/index.php?title=Core_Impact&oldid=295444915 Entire description
193 Registry Keys http://en.wikipedia.org/wiki/Windows_registry Entire description
194 Securing your logs http://codeidol.com/sql/network-security-hack/Windows-Host-Security/Secure-Your-Event-Logs Entire how-to
195 Event Viewer and HOW TO: Event Log Types http://support.microsoft.com/kb/308427 Entire description
197-200 Last User Logged in http://www.technixupdate.com/change-or-hide-the-last-username-logged-on-username-dialog-box/ Entire how-to copied
201 Last True Login Tool Many – Likely old description from website Entire description
202-204 Last logoff script http://dovestones.com/active-directory/true-last-logon/last-logoff.html Entire how-to
205-208 Windows Security Log http://en.wikipedia.org/wiki/Windows_Security_Log Entire article
223 Description of NIST http://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology Two paragraphs
233-235 CompTIA http://en.wikipedia.org/wiki/CompTIA Entire description
236 EC-Council http://en.wikipedia.org/wiki/EC-Council Entire description
236-237 (ISC)2 http://en.wikipedia.org/wiki/ISC2 Entire description
244 One-time Passwords http://en.wikipedia.org/w/index.php?title=One-time_password&oldid=306538660 Paragraph and list
246 Honey Pot http://en.wikipedia.org/wiki/Honeypot_(computing) Paragraph
253 Firewall http://en.wikipedia.org/wiki/Firewall Paragraph
255-256 Full-Disk Encryption http://en.wikipedia.org/wiki/Full_disk_encryption Three sections
257-258 Snort http://en.wikipedia.org/w/index.php?title=Snort_(software)&oldid=273431896 Entire description
258-264 IPS http://en.wikipedia.org/wiki/Intrusion_prevention_system The entire wikipedia article copied over multiple pages!
278 Wireshark http://en.wikipedia.org/wiki/Wireshark Several sentences from the article
279 PGP http://en.wikipedia.org/w/index.php?title=Pretty_Good_Privacy&oldid=304558754 Two paragraphs of description
281 Personal firewalls http://en.wikipedia.org/wiki/Personal_firewall Short description
285 Perl http://en.wikipedia.org/wiki/Perl Entire description
292 Bluesnarf http://en.wikipedia.org/wiki/Bluesnarfing Entire description
299 Bleeding edge technology http://en.wikipedia.org/wiki/Bleeding_edge description and list
303-305 ECHELON http://en.wikipedia.org/wiki/Echelon_(signals_intelligence) Entire description + photo
310 Ghost Rat http://en.wikipedia.org/wiki/Ghost_Rat Two paragraphs
332 2600 Magazine http://en.wikipedia.org/wiki/2600:_The_Hacker_Quarterly Entire description
333-334 Gary McKinnon http://en.wikipedia.org/wiki/Gary_Mckinnon Entire description
336 PSP Hack http://www.dcemu.co.uk/vbulletin/showthread.php?t=33928 Tutorial
396 World of Warcraft http://en.wikipedia.org/wiki/World_of_warcraft Large paragraph
399-400 Infragard http://en.wikipedia.org/wiki/Infragard Entire description
404 Bump Keys http://en.wikipedia.org/wiki/Bump_key Entire description
 

I just finished listening to the first episode of The Social-Engineer.org Podcast, hosted by Chris, Mati, Jim, and Dave over at the relatively new social-engineer.org.  The podcast has been available for nearly two weeks now, and I had been looking forward to listening to it once I finished the audiobook of The Lost Symbol.  The first episode, titled “Interview and Interrogation Tactics” is really great and I recommend that you check it out:

The podcast, along with the rest of their site, is a really informative and discussion of social engineering beyond simply lying and immature tricks.  I’m looking forward to future episodes and I hope they move to a more frequent schedule!

 

Edit: I have added an amendment to this review in this post, when it became obvious to me that the majority of the material in the STAR portion of this book is plagiarized.

Jayson E. Street and Kent Nabors’ The F0rb1dd3n Network is the first in what is proposed to be a new series of “hacker fiction” from Syngress, under the banner Dissecting the Hack.  This genre is still in its infancy, so the only other point of comparison that comes to mind is the Stealing the Network series from the same publisher.  Despite STN‘s flaws, I enjoyed the stories the series had to tell, and looked forward to the review copy of F0rb1dd3n Network that arrived last week.

The F0rb1dd3n Network‘s format is different from STN‘s.  The fictional story is separated from the second part, which serves as a technical reference that explains the technology and attacks mentioned in the story.  A “How to Read” introduction explains that the reader can read either or both sections.  I felt that it was best to just take the book in linearly, reading the story first, then the “Security Threats Are Real” (STAR) section.

I enjoyed the story, however those reading the book for “hacker fiction” should be aware that this part is only 127 of the book’s 410 pages, and goes by very quickly.  The plot has the pacing of an action movie or police/detective TV series, so don’t expect much development in the characters, nor much attention to the hacks performed by them (the latter is to be taken care of in the “STAR” section).  The advertising for this book includes the statement “Every attack is real.”, which is true for the most part, but if you’re really picking nits you may be able to spot a few “hand-waving” moments.  Overall though, it’s entertaining, and if you enjoyed the stories in STN, you’ll probably like this one.

The second part, STAR, is both a review of penetration testing methodology and a collection of more in-depth coverage of attacks, technology, and cultural references made in the story portion of the book.  This is where I felt that the book was a let-down from its promise.  Much of this section, which appears to be thick with content, is actually space wasted.  Among the worst offenders are large screenshots, many of which have no direct reference in the text to explain the contents; numerous screenshots of websites with no real content showing; and pages of book recommendations with large (and low resolution) images of their covers.  A lot of space is also taken up by “Public Record on Tap” sections, which are simply reprints of short articles available on the web.  Many of these are not attributed to any author or source, and it took some Googling to find out that they were largely copied and pasted from Wikipedia.  Outside of these sections, I noticed at least a couple of instances where content was copied from Wikipedia or vendor websites without attribution or any indication that it was a quote from elsewhere (I hope that this is just an oversight).  I got the feeling that the author was getting tired and started “phoning it in” towards the end (a short bio of HD Moore that doesn’t mention Metasploit?).  I understand the desire to make a book seem large, however much of it could have been replaced with more information on the attacks described in the fictional story (even some that had no mention in STAR at all).  I would have preferred to hear the author’s take on many of the topics, rather than snippets of text from the web.

There is also the confusion of the target audience for this book.  The website for the book has a video that explains that it is for management to understand security and buy in to it.  The back-cover sells it to “Hackers, IT Professionals, and Infosec aficionados (as well as everyday people interested in security)”.  This kind of description is symptomatic of many books being published that are trying to widen their market.  My feeling is that it’s going to be difficult to get some of these audiences interested in this book.  Many people in management roles, as well as established professionals (and hackers) in the security field, are not going to be able to relate easily to the kids that are the main characters in the story.  People who have been involved in security won’t find many new techniques or insight in the STAR section (literally, because so little of it is original content from the authors).  This leaves beginners to the security field and laymen who have this as their first exposure to the field.  For them, it would probably be an interesting book (that might leave them hanging on some points).

I think this format has promise, enjoyed the fiction, and I look forward to future volumes of the story.  More mature protagonists and situations would be welcome, to better relate to the audiences that can benefit from the book the most.  The STAR section in future books should also focus more on the happenings of the story, and consist of more prose from the authors than filler.

 

Bill Blunden’s book, The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, is one of the hidden gems in computer security books, and I hope that I can convince you to give it a look.  This review has been too-long to arrive, as I haven’t had the time to read that I would like.  That said, I felt it was very important to finally get the review up, as this is a book that I’m sure my regular readers will enjoy.

I first spotted this book on a vendor table at Defcon, and it stood out among the rest mostly because *I hadn’t heard of it*.  I try to keep up with new book releases, especially on attack-oriented topics that would be of interest to the penetration testers and vulnerability analysts that read this blog.  It was surprising to me that one had flown under the radar.  I picked it up and flipped through the table of contents (which I encourage you to do as well), and was very impressed with the amount of material it covers.

I looked up the author, and was disappointed to realize that I had missed his talk at Blackhat earlier that week (looking forward to the video).  I contacted him, and he was kind enough to supply a review copy of the book.  It arrived very quickly, with a humorous personal note on the inside cover, and ever since, I have been learning a lot from it.

The author’s style is excellent.  The material is technical and has the potential to be very dry, but the text has a very conversational tone, as if it were being presented as a lecture for a (particularly good) class.  Each concept is tied back to the main topic: hiding operations and data from the user and operating system, and frustrating forensic analysis.  The book reads very well, presenting enough context that you can understand it if you’re reading away from a computer, and enough detail that you can follow along and experiment with it if you are at your desk.

I appreciate that this book does not attempt to hold the reader’s hand throughout with the ethics of developing rootkits.  The author takes a brief moment at the beginning of the book to explain the legitimate needs for security professionals to be familiar with rootkit techniques and development, and points out that the information can be found elsewhere.  After this point, the book assumes a level of maturity in its reader that is greatly appreciated.

The first part of the book, “Foundations”, has an excellent introduction to IA32 architecture and Windows internals that I have never seen so well-described for beginners.  Even if you aren’t interested in rootkits, this portion of the book is something I would recommend to anyone getting started in related fields, like reverse-engineering or exploit development.  Digging further into the text, the second section on “System Modification” makes up the “meat” of the book, delving into the details of subverting Windows internals in many different ways.  As technical and in-depth as the book gets, though, it never seems to leave the reader behind.  Each new concept is well-explained and builds upon the material the reader has already learned.  You may have to go through the text slower than you had anticipated, and go back to review previous material, but you’re never left feeling hopelessly lost.

The remainder of the book is a treat, as well.  I can’t recall another book that goes into any kind of detail on defeating forensic analysis of memory and file systems.  Anyone interested in developing forensic tools or curious about how analysis with tools like Encase and FTK might be subverted, should give it a read.  The author closes the text with some strategic guidelines for rootkit development, and his own thoughts on how evasion and deception can be used to similar ends on a larger scale than operating systems.

This is now one of my favorite computer security books, and I believe that if you review its contents, you’ll find that you’re getting a great value for your money.  If you are familiar with C and have a beginner’s knowledge of IA-32 assembly, you should have the prerequisites you need to follow along with this book.  I highly recommend it, and hope that it becomes less-hidden of a gem that it already is.

© 2012 McGrew Security Suffusion theme by Sayontan Sinha