Amending my F0rb1dd3n Network Review
Jayson called me regarding this post, and I promised to let him tell his side of the story, right here, at the top of the post, so here it is:
I am more stunned than anyone on finding this out. When Kent and I finally got the book deal from Syngress we were overjoyed and immediately felt the pressure of completing the book by our deadline. We had been so involved in getting the first part completed that we turned to Dustin L. Fritz to step in to write the 2nd part.
Dustin served as the Technical Editor and we were assured that he would be able to complete the 2nd part in time to meet the deadline. I trusted the material that Dustin delivered was either original or properly sourced. As people heard me say before this discovery, I gave proper credit to Dustin for the 2nd part.
I do feel betrayed that someone I trusted appears to have taken short cuts and not delivered original material. The Information Security community is about trust and I apologize to those who should feel betrayed. This is not trying to lay blame this is trying to get the full story out there. This book has my name on it so therefore the ultimate blame is with me.
I want to also apologize to Syngress, Rachel, and Angelina who were behind me 100% for this project. I will personally work to correct any plagiarism or copyright issues in this work.
Edit: Co-author Kent Nabors posted his response in the comments below (where the discussion is going very well), and I have made a couple of small edits to the post to more accurately reflect the fraction of the book made up by the STAR section (from all but 170, to all but 125).
Edit: Dustin L. Fritz (of The CND Group) has left the following comment regarding plagiarism in this book:
This was an honest mistake and I sincerely apologize for any miscommunication. I hope that the correct and proper citations can be added soon and that all questions regarding copyright and plagiarism issues can be resolved. I hope the book can still be enjoyed as a valuable contribution to the information security community and I hope it will go on to fulfill its objective in reaching anyone who desires to learn more about hacking and security. I want to specifically apologize to Jayson, Kent, Syngress, Rachel, Angelina, all the readers, reviewers, and others who have taken offense. I want to fix this and I sincerely appreciate everyone’s positive support!
I appreciate Dustin’s comment, however (as we discussed at length on the phone this morning) I disagree partially with it being an honest mistake. When one has demonstrated in other parts of the same book, and at presentations at venues such as DojoSec, that he or she is capable of quoting and citing things properly, and knows that permission should be asked before reproducing material, it’s no accident when large sections of text are lifted from non-attributed sources and presented as the authors’ work. The argument was made that the work was never put forth as the authors’ words, but the below information and anyone with a copy of the book can verify that this is not the case.
My original post continues from this point.
—
I am posting this as an amendment to my review of Jayson Street and Kent Nabor’s Dissecting the Hack: The F0rb1dd3n Network. It turns out that a large portion of the book being presented as the author’s original work (almost the entirety of the STAR section, which is all but 125 of the book’s 400) is actually plagiarized from various online sources (primarily Wikipedia). Not much in information security angers me, but it does anger me when authors attempt to present others’ work as their own, misleading their readers and reviewers (many of which have given very positive reviews to this book).
While I was in the process of reading and reviewing Dissecting the Hack: The F0rb1dd3n Network, I promised Jayson that I would provide notes that I had taken in the process of reviewing the book. A few days ago I posted that review, and today I reviewed my notes and edited them to be more readable than they were for his benefit.
In the process of editing those notes, I reviewed each of the problems they addressed, including where I had stated that many quoted materials were not attributed to any source. I had also noticed normally formatted, apparently author-written text that was actually an excerpt from a Wikipedia article in one place. At the time and in my notes, I figured that it was likely a typesetting error.
Unfortunately, this evening, I found out that this is not the case.
After reviewing my notes, I noticed other strange wording in the STAR section, which comprises all but 125 of the book’s 400 pages. I chose some excerpts at random, and Google’d what should have been unique phrases from them. In most cases I was given results on Wikipedia, where the text of the entry matched the text of the book exactly. This worried me greatly.
For several hours this evening, I have gone through STAR, section by section, locating the sources of plagiarized material. The majority of the text presented as the word of the authors’ (normal typesetting, not quoted or attributed) is directly ripped off from a number of online sources, primarily Wikipedia. For the most part, only the sections that directly reference the characters in the story portion of the book can be trusted.
I kept notes this evening, and I have created the table below, which documents 55 instances in The F0rb1dd3n Network where the contents are directly taken from Wikipedia and other online sources. Most of these are quite blatant, taking exact sentences and paragraphs from Wikipedia articles and using those to form the entirety of the book’s explanation of the topic. In most cases, all that is added are references to screenshots, and small wording and paragraph break changes.
Before I found so many examples, I thought that this might be a product of my own academic background holding this non-academic text to too high of a standard, but the massive scale of it constitutes plagiarism by any rational definition, and specifically violates Wikipedia’s copyright rules, among others’ rights. It is an insult to those that have taken the time to review it, and to those who have paid for the book under the assumption that it is an original work. I find it hard to believe that the authors did not feel that this was wrong, and can only assume that the editors were unaware.
The following table lists page numbers, the topic being discussed, a URL of the original material, and a “length” which roughly describes how much material is lifted. In this field, “Entire description” indicates that the entirety of the discussion of the topic in the book is taken directly from the source URL. Other descriptions attempt to explain how much material was “lifted”, though it’s inexact, as paragraph breaks are changed from the source to the book. In some cases, I had to go back to previous revisions of Wikipedia articles to determine what was copied, and so the revision I list may or may not be the exact revision the author used.
If you have a copy of this book that you bought or received for review, I encourage you to take a look at these pages and source URLs to see what I’m talking about:
| page | topic | original source | length |
| 135 | OSI Model | http://en.wikipedia.org/wiki/OSI_model | 2 paragraphs and a table |
| 141 | Maltego | Old description from paterva.com | 1 sentence |
| 146 | DNSPREDICT | Many sources (likely original tool site) | Entire description |
| 149 | Kismet | http://en.wikipedia.org/wiki/Kismet_(software) | Entire description |
| 151 | Netstumbler | http://en.wikipedia.org/wiki/NetStumbler | Entire description |
| 153 | SuperScan | http://en.wikipedia.org/wiki/Superscan | Entire description |
| 154 | Nmap | http://en.wikipedia.org/wiki/Nmap | Entire description |
| 155 | Paratrace | http://linux.die.net/man/1/paratrace | Entire description |
| 156 | Scanrand | http://linux.die.net/man/1/scanrand | Entire description |
| 157 | Amap | http://freeworld.thc.org/thc-amap/ | Entire description (short) |
| 161 | Plug-in | http://en.wikipedia.org/wiki/Plug-in_(computing) | Paragraph description |
| 164 | Vulnerability Scanner | http://en.wikipedia.org/wiki/Vulnerability_scanner | Entire description |
| 164 | IBM Internet Security Systems | http://en.wikipedia.org/wiki/IBM_Internet_Security_Systems | Entire description & history |
| 165 | Nessus | http://en.wikipedia.org/wiki/Nessus_(software) | Entire description |
| 166 | Nessus Goes Closed License | http://en.wikipedia.org/wiki/Nessus_(software)#History | quoted |
| 167 | Tenable NeWT Pro 2.0 | Press release? http://www.highbeam.com/doc/1G1-115844766.html | Entire description |
| 168 | Rapid7 | http://en.wikipedia.org/w/index.php?title=Rapid7&oldid=301929477 | Entire description |
| 169 | Microsoft Baseline Security Analyzer | http://en.wikipedia.org/w/index.php?title=Microsoft_Baseline_Security_Analyzer&oldid=225194910 | Entire description |
| 170 | eEye Retina | http://en.wikipedia.org/wiki/Retina_Vulnerability_Assessment_Scanner | Entire description |
| 177 | Exploits | http://en.wikipedia.org/wiki/Exploit_(computer_security) | Entire description (full page of text) |
| 179 | Buffer Overflows | http://en.wikipedia.org/wiki/Buffer_overflow | Entire description |
| 180 | SubSeven and Stopping SubSeven | http://en.wikipedia.org/w/index.php?title=Sub7&oldid=299155522 | Entire description |
| 186 | Metasploit | http://en.wikipedia.org/wiki/Metasploit | Entire description |
| 187 | Core Impact | http://en.wikipedia.org/w/index.php?title=Core_Impact&oldid=295444915 | Entire description |
| 193 | Registry Keys | http://en.wikipedia.org/wiki/Windows_registry | Entire description |
| 194 | Securing your logs | http://codeidol.com/sql/network-security-hack/Windows-Host-Security/Secure-Your-Event-Logs | Entire how-to |
| 195 | Event Viewer and HOW TO: Event Log Types | http://support.microsoft.com/kb/308427 | Entire description |
| 197-200 | Last User Logged in | http://www.technixupdate.com/change-or-hide-the-last-username-logged-on-username-dialog-box/ | Entire how-to copied |
| 201 | Last True Login Tool | Many – Likely old description from website | Entire description |
| 202-204 | Last logoff script | http://dovestones.com/active-directory/true-last-logon/last-logoff.html | Entire how-to |
| 205-208 | Windows Security Log | http://en.wikipedia.org/wiki/Windows_Security_Log | Entire article |
| 223 | Description of NIST | http://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology | Two paragraphs |
| 233-235 | CompTIA | http://en.wikipedia.org/wiki/CompTIA | Entire description |
| 236 | EC-Council | http://en.wikipedia.org/wiki/EC-Council | Entire description |
| 236-237 | (ISC)2 | http://en.wikipedia.org/wiki/ISC2 | Entire description |
| 244 | One-time Passwords | http://en.wikipedia.org/w/index.php?title=One-time_password&oldid=306538660 | Paragraph and list |
| 246 | Honey Pot | http://en.wikipedia.org/wiki/Honeypot_(computing) | Paragraph |
| 253 | Firewall | http://en.wikipedia.org/wiki/Firewall | Paragraph |
| 255-256 | Full-Disk Encryption | http://en.wikipedia.org/wiki/Full_disk_encryption | Three sections |
| 257-258 | Snort | http://en.wikipedia.org/w/index.php?title=Snort_(software)&oldid=273431896 | Entire description |
| 258-264 | IPS | http://en.wikipedia.org/wiki/Intrusion_prevention_system | The entire wikipedia article copied over multiple pages! |
| 278 | Wireshark | http://en.wikipedia.org/wiki/Wireshark | Several sentences from the article |
| 279 | PGP | http://en.wikipedia.org/w/index.php?title=Pretty_Good_Privacy&oldid=304558754 | Two paragraphs of description |
| 281 | Personal firewalls | http://en.wikipedia.org/wiki/Personal_firewall | Short description |
| 285 | Perl | http://en.wikipedia.org/wiki/Perl | Entire description |
| 292 | Bluesnarf | http://en.wikipedia.org/wiki/Bluesnarfing | Entire description |
| 299 | Bleeding edge technology | http://en.wikipedia.org/wiki/Bleeding_edge | description and list |
| 303-305 | ECHELON | http://en.wikipedia.org/wiki/Echelon_(signals_intelligence) | Entire description + photo |
| 310 | Ghost Rat | http://en.wikipedia.org/wiki/Ghost_Rat | Two paragraphs |
| 332 | 2600 Magazine | http://en.wikipedia.org/wiki/2600:_The_Hacker_Quarterly | Entire description |
| 333-334 | Gary McKinnon | http://en.wikipedia.org/wiki/Gary_Mckinnon | Entire description |
| 336 | PSP Hack | http://www.dcemu.co.uk/vbulletin/showthread.php?t=33928 | Tutorial |
| 396 | World of Warcraft | http://en.wikipedia.org/wiki/World_of_warcraft | Large paragraph |
| 399-400 | Infragard | http://en.wikipedia.org/wiki/Infragard | Entire description |
| 404 | Bump Keys | http://en.wikipedia.org/wiki/Bump_key | Entire description |
[...] I have added an amendment to this review in this post, when it became obvious to me that the majority of the material in the STAR portion of this book is [...]
Thanks for the update. If the STAR section really is just filler, maybe the solution is thinner books focusing on the fiction and pointing to other resources in in a bibliography? Regarding the plagiarism, they bigger questions how did it slip past the editors and technical reviewers ?
I didn’t interpret that post as a complaint about filler. There are serious, career threatening assertions here, waiting patiently for the response on whether there is some justification, or a failure in the publishing process, or what.
I am more stunned than anyone on finding this out. When Kent and I finally got the book deal from Syngress we were overjoyed and immediately felt the pressure of completing the book by our deadline. We had been so involved in getting the first part completed that we turned to Dustin L. Fritz to step in to write the 2nd part.
Dustin served as the Technical Editor and we were assured that he would be able to complete the 2nd part in time to meet the deadline. I trusted the material that Dustin delivered was either original or properly sourced. As people heard me say before this discovery, I gave proper credit to Dustin for the 2nd part.
I do feel betrayed that someone I trusted appears to have taken short cuts and not delivered original material. The Information Security community is about trust and I apologize to those who should feel betrayed. This is not trying to lay blame this is trying to get the full story out there. This book has my name on it so therefore the ultimate blame is with me.
I want to also apologize to Syngress, Rachel, and Angelina who were behind me 100% for this project. I will personally work to correct any plagiarism or copyright issues in this work.
Clarifying here that, at least as far as our conversation on the phone went, you gave credit to Dustin for the 2nd part in a talk at Hacker Halted.
“Proper credit” would have been co-authorship, rather than being billed as “technical editor” on/in the book and it’s promotional material. That would have also added to his official responsibility on this.
I don’t pretend to have any evidence other than the same book sitting on my end table that everybody else gets (and that’s the perspective you get on my reviews), so I’m not in a position to say one way or the other on who did what. It does seem very believable though, and if that’s the whole story then I really do feel bad for you that one guy could burn so many people like that.
Ultimately, though, there are a lot of people who should have seen this before publication, and I’m very surprised that I’m the first to see it this long after publication.
100% of my comment is focused on the wikipedia content only. I think Wikipedia is one of the most awesome tools in the past ten years. Sources should be cited *of course*, however, if that was one of my wikipedia submissions I would be S T O K E D to find my material used by another project, especially a creative fiction project.
Syngress, you need to learn a lesson from this and do the basic googling the totally awesome (do you ever sleep) McGrew has done, but if we cite the source, folks, I hope we will all use (and contribute to) wikipedia more.
Glad you could drop by Stephen :) Right on with those comments. A few notes on them:
I agree Wikipedia is an excellent resource, though material from it shouldn’t be passed off as one’s own. I’d be way less-than-stoked to find out my Wikipedia submission was used in this way. As a reader, I’d be disappointed if a large part of a book I bought was wikipedia entry after wikipedia entry with nothing to separate them either.
The other problem is licensing. There are open-source Wikibooks that can draw upon that content because they fulfill the “viral” parts of the license, but a book like this can’t be so heavily steeped Wikipedia content as it is without also carrying the same open license, even if they had a URL citation for everything they used.
I occasionally sleep ;)
I have often thought about the advice Randy Pausch offered in his “Last Lecture”. He said if he could only give three words of advice to his kids they would be “Tell the truth.” He then said if he got three more words they would be “all them time.”
Randy was right.
In the Information Security community telling the truth is essential. Verification of systems and procedures can be the difference between secure and compromised.
Jayson began working on the idea for The F0rb1dd3n Network over three years ago. The adventure faced by Bob, Leon, and Hannah was first created on Interstate 35 when he was going to a security forum. It took Jayson quite a bit of work to convince me to join onto the idea of using fiction to educate the public about the complexities of Information Security. He persisted and through conversations, emails, and late nights at IHOP, we started to get enough of a story together to bring the idea to a publisher.
As many authors can attest, it can take more than one publisher to get that first book to print. Our journey was no different. Finally in late 2008 we had a publisher. We then began the process of finishing the story and bringing in all of the technical material to support it. Our success became a new problem. The idea for the book was unique and now we had a looming deadline to meet.
At the same time we were wrapping up the story, we built an outline for the reference section. We created the links between the outline and the story. Then we did what comes natural to Information Security. We turned to a network of contacts for help.
Jayson used his persistence to find a technical editor. Soon Dustin was in place to flesh out the rest of the work. The objective was to show how the security issues in the story were real. We wanted it to be a launching point for non-technical readers to use for exploring issues that are already well known to the Information Security community.
I want to thank Wesley McGrew. Tonight he found there is material compiled by Dustin that was not properly sourced. We will be reviewing the research he did as we meet with our editors to see where the process broke down. Information Security is always made stronger when we face issues with devotion to the truth. Wesley McGrew pointed out flaws we will address.
Our objective remains the strengthening of the Information Security community. Our hope was to add to the conversation through a book. Now we have been given the chance to also add to the conversation through our actions. We will stay engaged in the conversation and strive to make sure all issues are addresses.
You are in the wrong job my friend :-). Well done on finding this and for giving the author the opportunity to respond at the top of the post. Hopefully Syngress will be as transparent as Jason has been and detail how they will improve their review processes going forward as this is a shocking lapse for a publisher.
I still plan to buy the book, primarily for the fiction piece. I’m hoping its something I can recommend to exec level types who need a coaxing in the right direction :-)
Thank you for commenting, Kent. I realize that it’s a difficult time for the folks who worked on the book.
I agree with almost everything you have to say, especially the points regarding “hacker fiction”, which I think is a cool idea, and the importance this has to other authors that might be putting together books.
One point your comment brings up, though, is that the “technical editor” was brought on in order to “flesh out the rest of the work”. The STAR section is page-for-page about two-thirds of the book, and is presented, in the book and any promotional materials that I’ve seen, as an “equal”/other-side to the fiction part. I know there’s a tendency now to want to down-play that part of the book as being a “launching point” or an index on steroids, but in the work as it stands, it’s more than that.
What’s more, someone brought in to do almost all of a part that makes up such a huge chunk of the book shouldn’t be billed as a “technical editor”. I was under the impression before that he was already the tech. editor and fell into this role of completing STAR. That’s a co-author, and that confusion may be a source of some of the problem.
Perhaps you should consider sole authorship?
I personally know Jason Street, and can say from my experience, I find him to have the highest standards of integrity. I am not in the least surprised he would bare his soul and immediately post the facts as he sees them. As he is the person he is, It is only natural that he would expect the same level of integrity from his partners in such a venture. This does not change my opinion of Jason, only saddens me that he is hit by the shrapnel by standing too close to a career suicide bomber.
This was an honest mistake and I sincerely apologize for any miscommunication. I hope that the correct and proper citations can be added soon and that all questions regarding copyright and plagiarism issues can be resolved. I hope the book can still be enjoyed as a valuable contribution to the information security community and I hope it will go on to fulfill its objective in reaching anyone who desires to learn more about hacking and security. I want to specifically apologize to Jayson, Kent, Syngress, Rachel, Angelina, all the readers, reviewers, and others who have taken offense. I want to fix this and I sincerely appreciate everyone’s positive support!
I’ve been reading the comments and communications between the parties involved with interest over the past 24 hours. Like many other people, I was disturbed to find out that some portions of the book were not original content. I was however very appreciative of the quick and honest responses given by Jayson and Kent on the matter. They took responsibility and spoke truthfully about the issues and the process, even though it was obvious that they were both very concerned and shocked at the discovery. It takes a brave man to stand up and take the blame for things, and I think more of them for being able to do that. I’m not sure I could.
Dustin’s reponse however, leaves me feeling somewhat different on the matter. I can understand how the occassional links, quotes or sentences can be left off the citation list. With a project of this size, it’s easy for that to happen. However, to state openly that this was a miscommunication and can be corrected with a simple list of citations, is, in my mind, wishful thinking. I understand that these replies were quickly formulated in response to the information Wesley has bought to light, and can only hope that Dustin takes some time to think about what really needs to be done here to address the “questions regarding copyright and plagiarism”.
The only voice left to hear it seems, is that of Syngress regarding the editorial process. I know this is a point where Syngress has come under fire before, and I’ve spoken to Rachel about this through email and face to face while at Defcon. Things cannot be made perfect overnight, but I hope that this situation helps to push home the fact that changes need to be made at several levels, and that high quality books cannot be forced out in unrealistic timescales. Books need to grow and be tended after all.
I’m the publisher at Syngress and I’ve been reading your comments today. I just wanted to thank Wesley for bringing this to our attention. As you might imagine, I’d like to take the time to review all of this and have a good, long conversation with everyone involved. We’ll share what we find just as soon as all the data are in.
[...] the weekend we saw lots of Twitter activity about a blog post over at McGrew Security. While I applaud the effort in pointing out this complete scam job of a book I do feel that [...]
I’d like to chime in here in Jayson’s defense. Like Sean Benson, I know Jayson personally, and he has “shown his quality… the very highest” (a quote which I ironically post without attribution).
Jayson’s donated a part of his proceeds to us at Hackers for Charity which means book sales feed kids. I think that says something about him. I sincerely believe every word of what he posted above.
In the early stages of this book, he sought out my help as a reviewer. While I accepted a copy of the manuscript, my life was “interesting” at the time (I’m officially an expat now) and I only gave it the most cursory of glances. Regardless, I gave him a quote (the hacker fiction market is, after all, notoriously brutal) and praised the concept of a fiction/non-fiction split.
It’s a lesson for me. I think that if I had just taken more time out for Jayson I may have Yahoo-ed a few interesting things and saved my friend a bit of heartache. (What’s this Google thing, anyhow?)
I am, of course kicking myself and can’t bear to look at the early manuscript to see if STAR’s in there.
All that aside, I do appreciate the gesture of the HFC donation and hope it weighs in his favor. Like I said, my gut tells me he’s being honest in all this.
Hi Johnny!
Dustin doesn’t refute anything that Jayson or Kent has said, seems to confirm their side of the story, so I think it’s pretty safe to say that Jayson’s being honest, in that blame is being put into the right place now.
Your experience with giving a quote without really reviewing the contents mirrors *many* people who are involved in editing, endorsing, and reviewing books in computer security, as it stands right now. The security community that writes reviews also is often close to the authors, and everybody wants to be friendly and on good terms with each other.
This probably results in less critical reviews than the works warrant, and erodes both the confidence readers have in those reviews, and process by which they are created. I’ve tried to be honest with my reviews, and I hope that after this, reviewers of computer security books will begin to take a more critical look and talk about the bad along with the good.
This is a very unfortunate event and I hope that it can be resolved as painlessly as possible. It’s definitely somewhat of a worst-case scenario. In my prior books with Syngress there is a contractual emphasis to run all content through the EVE Plagiarism system to ensure that it is clean. In some situations the buck gets passed along where each person assumes that another has performed this step.
It’s a shame to see bad blood being brought back from prior authors with Syngress. I’ve worked on Syngress projects since 2005 and have definitely been disillusioned by much of the process. However, after speaking with Angelina and Rae and many of the new blood at Syngress, I put my full faith in the New Syngress and their ability to work through these issues to produce quality material.
I agree that this is a small community, and everyone is within three degrees of each other, which can cloud reviews. Kudos to McGrew for being honest with the review and not just sweeping it under the rug to protect friendships. The community grows with honest and blunt discussion. I don’t hate the people that bashed my books ;)
I also had a similar experience with Syngress. Found that the co-authors had lifted vast amounts of material. Publisher didn’t seem concerned. I decided to back away from the project. Further, they also slapped endorsements on the cover from people who never even saw the book. Potential author beware….you are risking your reputation. I will never deal with them again.
So actually I’m curious, I’m not sure how these deals work out with authors, editors, and publishers and where certain activities exist; however, I know in my past academic activities I’ve had tools at my disposal as a student to upload a document and a service would parse it and look for plagiarism. I’m not sure the the database these services work against would include wikipedia but still I would imagine some form of due diligence in this regard.
Speaking as someone who has dealt with spotting plagiarism as a professors’ assistant for classes and a peer reviewer for articles:
If you’re actually in the mindset to look for it, it’s pretty easy to spot plagiarism of Wikipedia’s content. For articles that have seen several editors’ hands on WP, the content starts conforming very close to WP’s usual style and wording. For example, if you have a concept like “plug-in” which can mean different things in different contexts, the WP entry for “Plug-in” that applies to the computer will begin with something like: “In the field of computing…[descriptive sentence]“, where in the context of a larger computer book, an author would just imply that. That’s just one of many things you learn to look out for.
For this book, try this, without consulting the table above:
1. Flip open the STAR section to a random page
2. Find the nearest piece of text that’s in the “author’s” “normal” typeface (not blockquoted or anything like that)
3. Disregard the couple of sentences that make reference to the story, if there are any
4. Read the remainder (the meat) of it
Chances are you’ll have landed right in the middle of one of the above referenced instances of plagiarism (or one I missed) and you’ll see it reads very encyclopedic/formulaic, and not at all like the style of a single author.
People who plagiarize do so because they are lazy and think that, if they make a few changes (in this case, paragraph breaks, integrating story references and screenshots), they won’t get caught. This is a balance for them though, and they usually weigh too heavily to the “lazy” side of it and “go big” with their copying. This is definitely the biggest and most egregious example of it I’ve seen though.
The team at Syngress recently found out through our Twitter feed that Dissecting the Hack might have plagiarized material. The twitter feeds led us here where Wesley listed at least 125 instances of plagiarism—mostly from Wikipedia.
After talking to all involved we have determined the following:
•The book’s technical editor is the source of this plagiarism. He greatly overstepped his role.
•He did, in fact, plagiarize despite signing an agreement that explained his role was to fact check and prevent plagiarism.
•The book’s authors, Jayson Street and Kent Nabors were not involved.
As soon as we learned about this issue, we ‘froze’ the status of the books. On Monday, October 19th we made the decision to destroy all remaining titles.
We’ve learned a lot of interesting lessons in the past few days. I suspect the most important is the value of a new anti-plagiarism software program. If you have suggestions on really good ones please feel free to send them my way. But equally important has been the goodwill and generosity of so many people in this community. Our editor and the book’s authors are already working on a plan to move forward due in no small part by experts in the community who have agreed to help us replace all of the plagiarized material with new content. The previous technical editor will in no way be involved with this new project— or with any future Syngress projects. We will hire a new technical editor to review the content.
Our plan is to publish a revised edition with this new content. We’re also working on placing all the new content on completely open websites so that anyone who did have a copy of the book can get electronic access—anyone who heard about the book and wants to check it out can do a quick preview before purchasing.
I’ve talked to several experts in the field who shared good suggestions on how to ensure we deal fairly with our customers. We’ve taken the last couple days to check them all out and to try to balance them with some of the realities of doing business with global sales channels and a variety of contractual obligations. Then we took a deep breath and decided to follow the old K.I.S.S. rule. To keep it simple, we’ll accept back ‘old’ books from current customers and replace them with the new version as soon as it publishes. And we’ll also do multiple postings of the new material and keep it open to all for the life of the title. We post this information in a variety of sources and take out an ad or two in info sec publications. We’ll always have latest up-dates on syngress.com and on dissectingthehack.com.
Although I realize it’s my job to say this, I honestly believe this is a great book and can’t wait to get the REAL version in my hands and yours.
[...] ‹ Amending my F0rb1dd3n Network Review [...]
#1 good on ya for pointing it out.
#2 Jayson is of the highest moral standards and caliber that i have met in quite a long time. I don’t say that lightly, as many of the people I meet in these communities are bloodsucking time vampires who have a greater self edification complexes than any of the worst dictators in history. It is refreshing to have someone who gives a shit about others enough to lay on the grenade.
#3 instead of writing long winded analysis of these situations, posting on twitter, and blog after blog of commentary…. why don’t we spend the time to help make it right. What ever happened to the security “COMMUNITY” ? this is just another drag on.. so people can hear themselves talk and get a little press.
#4 Anyone offer to help jayson and gang (Wes I know u did offer to tech review * i think*) rewrite the content to help get a good book out there that the COMMUNITY can learn from? If not…. time to close this browser and fire off an email.
To all of you who have given…. thank you for your sacrifice and humility.
To all that take… and bitch about what you got, instead of helping be a solution….. Find a new place to play, we don’t want you here.
Yes, I did offer to tech review the second volume of this series, even before all of this mess, since I like Jayson and I think it’s a really cool project. I have also offered to provide content for the reconstructed STAR section, and I hope they take me up on it.
Thanks for the comment. You’re right on the mark with it.
“Welcome to hacker fiction-like SciFi, but you don’t get to make the good stuff up.”
-Dan Kaminsky (From the back cover)
… You do, however, get to randomly copypasta junk from the Internet and have it make it past fact-checking and into print. Gaah. I should have listened to my Mom and went into accountancy. Every time I think we’ve perfected the Security Charlatan, someone comes along and makes a better one, like some sort of Terminator that keeps reengineering itself and can’t be killed. Bravo, Fritz, bravo.
@Chris
I just don’t get how this is being spun as some kind of community thing. We’re not talking about a collaborative project like MSF or nmap, and we’re not talking about something that’s going into Phrack, or 2600, or Uninformed, or a thousand other plausibly “community” outlets.
We’re talking about a commercial book, published by a commercial publisher, with some dudes’ names on it. Written, at least kinda, by those dudes, for money. And at least one of those dudes screwed up, *hard*, as did their publisher. Why exactly should I be tripping all over myself to help them fix that?
I am not saying you should be “tripping all over yourself”
I am saying.. that this community thing should be about fixing issues. Not just identifying them and walking on. Security is not just about finding the bugs.. its about teaching others how to fix them.
@Chris
Trust me, I’m all for doing positive things instead of bitching. But don’t try to tell me that’s what this is.
You really want to call this a community thing? Fine. Go start a wiki and make a peer reviewed “hacker fiction” book, and make it free to everyone. That’s community, sir.
Doing free tech edits to make up for a personally and professionally embarrassing series of cockups and put more money in somebody’s pocket?
That’s not my community, man. Maybe it’s yours.
While I’m being a dickweed, I wonder how many people surrounding this drama mill have deals for other books in the series in the works? Hrrm. Time to save the franchise, eh?
[...] controversy regarding the plagiarism by the technical editor of the book. You can check out the book review by Wesley McGrew that is mentioned in the podcast. Wesley was also our guest on Episode 18 talking about the book [...]
For several years I have worked in one way or another with Syngress, Laura Colantonia, Angelina, Rachel and as far back as Amorette Pederson (sp). I have watched Syngress grow, their processes improve and them move into a respectable publisher of information security works. This is unfortunate and while there is software out there to detect this, the responsibility lies with the author, in this case the technical editor. I have known Jayson Street and Kent Nabors and their works for several years and they are top notch. I believe them and my heart goes out to them during this tough time for them. As a former Chief Security Engineer at EDS and author myself, I would expect more from a technical editor in the information security community. That said, the rest of us in the community need to rally behind Jayson and Kent and provide them the support that they deserve as being part of our community and behind Syngress for bringing us great information security content over many years – or better yet, allowing US to contribute to that content to further our work in the information security space. I believe that Jayson, Kent and Syngress are dealing with this issue in an appropriate and positive manner, doing the best that they can to correct the actions of someone that they trusted.
Good luck guys. I wish you the best.
Regards,
Brian
P.S Hats off to Wesley for bringing to light the issue so that it could be dealt with appropriately.