Emails between EC-Council and Attrition.org

Pleasantries, Lies, Bribe, and Threat

Fri Mar 15 17:48:07 CDT 2013


Pictured above is Steven Graham, Vice President | North America for EC-Council. Earlier today, he was dragged into a Twitter battle by @treadstone71 regarding a negative article about EC-Council last month. At some point, @attritionorg was added to the conversation. That eventually led Graham to make claims that the EC-Council Errata write-up contained intentionally biased articles. Specifically, he accused us of not publishing the 'proof' that EC-Council supposedly mailed us, showing that the plagiarism we exposed was actually their work, and that they published it first.

This is not only absurd and an outright lie, this is libelous. Steven Graham and EC-Council have decided to publicly accuse us of lying, and claim that our plagiarism review is bogus. It has been public for well over a year, and no one, independent or from EC-Council, has come to us with any flaws, or proof that any of the work we point out was legitimately EC-Council's. Because Graham is not very bright, he plays right into our hands on how we can help prove our side. He says we should publish the correspondence between Bavisi and us.

Agreed! Below is the entire set of lengthy correspondence between me (jericho), Jay Bavisi, and Leonard Chin (since busted for embezzlement). You can judge for yourself who played nice, and who proved what. You will see that Bavisi and Chin did not send any information that establishes they published the material first. Given that some of the plagiarized content was originally published in 1998, three years before EC-Council was formed, Graham's claims are obviously false. Per his wishes, we now show you the pleasantries, lies, attempted bribe, and threat. This, along with Graham's libel, demonstrates exactly what kind of organization EC-Council really is.


Note: In some cases, full signatures are redacted to save space, since Bavisi's signature is 38 lines, at least as rendered in Alpine. Additional edits were made for formatting; no content has been altered.

From: Leonard Chin (chinleonard@me.com)
To: security curmudgeon (jericho-at_attrition.org)
Date: Thu, 01 Dec 2011 13:18:21 -0800
Subject: my 2 cents

Hey man,

Saw some postings from you, and am intrigued by your most recent "mission". I'm unsure about your definition 
of ethics, and I'm not questioning it. This is written to you on an individual capacity, and I can't stop it 
if you extract parts of it or in full, and utilize whichever way you deem fit. It's your choice, and everyone 
has theirs. (But will appreciate if you could let me know if you decide to do so, and not be like "someone" 
who will just post it out and then "oh btw, I posted whatever you wrote...blah blah blah.")

Perhaps however I, or anyone from ECC respond to whatever that is being thrown out there now, there will still 
be a knife out for us. And for me personally, I do not wish to be embroiled in this - so if this gets worse, I 
can't do anything about it.

I'm quite sure you would have reviewed whatever information that is being fed to you, and that you will 
ascertain yourself whether are they authentic - before passing on any statements (or judgement) in public.

My question would be, why are all these being mentioned now, and why are there "some" people who are so 
enthusiastic about "garnering" information so diligently?

Well, perhaps there are indeed unhappy and aggrieved individuals.. or maybe "SORE" would be a more appropriate 
word to use here... But isn't there always 2 sides to the coin? Choosing to remain silent to some allegations, 
DOES NOT imply in anyway that one is guilty of such.

Maybe I should highlight a case - which clearly shows why some individual(s) are hell bent on bad-mouthing 
ECC. Is it a case of simply being sore? You decide yourself.

Yes, I did expel (or nicely put - withdrew an invitation to) a certain individual from presenting at the recent 
event in Miami. That's because I found out (pretty close to the event) that this particular "individual" was 
the same person that I had evicted from last year's event. And I have absolutely no regrets in doing so! Which 
event organizer would allow someone (a group of them actually) remain in an event hall when they draw and display 
anti-sementic images right at their booth? Which event organizer can tolerate when these same people are 
disturbing and annoying the rest of the exhibitors, not to mention the delegates, by shouting anti-jews messages 
and threatening other exhibitors? I did what a decent person would do, and that is to have them expelled and 
escorted out of the venue immediately, and I imposed a ban on these individuals from future events. Do I have 
a right to do so? Yes I do. Is it a fact? Of course it is when there are so many people on site who witnessed the 
fracas they're creating, and saw me evicting them.

Did I resort to shaming these people in public, even though there are targeted "attacks" on me and ECC now? No, 
I/ECC chose not to.

When one wants to dig dirt, I'm sure they will try to find something, and make a big fuss out of it. And its 
amazing to see some fabricated "information" that are being re-used again. OMG.. I can't help but burst into 
laughter when I read some of it. Just FYI - Jay Bavisi does not even have a Yahoo account! And did ECC go public 
with the FULL CONTEXT of the correspondence/communications between the author of the recent blog posting and 
Jay? They chose not to.

How about mentioning some of the good that was done (most recently at HH Miami with regards to one of our 
presenters)? Should we/I have bragged about it - then what does that make us? Again, a charlatan or a self 
bragging monster? LOL! So if the knife is out there for one, no matter what one does, he'll still be 
cut/sliced/dissected, one way or another.

And btw, the question about my nationality? (Never knew this country looks into that) But well, I'm a proud 
Singaporean, born and bred, and working for a respectable US organization. [If its about nationality now, would 
it be racial or religion next?? OMG, I don't believe it!]

Look, I can't stop you on your crusade, neither am I attempting to do so here. And I am definitely not up for 
challenging you or what you're doing. Hey, its the Internet - one can say, write, feel however way they wish 
to! :) I'm sure you know best what you're doing. Since we had corresponded before, this is simply a personal note 
to you to share my 2 cents worth of thoughts (not that it matters perhaps). As for ECC, I'll let them respond 
however they deem fit and if/when necessary.

Take care.

leo


From: security curmudgeon (jericho-at_attrition.org)
To: Leonard Chin (chinleonard@me.com)
Date: Thu, 1 Dec 2011 16:39:37 -0600 (CST)
Subject: Re: my 2 cents


Hi Leonard;

: Saw some postings from you, and am intrigued by your most recent
: "mission". I'm unsure about your definition of ethics, and I'm not

I don't have a strict set defined on paper. When doing Errata work, I will
largely use the person or organization's ethics that I am writing about.
So when writing about ISC2 for example, I go by their posted ethics and my
interpretation of them. Beyond that, it is generally just a "what seems
right", often mixed with discussion among staff about if an incident is
truly 'bad' or violates ethical standards.

: questioning it. This is written to you on an individual capacity, and I
: can't stop it if you extract parts of it or in full, and utilize
: whichever way you deem fit. It's your choice, and everyone has theirs.

I believe I am fair on quoting material from email. Obviously with 'Going
Postal', that is a different kind of thing. When it comes to Errata, if I
decide to use something, I make sure it is not quoted of context.
Generally, mail like this does not need to be quoted and adds no value
anyway. As an example, I had extensive mails with Jack Koziol of ISI, and
believe I ended up quoting a sentence out of them to give his point of
view.

: (But will appreciate if you could let me know if you decide to do so,
: and not be like "someone" who will just post it out and then "oh btw, I
: posted whatever you wrote...blah blah blah.")

I will do my best, but can't make any promises. As I said, discussions
like this are almost always better left between the two parties, not
shared with the world. If the mail was a rebuttal to something we posted,
then it is fair for me to post it to give our readers both sides of the
story.

: Perhaps however I, or anyone from ECC respond to whatever that is being
: thrown out there now, there will still be a knife out for us. And for me
: personally, I do not wish to be embroiled in this - so if this gets
: worse, I can't do anything about it.

Between us, your name has come up once, but I haven't looked into you at
all. Right now, the only focus is on ECC as an organization, with some
digging on Bavisi. Since he has been very vocal regarding the blog spam
accusations, he has put himself into the lime light.

: I'm quite sure you would have reviewed whatever information that is
: being fed to you, and that you will ascertain yourself whether are they
: authentic - before passing on any statements (or judgement) in public.

Absolutely. The stories we are receiving are varied, some wilder than
others. For me to post anything based only on sources, I need 3 people
that do not appear to have any relation to each other, giving me similar
stories, that pass the 'smell test'. I of course try to verify anything
and everything before posting where possible. If I were to post anything
based on less, I would disclaim it as such, and only as a last resort
after I had exhausted all of my research avenues.

: My question would be, why are all these being mentioned now, and why are
: there "some" people who are so enthusiastic about "garnering"
: information so diligently?

The ECC blog spam thing struck a nerve in many people. That prompted them
to start speaking out against ECC from their own point of view. In reading
all of that, the message we got was a lot of disgruntled people. That in
turn lead us to say "send us your stories" so we can determine if there is
really a 'story', or if its just a lot of people being grumpy. But, to be
fair, we already had some notes on ECC going back over a year. Just
nothing worth writing up by themselves.

: Well, perhaps there are indeed unhappy and aggrieved individuals.. or
: maybe "SORE" would be a more appropriate word to use here... But isn't
: there always 2 sides to the coin? Choosing to remain silent to some
: allegations, DOES NOT imply in anyway that one is guilty of such.

Absolutely not. There are generally 3 sides to any story involving 2
people. =) One thing we try to do on Errata, is write articles that are as
factual as possible, and forgo opinion any chance we get. Those are less
likely to be disputed when evidence is presented. As time permits, we will
often mail out and ask for opinion of the person we are writing about, but
that doesn't always happen. To be perfectly honest, and feel free to share
this with Bavisi, his handling of the blog spam mess does not motivate me
to contact him. His response was hostile, accusatory, potentially
defamatory, and does not indicate he is willing to consider or believe
something could be possibly be wrong in his house. That isn't the kind of
person I see as being beneficial to start a dialogue with, as they tend
not to be productive at all.

: Maybe I should highlight a case - which clearly shows why some
: individual(s) are hell bent on bad-mouthing ECC. Is it a case of simply
: being sore? You decide yourself.

Perfect. The more information we get, the better chance we have of
figuring something out.

: Yes, I did expel (or nicely put - withdrew an invitation to) a certain
: individual from presenting at the recent event in Miami. That's because
: I found out (pretty close to the event) that this particular
: "individual" was the same person that I had evicted from last year's
: event. And I have absolutely no regrets in doing so! Which event
: organizer would allow someone (a group of them actually) remain in an
: event hall when they draw and display anti-sementic images right at
: their booth? Which event organizer can tolerate when these same people

I have heard of a few people being 'uninvited' to speak, but their stories
don't line up with this. I am wondering if this is a case that I haven't
heard yet, or don't have enough details to correlate. The closest thing
that comes to mind is actually the other way; I have a call to make with
someone who claims that ECC members made racial slurs against him.

: are disturbing and annoying the rest of the exhibitors, not to mention
: the delegates, by shouting anti-jews messages and threatening other
: exhibitors? I did what a decent person would do, and that is to have
: them expelled and escorted out of the venue immediately, and I imposed a
: ban on these individuals from future events. Do I have a right to do so?
: Yes I do. Is it a fact? Of course it is when there are so many people on
: site who witnessed the fracas they're creating, and saw me evicting
: them.

Absolutely. That sounds like a justified reaction. I only wish they had
been exposed in a more public fashion. If someone in the security industry
is doing that, I want to publish an article about it so others can steer
clear from them.

: When one wants to dig dirt, I'm sure they will try to find something,
: and make a big fuss out of it. And its amazing to see some fabricated
: "information" that are being re-used again. OMG.. I can't help but burst
: into laughter when I read some of it. Just FYI - Jay Bavisi does not
: even have a Yahoo account! And did ECC go public with the FULL CONTEXT
: of the correspondence/communications between the author of the recent
: blog posting and Jay? They chose not to.

Dewhurst opted not to make them public either, to be fair.

Regarding the Yahoo account; how do you know? I mean seriously, step back
and be completely objective here. How do you know he didn't create a Yahoo
account at some point in the past? Or more recently without your
knowledge? Finally, what does the Yahoo account reference anyway? What is
the big deal if he did or did not?

: How about mentioning some of the good that was done (most recently at HH
: Miami with regards to one of our presenters)? Should we/I have bragged
: about it - then what does that make us? Again, a charlatan or a self
: bragging monster? LOL! So if the knife is out there for one, no matter
: what one does, he'll still be cut/sliced/dissected, one way or another.

There are ways to present your good work without being either. Companies
do it all the time. The trick is finding that nice balance of "we did
good" without bragging or inflating the action or worth of the actions.

: And btw, the question about my nationality? (Never knew this country
: looks into that) But well, I'm a proud Singaporean, born and bred, and
: working for a respectable US organization. [If its about nationality
: now, would it be racial or religion next?? OMG, I don't believe it!]

I haven't seen your nationality questioned. The only question regarding
'nationality' and ECC is really a very different issue. It is something
that is on my list to research, but it doesn't have to do with you, more
about ECC and their position in the industry, specifically related to
comments ECC has made.

: Look, I can't stop you on your crusade, neither am I attempting to do so
: here. And I am definitely not up for challenging you or what you're
: doing. Hey, its the Internet - one can say, write, feel however way they
: wish to! :) I'm sure you know best what you're doing. Since we had
: corresponded before, this is simply a personal note to you to share my 2
: cents worth of thoughts (not that it matters perhaps). As for ECC, I'll
: let them respond however they deem fit and if/when necessary.

A few thoughts here:

Until this mail, I didn't know you were that involved with ECC. As i said,
I haven't even begun to do the research that is required to get a fair
picture of the accusations and try to validate any of it. I was under the
impression your involvement was only a 'strategic partner' of sorts, due
to your involvement in the conference(s) you run.

My "crusade" ... I won't argue that term really. Consider it passionate
interest if you want. =) However, within 24 hours, and based on
information that was learned *BEFORE* the 'blog spam' fiasco exploded
(yes, ECC was very recently on our radar for other issues), there will be
a charlatan page put up. There is one thing I have personally confirmed
that is not up for dispute really; plagiarism. Worse? I am 99% sure that
the plagiarism issue goes considerably deeper, and I will be in a position
to take the time to validate that claim in the coming weeks.

The article I wrote covering the blog spam is more of a summary of the two
blog posts, Bavisi's response, and my own additional research that found
some interesting things not covered by the other two blogs. The article
ends that *we feel* ECC was responsible for it, but I believe I present a
good and fair picture, link to the ECC statement, etc. If there is any
additional information ECC would like to make public, please send it to
me.

The last thing I started poking around on last night was based on someone
noticing peculiarities about an ECC member's history. He claims to have
worked for a company that has no Google footprint. At all. That as you can
imagine, is very suspicious. So from my side, what does that mean? If he
is lying about employment history, that obviously calls into question the
rest of his history and more importantly, *why* is he lying about it. It's
those little strings we follow that tend to lead to the big stuff. There
may be an honest explanation to it, and if we can't find it, we *may* mail
him and ask for details.

Finally, in case it isn't obvious, almost all of the recent flap started
with other people sending us leads, information, and stories. As i said,
we had a few things about ECC from the past that were minor. Then, a
couple weeks ago we got the plagiarism lead which pushed ECC much higher
on the 'to research' list. The recent flap and stories have pushed them to
the top of the work pile.

Thanks for taking the time to mail and start this discussion.

Brian


From: Leonard Chin (chinleonard@me.com)
To: security curmudgeon (jericho-at_attrition.org)
Date: Thu, 01 Dec 2011 16:10:49 -0800
Subject: Re: my 2 cents

Hi Brian,

Thanks for the lengthy response, and I did take time to "digest"... :)

I'm kick-starting our conference in Vegas, and I will send you my response once things settle down here. But your response did get me thinking a lot.

Yes, more will be coming your way.

Regards

leo


From: security curmudgeon (jericho-at_attrition.org)
To: Leonard Chin (chinleonard@me.com)
Date: Fri, 2 Dec 2011 02:29:32 -0600 (CST)
Subject: Re: my 2 cents


: Thanks for the lengthy response, and I did take time to "digest"... :)
:
: I'm kick-starting our conference in Vegas, and I will send you my
: response once things settle down here. But your response did get me
: thinking a lot.

Sounds good. As a heads up, found additional plagiarism in ECC material
this evening. That means 2 confirmed, with the 3rd extremely likely.

: Yes, more will be coming your way.

Understood. If you feel that looping anyone else at ECC in is appropriate,
feel free. What I said to you applies to them. Specifically, if you would
like to bring Bavisi in, that may be good. I do have a few questions for
him, but I will reiterate; if his response is as hostile and accusatory as
it was toward Dewhurst, go ahead and keep this between us. We're at a
point where this isn't "accusations", and this isn't a conpsiracy theory
(e.g., the work of a competitor).

.b


From: Leonard Chin (chinleonard@me.com)
To: security curmudgeon (jericho-at_attrition.org)
Date: Fri, 2 Dec 2011 09:56:34 +0000
Subject: Re: my 2 cents

Hey Brian,

I'd be happy to connect and let the "source" speak to you.

Will do so in the AM.


You can note that I had no intention of publishing this correspondence, and I bet Bavisi et al was just as happy to leave it that way. But, Steve Graham decided to dig up old dirt and challenge my integrity.

From: security curmudgeon (jericho-at_attrition.org)
To: Leonard Chin (chinleonard@me.com)
Date: Fri, 2 Dec 2011 04:03:40 -0600 (CST)
Subject: Re: my 2 cents


: Hey Brian,
:
: I'd be happy to connect and let the "source" speak to you.

To be clear, anyone at EC-Council would *not* be a 'source' in the context
of the word, as applies to journalism. Meaning, a protected source that
will not be disclosed or quotes attributed to them.

While I currently have no intention of posting our entire correspondance
to the public, if a comment is made by an EC-Council staff or board member
that is best served by being published, I will.

CC accordingly. =)

.b


From: security curmudgeon (jericho-at_attrition.org)
To: Leonard Chin (chinleonard@me.com)
Date: Sat, 3 Dec 2011 22:04:31 -0600 (CST)
Subject: question about a PR


http://www.prweb.com/releases/prweb2011/9/prweb8811235.htm

Who wrote this?


From: Leonard Chin (chinleonard@me.com)
To: security curmudgeon (jericho-at_attrition.org)
Date: Sun, 04 Dec 2011 07:21:29 -0800
Subject: Re: question about a PR

We did have a pool of contract freelancers which we hired earlier, so looking at the dates, its written by them.


From: security curmudgeon (jericho-at_attrition.org)
To: Leonard Chin (chinleonard@me.com)
Date: Sun, 4 Dec 2011 12:53:57 -0600 (CST)
Subject: Re: question about a PR

On Sun, 4 Dec 2011, Leonard Chin wrote:

: We did have a pool of contract freelancers which we hired earlier, so
: looking at the dates, its written by them.

Odd, never heard of PRs being outsourced. Anyway, it has a few lines of
plagiarized content in it.


From: Leonard Chin (leonard@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Sanjay Bavisi (jay@eccouncil.org)
Date: Fri, 2 Dec 2011 13:56:57 -0800
Subject: Connect

Hi Brian,

I've copied in this email - Jay Bavisi, president of EC-Council.

You mentioned having some questions that you had, and I thought its best that I connected you both.

Please connect, and I think a call will be good for a start.

Thanks.

Best Regards

Leonard Chin
Director

Marketing, Conferences & Events (EC-Council)
Center of Advanced Security Training (CAST)
Global CyberLympics Organizing Committee (GCOC)
Hacker Halted USA | TakeDownCon | CAST Summit

Office: +1.505.341.3228 | US Cell: +1.505.908.9398 | Int'l Cell: +65.9790.7183 | Fax: +1.505.212.0828

leonard@eccouncil.org | Connect with me on LinkedIn | Follow me on Twitter

Global CyberLympics | http://www.cyberlympics.org | Follow on Twitter
Hacker Halted | http://www.hackerhalted.com | Follow on Twitter
TakeDownCon | http://www.takedowncon.com | Follow on Twitter
CAST | http://www.eccouncil.org/CAST | Follow on Twitter

EC-Council
http://www.eccouncil.org
6330 Riverside Plaza Ln NW
Suite 210
Albuquerque s
NM 87120
USA

NOTICE: This communication is meant only for the addressee (s) named above and may contain information 
which is and/or legally privileged. If you are not the named addressee (s), or the agent responsible 
for receiving and delivering this communication to the named addressee (s), this communication has been 
sent to you in error. If so, kindly contact us immediately for retrieval purposes. Unauthorized 
dissemination, distribution, copying or reliance on this communication is prohibited and may attract 
criminal penalties.


From: Jay Bavisi (jay@eccouncil.org)
To: Leonard Chin (leonard@eccouncil.org)
Cc: security curmudgeon (jericho-at_attrition.org)
Date: Fri, 2 Dec 2011 14:20:33 -0800
Subject: Re: Connect

Bryan,

Thank you for requesting to connect with me.

The fact that you are doing this prior to forming any opinion signifies your professionalism and I appreciate it.

I would be happy to speak to you to answer any questions you have.

What you see on the web is one side and naturally, as a founder, I am passionate about ECC and find it painful to 
see twisted facts. Sometimes my passion comes across as agreesion.....but that is not what it is meant to be.

Let's talk and let me take you through facts and then you are free to form your own opinion.

I just got to Vegas and I am on pacific time.

Give me a number you want me to call you and a time or you can call me instead on my cell at 15052740411

I do ask that you give me some times today as I am running some errands and want to be in a quite place when I speak to you.

P/s: To get you started in the right direction, I am asking for my office to send me the incorporation certificate of Michael Ray.


From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 2 Dec 2011 16:34:06 -0600 (CST)
Subject: Re: Connect


Hi Jay;

: The fact that you are doing this prior to forming any opinion signifies your professionalism and I appreciate it.

It is only fair, and a required step when doing Errata work. As i told
Leonard, we want as much information as possible, as it is the only way to
make an informed opinion.

: What you see on the web is one side and naturally, as a founder, I am
: passionate about ECC and find it painful to see twisted facts. Sometimes
: my passion comes across as agreesion.....but that is not what it is
: meant to be.

I assume you are referring to the 'blog spam' posting by Dewhurst. If so,
there was an update made by him that I did not see ECC comment on. From
his blog (in case you haven't re-read it since he updated):

   A hacker group called TeaMp0isoN had leaked the r00tsecurity.org forum
   database last year which happened to contain the IP addresses of the
   users when they registered. One of those IP addresses was the same one
   that left the SPAM on my blog. The IP address belonged to the
   "rkvishwakarma" username, who had registered with the
   "rajkumar@eccouncil.org" email address, a long time employee of
   EC-Council.

   http://www.gonullyourself.org/ezines/TeaMp0isoN/TeaMp0isoN%201.txt

Could you comment on this? Does this information help your internal
investigation? Who is "rkvishwakarma" / "rajkumar" within your
organization?

: I just got to Vegas and I am on pacific time.
:
: Give me a number you want me to call you and a time or you can call me
: instead on my cell at 15052740411
:
: I do ask that you give me some times today as I am running some errands
: and want to be in a quite place when I speak to you.

Honestly, I would like to keep this via email for the time being. We do
Errata work in our spare time, and it is easier to discuss these points
and give more informed replies after time to digest it. Since I personally
deal with hundreds of mails a day, it is also beneficial for my memory to
be able to go back and read something you said days prior. As for the
replies, I understand you travel a lot and are busy, so please take your
time and reply as permitted by your schedule.

: P/s: To get you started in the right direction, I am asking for my
: office to send me the incorporation certificate of Michael Ray.

Can you tell me a little about the company? Since there appears to be
absolutely no Google footprint, we have no idea what industry the company
is in, what country they are based out of, how big the company is (sounds
big given the description of your work there), etc.

Could you also clarify something, and you can chalk this up to my
ignorance of how the legal system works in the UK; your LinkedIn profile
says you were a Barrister at Law. Is that the equivilent of a lawyer in
the U.S.? Or does a Barrister work directly for the courts?

Finally, for now, could you give me a statement or opinion on EC-Council's
policy for dealing with plagiarism? Specifically, do you maintain a policy
to help ensure the material you publish does not include plagiarized
material? If plagiarism is detected, what is ECC's response or course of
action? I ask because I have found two confirmed cases of it, and am
99% sure there will be a third in the coming days.

Thanks,

Brian


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 2 Dec 2011 14:42:20 -0800
Subject: Re: Connect

Brian - there is so much detail to exain that i I did it, it will take so much time.

I understand your point about you doing it on your spare time - may I ask 10 mins to 
talk and explain and then I will write a summary for you.

As for RYan - I know about his post but you do not know the background and the twist.

I will explain it all.

May I ?


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 16:49:54 +0800
Subject: Re: Connect

Brian,

Since you did not respond to my request to chat, I assume you must be tied up.

I shall start my response before this weekend. I want to collect all the data to share, 
as much as we can, the facts with you.

I assume you will not publish anything until you have had a chance to review it, correct?

Thank You,

Regards,

Jay Bavisi
President and Chief Executive Officer,
jay@eccouncil.org
EC-Council
6330 Riverside Plaza Ln NW
Suite 210, Albuquerque
NM 87120, USA


From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 02:52:41 -0600 (CST)
Subject: Re: Connect


: Since you did not respond to my request to chat, I assume you must be
: tied up.

Yes. Currently working on a glass of Tequila and exposing another person
that plagiarizes large amounts of content for a magazine in India.

: I shall start my response before this weekend. I want to collect all the
: data to share, as much as we can, the facts with you.
:
: I assume you will not publish anything until you have had a chance to
: review it, correct?

Absolutely.

I would also like to request that you and/or EC-Council respond to one
point of my last mail in writing, as an official response that I may
publish, regarding plagiarism.

Thanks!

Brian


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 17:03:52 +0800
Subject: Re: Connect

Absolutely, when you read my response, you will know why we did not post anything on 
Ryan's site on that matter.

P/S : I have asked Leonard to share with you details of the guy we evicted who made 
Antisemitism comments and is apparently one of the best hackers of the world.

I understand that he  happens to be one of your supporters and informers.

I am sure you will investigate that story fairly like you plan to do with mine/ECC.

‚¶and I would like to see what the Security Community tweet's about that.

After you have made up your mind and hopefully, cleared us of any wrong doing, we 
should talk.

That way, you wont be influenced in any way.

Thank you for responding and enjoy your tequila.

Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 03:07:04 -0600 (CST)
Subject: Re: Connect


On Sat, 3 Dec 2011, Jay Bavisi wrote:

: Absolutely, when you read my response, you will know why we did not post
: anything on Ryan's site on that matter.

OK, but Ryan's site did not bring up the subject of plagiarism at all. I
wouldn't expect you to address that issue there.

: P/S : I have asked Leonard to share with you details of the guy we
: evicted who made Antisemitism comments and is apparently one of the best
: hackers of the world.
:
: I understand that he happens to be one of your supporters and informers.
:
: I am sure you will investigate that story fairly like you plan to do
: with mine/ECC.

Absolutely. If I can validate it, I will publish details.

: After you have made up your mind and hopefully, cleared us of any wrong doing, we should talk.

I'm afraid to say, I will not 'clear' you of all wrong doing. As i said, i
have found several instances of plagiarized content "written" by
EC-Council. I am still working on reviewing content (but not this
evening), and it will be another week before I can finish the reviews I
have planned.

: Thank you for responding and enjoy your tequila.

And enjoy Vegas =) You should be hitting a casino or club instead of
mailing me!

Brian


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 17:25:41 +0800
Subject: Re: Connect

OH - Sorry , I thought you were talking about the blog.

I will definitely respond to all of the 4 questions - including plagiarism.

If you are so confident, then you know something I don't.

I am not sure if you know about our licensed/permission based content?


Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 03:29:01 -0600 (CST)
Subject: Re: Connect


: If you are so confident, then you know something I don't.

100% confident. In case you weren't aware, detecting plagiarism is
something we have done quite a bit of work in:

http://securityerrata.org/errata/plagiarism/

http://securityerrata.org/errata/plagiarism/detecting_plagiarism.html

: I am not sure if you know about our licensed/permission based content?

Perhaps not, but I know that some of the plagiarized content is not
available for licensing (e.g., taken from U.S. government sources)..

For another set of content, I have already verified that you have a
license with the original creator. Yes, I try to be as thorough as
possible.

Brian


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 17:34:02 +0800
Subject: Re: Connect

Brian - If the content is outsourced ( some of ours is) it may be possible that mistakes may happen.

However, if you see a pattern or clear intent to plagiarize, it is a different issue.

However, this is a very serious allegation.

Would you share with me what you have found so that I can investigate this internally?


Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 03:38:50 -0600 (CST)
Subject: Re: Connect


On Sat, 3 Dec 2011, Jay Bavisi wrote:

: Brian - If the content is outsourced ( some of ours is) it may be
: possible that mistakes may happen.
:
: However, if you see a pattern or clear intent to plagiarize, it is a
: different issue.

Definitely a pattern. The volume and location of plagiarism is too great
to be a "rogue outsourced consultant".

: However, this is a very serious allegation.

As you can see from the links I sent, we're good at what we do. I stand by
our reviews.

: Would you share with me what you have found so that I can investigate
: this internally?

After I finish the last part of the review, yes. I will share all of the
details and the results of the research.

Brian


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 17:43:32 +0800
Subject: Re: Connect

Thanks Brian.

I am glad to know  that you will share this with us prior to going public. If 
this is true, it will be dealt with very seriously.


Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 03:48:35 -0600 (CST)
Subject: Re: Connect


On Sat, 3 Dec 2011, Jay Bavisi wrote:

: Thanks Brian.
:
: I am glad to know that you will share this with us prior to going
: public. If this is true, it will be dealt with very seriously.

I don't want to give details until the review is done, to ensure it is as
accurate as possible. I have emails out to some sources asking about
licensing and permission for example, some of which have been answered,
and some have not.

However, plagiarism has been found in:

        EC-Council Certified Incident Handler (ECIH) Course
        EC-Council Alchemy Blog

In addition, I have two EC-Council books being shipped here, due to arrive
next week. Both of them appear to have plagiarized content in them as
well, based on Google searches and some of the book material being
available online. However, without the book in hand, I cannot verify it so
I can't speak to the accuracy of the preliminary findings.

Brian


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 18:33:53 +0800
Subject: Re: Connect

You know, we use a software called ithenticate. We pay a significant sum for 
every word it verifies.

However, looks like you found stuff we did not or it was swept under the radar 
from me without the use of the software. I will have to investigate this.

Please point me to the right direction. What courseware other than this that I 
need to look into.

I want to do it all but start with the ones in focus.

I will investigate ECIH and Alchemy immediately.


On a personal note - If it is true, I wonder why someone like you would not 
offer these services to companies like mine.

It would be so beneficial and ensures that such embarrassing situations don't arise.

Anyways, once you tell me what you know, I will deal with this appropriately.


Thank You,

Regards,

Jay Bavisi
[..]

From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 18:49:35 +0800
Subject: Re: Connect

Brian - One more thing.

For ECIH - I hope you are looking at the entire book with the references and not 
just the power point slides that we sent to a reviewer (We both know him).

We have references in ALL of our manuals based on permissions we get and fair use.

If you see stuff that is not in the references, then it is of GRAVE CONCERN to me.

Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 04:51:39 -0600 (CST)
Subject: Re: Connect


On Sat, 3 Dec 2011, Jay Bavisi wrote:

: You know, we use a software called ithenticate. We pay a significant sum
: for every word it verifies.

I am familiar with the software. It is *horrible*. It wasn't able to catch
any of the plagiarism I found by hand. When I mailed the creator of it
suggesting a few enhancements, he basically said "no" saying his customers
wouldn't care. I thought he was an idiot for dismissing the ideas so
quickly.

: However, looks like you found stuff we did not or it was swept under the
: radar from me without the use of the software. I will have to
: investigate this.
:
: Please point me to the right direction. What courseware other than this
: that I need to look into.

That is the only course I have examined.

: I will investigate ECIH and Alchemy immediately.

The Alchemy Blog is trivial to find. There are 3 posts, all 3 are taken
100% from C|Net articles.

: On a personal note - If it is true, I wonder why someone like you would
: not offer these services to companies like mine.

Doing this by hand is time consuming, and not profitable. While the
results are substantially better than automated services, no one will pay
me a decent amount of money to do it.

By day, I do a considerable amount of technical editing. Word is out in
the community that I am a pretty good tech editor. I have had 2 authors
ask me to tech edit their books for them, neither has offered me money,
just "a few copies of the book".

Brian


From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 04:55:15 -0600 (CST)
Subject: Re: Connect


: For ECIH - I hope you are looking at the entire book with the references
: and not just the power point slides that we sent to a reviewer (We both
: know him).

I reviewed the PPT presenter slides for a few modules of ECIH, and one PDF
that had the presenter slide and notes for one module. The PDF had no
additional footnotes or citations for that module. In addition, there was
no appendix or 'references' section in the document either.

As for the *book*, as I said, I have 2 EC-Council books on the way but I
have not received them yet.

Brian


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sun, 4 Dec 2011 04:05:13 +0800
Subject: Re: Connect

ok, that may explain it. The references are normally in the end of the books 
and in some at the end of the chapters.

I can send it to you if you like. Why don't you wait for the books and then 
let me know.


Thank You,

Regards,

Jay Bavisi
[..]

While the next mail may seem like a legitimate offer, think about it. What company, especially one of this size, would hire someone full time just to check for plagiarism, rather than issue explicit rules about proper citation and performing their own spot checks using the guidelines available from us and other sources? While I did not say this to him, I firmly believe this was a bribe of sorts. If I had agreed to work for EC-Council, of course I could not publish any of the material that I ultimately did.

From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sun, 4 Dec 2011 04:18:24 +0800
Subject: Re: Connect

Brian - If you can show me you are better than Ithenticate, I will hire your services 
but prefer you working full time for us. There is so much to verify, I want every word 
verified. I can send you our ithenticate contract and the 500,000 pages usage !

Having someone with a proven skill to do the tech edits and anti plagiarism checks will 
be awesome‚¶..but we did not know anyone that:

a) We could trust to do a good job
b) Had fantastic english
c) Has technical background ‚¶respect in the community is a plus too.

You may choose to insult us publicly or help us solve a challenge that ithenticate 
can't fix. It's up to you, Brian.

But - If the system failed us, you should not call us frauds.You are influential and it 
will kill a lot of the work we did in such a short amount of time.

We are very serious about integrity. The fact that you would even consider placing my 
name or my organizations onto Charlatan was an insult that made me lose sleep and ruined 
my December. My team had the exact same reaction. What a Christmas!

  At this time, we are not sure so lets wait for your results where the failure 
was‚¶..but it was definitely not intended.

I really think we should talk‚¶..only if and when  you are comfortable.


Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 20:45:45 -0600 (CST)
Subject: Re: Connect


On Sun, 4 Dec 2011, Jay Bavisi wrote:

: ok, that may explain it. The references are normally in the end of the
: books and in some at the end of the chapters.
:
: I can send it to you if you like. Why don't you wait for the books and
: then let me know.

Yep, like I said, two on the way. That will give me a good idea what is
there.

The question then becomes, are the books handed out as part of the class?

Brian

p.s., In case you didn't see, two more plagiarizers exposed in the last 24
hours, thus the me being busy part =)

        http://securityerrata.org/errata/plagiarism/bennet_bayer.html

        http://securityerrata.org/errata/plagiarism/r_manoj.html


From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 20:51:56 -0600 (CST)
Subject: Re: Connect


: Brian - If you can show me you are better than Ithenticate, I will hire
: your services but prefer you working full time for us. There is so much
: to verify, I want every word verified. I can send you our ithenticate
: contract and the 500,000 pages usage !

Honestly, I don't believe you could match my current salary, and I don't
think I would be happy doing that full time.

: a) We could trust to do a good job
: b) Had fantastic english
: c) Has technical background ?respect in the community is a plus too.

There are a lot that can, but again, the money isn't there. Tech editors
are not considered a high dollar position (rightfully so usually).

: You may choose to insult us publicly or help us solve a challenge that
: ithenticate can't fix. It's up to you, Brian.

I don't believe the Errata articles are particularly insulting, not most
of them at least. That kind of prejudicial wording is not appropriate in
my opinion.

: But - If the system failed us, you should not call us frauds.You are
: influential and it will kill a lot of the work we did in such a short
: amount of time.

I cannot say the system has failed you though. The only way I could do
that is plug all of this into iThenticate and see the results.
Unfortunately, they require specific formats to be used for uploads, and a
lot of the material I am reviewing is not in those formats (e.g., PDF).

: We are very serious about integrity. The fact that you would even
: consider placing my name or my organizations onto Charlatan was an

Once again, you are being defensive and prejudicial in your reply to me,
the same way you were with Dewhurst. You are insulting me, my work, and MY
integrity by challenging me in this manner. My track record in exposing
frauds and plagiarism has only been challenged by the people I am
exposing, in an attempt to hide my work. It has not been challenged by
anyone else in the industry, despite being peer reviewed.

If your goal is to insult me, so be it, we can end our communication here.

Brian


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sat, 3 Dec 2011 20:20:44 -0800
Subject: Re: Connect

Brian - no insult was intended.

Sometimes e- mails do not reflect the actual emotions intended.

Once again - I you feel I was insulting you, I apologize. That was not my intent.


I will give it to Bavisi, he did share a lot of information during this process. The next mail is considerably long.

From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sun, 4 Dec 2011 16:08:07 +0800
Subject: Re: Connect

Brian,
 I thought I should respond to your questions before TDC starts as it will be a very 
hectic week for me. I hope this helps.
QUESTION
I assume you are referring to the 'blog spam' posting by Dewhurst. If so,
there was an update made by him that I did not see ECC comment on

ANSWER
 Here is the background :

Ryan wrote his initial post on the web and I responded with mine on his blog.

He took offense and wrote to me the next day and asked me to apologize for my 
response "... for putting my integrity into question"

I responded :

Thank you for writing to me. Your e-mail is acknowledged.

Lets be honest, no respectable organization will tolerate such behavior‚¶..especially from an employee.

If this was to an employee, I will fire the person as soon as I see the evidence.

As for the issue of apology, I only questioned why you did not write, call or even a smoke 
signal to me or anyone at ECC prior to publishing this publicly and not for raising this concern.

As such, I do not see any reason to apologize.

He responded :

I understood your response differently than how you have just described. I felt your response questioned 
my integrity which is what I would have liked an apology for. If you feel you do not have reason to 
apologize, that is OK.

The IP address that left the spam on my blog was this one, --------------, which originates in Hyderabad, India.

A forum database was leaked online by, an employee of yours Raj Kumar Vishwakarma posted a comment on the 
blog before the leak using the same IP address.

The leaked information can be found here (search for the IP or the employees email address):

http://download.adamas.ai/dlbase/ezines/TeaMp0isoN/ezine1.txt

If you feel the same way as me, that the evidence is indisputable, please acknowledge it publicly, simply 
for the fact that I questioned your companies integrity, a good way to get that back would be to do the right thing.

I will not mention the employees name publicly.

I told him if we could chat and he connected via Skype at approximately 10:00:45 AM GMT+08:00, Nov 29, 2011

He then gave me the name of an employee that used the same IP address when he registered on another site.

We had a short cordial conversation during which time and I told him we do not condone such behavior and told 
him that  I am going to investigate this and should  issue a statement in 24 hours.

At             November 30, 2011 1:29:03 AM GMT+08:00


Ryan write's to me :

Hi Jay,

I was wondering what time I should expect your public comment on the spam issue.

My university tutor is concerned about my ethics being put into question. The university are very touchy about students.

Your comments will help me clear my name to them.

Thank you,
Ryan

I responded

Het Ryan,

It is 1.49 am in Asia now and I just concluded a call with my investigative team in India. They have been at this all day.

Bad news is that we are still trying to get detailed evidence but due to the length of time, this is not going to be 
easy...... Or perhaps it may not even be possible .

Honestly, the hopes of retrieving logs that old are pretty bleak but we are doing our best.

I am boarding a flight back to the US in a few hours and that will get me out of pokey ( meant to be pocket) for 48 hours.

Hopefully by the time I land, I will have to look at why we have on hand and decide.

I will keep you posted.

Regards,

Jay Bavisi

I said this before getting to the airport to start my long trip to the US. The other reason was that we could not get to 
the log files that would have been critical for us to identify the actual employee so that we can deal with it
with our lociies. What I asked the team to do was to conduct a forensic analysis to see if we could retrieve the logs. 
It was impossible to conduct that on over 4o machines in less than 8 hours.

Brian - this was exactly, 15 hours after my call from my 24 hour dateline.

24 hours to conduct the forensic analysis would have been impossible and I cannot fire someone or anyone until I have 
concrete proof of the exact person.

He responded :

Hi Jay,

I have told everyone to expect a statement within 24 hours as you promised.

Now I am going to have to tell everyone to wait until when, exactly?

I think instead I am just going to publish the evidence I have and clear my own name.

Thanks,
Ryan

‚¶.and proceeded to name the employee against his representation to me in his e-mail and before the expiry of the 24 hours.

We did some investigation as to why his so called "mail to ECC" were not responded ( as he said he sent a few mail and 
some time ago) and found only one mail from him.

From: CertManager ‚™‚¨
Date: Tue, Nov 29, 2011 at 5:48 PM
Subject: FW: EC-Council - CEH - Unethical Behavior

It was sent only on Nov 29th ! He did not even give us a chance to respond before he blogged about it !

Ryan wrote a blog WITHOUT connecting to us PRIOR to going public. Is that ethical?

But  you choose to come to us prior to making up your mind and even agreed to submit to us your findings before going public.

He promised not to name the employee - at least in the 24 hours - he did!

He gave me 24 hours to post a comment - but in less then 16 hours, he posted his "update" when I was as upfront as I 
could about the situation.


QUESTION

.   "rkvishwakarma" username, who had registered with the
  "rajkumar@eccouncil.org" email address, a long time employee of
  EC-Council.

  http://www.gonullyourself.org/ezines/TeaMp0isoN/TeaMp0isoN%201.txt

Could you comment on this? Does this information help your internal
investigation? Who is "rkvishwakarma" / "rajkumar" within your
organization?


ANSWER

No the information does not help to identify the person that wrote the specific blog in question. Rvishkarma 
is a long standing member of ECC‚s team in India.

QUESTION

Can you tell me a little about the company? Since there appears to be
absolutely no Google footprint, we have no idea what industry the company
is in, what country they are based out of, how big the company is (sounds
big given the description of your work there), etc.

ANSWER

I am surprised that you think this is a big company. What made you think that?

 What kind of a big company would not have a website.

But it did exist!

This was a startup that I founded and never took off. It was incorporated in Hong Kong.

We were testing a model with my family business and if that took off, we were going to commercially offer 
the services.

We managed an existing system for the business owned by my family and to create a secure system to manage 
the import and export for them. They wanted to hook up to their national reseller database and then take it bigger.

Point is - the business never took off and the company is dormant.

I just realized that I had my dates of my involvement on LinkedIN wrong. I mentioned it was 2001-2004 when it was 2004 - 2007.

I have corrected it, yesterday.

In case you have doubts, I have attached the incorporation certificate for your reference. I trust you will treat it confidentially.

QUESTION

Could you also clarify something, and you can chalk this up to my
ignorance of how the legal system works in the UK; your LinkedIn profile
says you were a Barrister at Law. Is that the equivalent of a lawyer in
the U.S.? Or does a Barrister work directly for the courts?

ANSWER

UK has a dual system ‚ a solicitor and a barrister. A Barrister pleads to the higher courts as an officer of the court.

You may check out the definitions on dictionary.com etc for a full definition.

In the US ‚ You are either an attorney or not. It is a single and fused system.

However, I was admitted as an Advocate and Solicitor in the High Court of Malaya and hence I am an attorney 
too ‚¶.but not a practicing one.

QUESTION

Finally, for now, could you give me a statement or opinion on EC-Council's
policy for dealing with plagiarism? Specifically, do you maintain a policy
to help ensure the material you publish does not include plagiarized
material? If plagiarism is detected, what is ECC's response or course of
action? I ask because I have found two confirmed cases of it, and am
99% sure there will be a third in the coming days.

ANSWER

As you will see in our Code of Ethics published on our website:

Privacy:
Keep private any confidential information gained in her/his professional work, (in particular as it pertains to client lists 
and client personal information). Not collect, give, sell, or transfer any personal information (such as
name, e-mail address, Social Security number, or other unique identifier) to a third party without client prior consent.

Intellectual Property:
Protect the intellectual property of others by relying on her/his own innovation and efforts, thus ensuring that all benefits 
vest with its originator.

Unauthorized Usage:
Never knowingly use software or process that is obtained or retained either illegally or unethically.

Authorization:
Use the property of a client or employer only in ways properly authorized, and with the owner‚s

Within each of these statements, you may notice a common thread having to do with the use of content. EC-Council is a vendor 
neutral, partner centric organization. We have created a marketplace of partnerships with use agreements in place to 
cooperatively publish and re-publish content from many many sources. In part, this gives EC-Council a unique strength, 
instead of a traditional Author approach to our content, we work through partnerships and re-use agreements. Our policies 
are designed specifically to protect and cooperate with our partners and contributors. In the event plagiarism is identified 
where re-use agreements or other forms of partnership do not exist, we will investigate, validate and remediate. In the event 
any harm is done, we would seek to remedy that with the parties involved either privately or publicly and in all cases, we 
will immediate resolve the issue at hand with professionalism and ethics. Once you submit your findings to us, I will be able 
to reflect and respond appropriately.


Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Date: Wed, 7 Dec 2011 17:15:12 -0600 (CST)
Subject: Re: Connect


Thanks for your detailed answers. I have read through once and will read
it again later to make sure I understand everything. Some of my questions
are cleared up, I likely have follow-up to a couple of them.

.b


From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Wed, 7 Dec 2011 17:11:28 -0600 (CST)
Subject: licensed/permission based content (was Re: Connect)


On Sat, 3 Dec 2011, Jay Bavisi wrote:

: I am not sure if you know about our licensed/permission based content?

I have a copy of "Ethical Hacking and Countermeasures, Threats and Defense
Mechanisms" by EC-Council Press / Course Technology/Cengage Learning.

I do not see anything in the front of the book indicating licensed
content, see no footnotes at the end of chapters, no appendix listing
sources, etc. Using this book as an example, where would I find the
content that is licensed or you have permission to include? If it isn't in
the book, can you provide a list?

Brian


Remember, Graham claims that there is no plagiarism, that EC-Council published first. Given that some of the material was taken was originally published in 1998, while EC-Council was founded in 2001. Regardless of what Graham claims, it simply is not true.

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Wed, 7 Dec 2011 19:16:47 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


: : I am not sure if you know about our licensed/permission based content?
:
: I have a copy of "Ethical Hacking and Countermeasures, Threats and Defense
: Mechanisms" by EC-Council Press / Course Technology/Cengage Learning.
:
: I do not see anything in the front of the book indicating licensed
: content, see no footnotes at the end of chapters, no appendix listing
: sources, etc. Using this book as an example, where would I find the
: content that is licensed or you have permission to include? If it isn't
: in the book, can you provide a list?

Yeah, please consider this a formal request for a list of material that
has been licensed by EC-Council to be used in this book without
attribution.

According to page xvii, the author of this book is Michael H. Goldner.
Would you also clarify if he is a contractor or employee of EC-Council?

Thanks,

.b


p.s. You can read into the above as confirmation that I have found
extensive material taken from six different sources in the first 14 pages
of the book, all of which pre-date the book publication date (including
two from 1998).


Lest anyone think this is a witch-hunt, I also notified EC-Council when their work was being used without appropriate citation.

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Thu, 8 Dec 2011 15:48:12 -0600 (CST)
Subject: EC-Council work being used w/o authorization


Looks like EC-Council's material is being used w/o attribution in a few
places. While reading through Ethical Hacking and Countermeasures :
Threats and Defense Mechanisms, found these pages that appear to be using
content from chapter 1:

http://www.amarjit.info/2009/05/trojans-and-backdoors-5-wrappers.html

http://buddyhack.wordpress.com/2011/04/29/trojans-and-backdoors-5-wrappers/

http://www.alhasebat.net/vb/attachment.php?attachmentid=245&d=1146392065

You will need to do a full analysis before contacting them. There is
enough material that appears to be directly from the book, but please
verify.

.b


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 16:56:13 +0800

Noted with thanks. We will investigate.


Thank You,

Regards,

Jay Bavisi
[..]

As I said to Graham on Twitter, Bavisi did try the blame-shifting game.

From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 17:01:07 +0800
Subject: Re: licensed/permission based content (was Re: Connect)


I have a copy of "Ethical Hacking and Countermeasures, Threats and Defense
Mechanisms" by EC-Council Press / Course Technology/Cengage Learning.

This book belongs to Cengage Learning. It is written and published by them for our exam standards in our name.
They hire authors, they write the content, they transfer copyright to ECC and they publish it in our name based on our exams.

According to page xvii, the author of this book is Michael H. Goldner.
Would you also clarify if he is a contractor or employee of EC-Council?


Michael Goldner is not an EC-Council employee or a contractor of EC-Council. You will need to 
contact Cengage for all questions pertaining to this series.


Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 03:01:17 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


: : I do not see anything in the front of the book indicating licensed
: : content, see no footnotes at the end of chapters, no appendix listing
: : sources, etc. Using this book as an example, where would I find the
: : content that is licensed or you have permission to include? If it isn't
: : in the book, can you provide a list?
:
: Yeah, please consider this a formal request for a list of material that
: has been licensed by EC-Council to be used in this book without
: attribution.
:
: According to page xvii, the author of this book is Michael H. Goldner.
: Would you also clarify if he is a contractor or employee of EC-Council?

Did more examination this evening. Even if EC-Council licenses material,
there is at least one case where this book uses an image from a Syngress
book published in 2006, without attribution, *and* slaps the Copyright
EC-Council warning under it. While I do not doubt you have licensed some
content, I cannot imagine that the license allows for you to in turn
copyright the material as your own.

I am afraid we're looking at substantial plagiarism in "Ethical Hacking
and Countermeasures : Threats and Defense Mechanisms" based on the
examination so far. I hope to conclude my examination tonight, tomorrow at
the latest.

Brian


From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 03:03:52 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


: This book belongs to Cengage Learning. It is written and published by
: them for our exam standards in our name. They hire authors, they write
: the content, they transfer copyright to ECC and they publish it in our
: name based on our exams.

: Michael Goldner is not an EC-Council employee or a contractor of
: EC-Council. You will need to contact Cengage for all questions
: pertaining to this series.

I can certainly do that, but understand that the book has "EC-Counil |
Press" in the upper right hand corner, and "Course Technology / CENGATE
Learning" in the upper left. At the bottom is a large C\EH Certification
logo as well.

While this may be 'their' book, it is certainly branded as EC-Council and
C|EH.

I'd expect you to be a little more angered by what I have found. Enough
to warrant something more than "contact them". If they are at fault, but
branding the book under your name, you should seriously consider legal
action against them.

Brian


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 17:06:44 +0800


I have reached out to them yesterday and am awaiting them to respond back.


Thank You,

Regards,

Jay Bavisi
[..]

From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 17:07:34 +0800
Subject: Re: licensed/permission based content (was Re: Connect)


ok - thanks for the update. I would like to know whatever you learn so that I can act accordingly.


Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 03:11:22 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


On Fri, 9 Dec 2011, Jay Bavisi wrote:

: ok - thanks for the update. I would like to know whatever you learn so
: that I can act accordingly.

I will share my findings regarding this book with you after I complete
the review, before publishing anything.

If CENGAGE is ultimately responsible, you should also start giving thought
to how you and EC-Council will respond should we find plagiarism in
additional books. Note, very preliminary results suggest that is the case.
The second "EC-Council" book has not arrived yet, so I cannot verify it
presently.

Brian


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 17:13:44 +0800
Subject: Re: licensed/permission based content (was Re: Connect)


As soon as I learn from you, I will ask them to update the errata page on the site of the book.

We do have an extensive license with Syngress but it is for our official guide.


Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 03:19:33 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


On Fri, 9 Dec 2011, Jay Bavisi wrote:

: As soon as I learn from you, I will ask them to update the errata page
: on the site of the book.

This is not errata. Errata is a list of errors, meaning technical errors,
typos, etc.

This is *outright plagiarism*. This is unethical behavior and a civil
offense in many countries.

: We do have an extensive license with Syngress but it is for our official
: guide.

As I said, even if CENGAGE has a similar license, I would bet a dollar it
does not allow for them to try to copyright Syngress images to EC-Council.
Let me make sure you understand that. While you are telling me this is
CENGAGE's doing, they are slapping an EC-Council copyright on their book,
and on each individual graphic. One way or another, EC-Council is
partially culpable in this.

Brian


This next mail is the first entire draft of the plagiarism review for one of their books. You can see how it starts, before it becomes a write-up on Errata. I am redacting most of it because it is a long mail.

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 9 Dec 2011 03:46:49 -0600 (CST)
Subject: Preliminary review of 'Ethical Hacking and Countermeasures : Threats and Defense Mechanisms'


Jay;

The following are rough notes based on a brief review of the book 'Ethical
Hacking and Countermeasures : Threats and Defense Mechanisms', bu Course
Technology / CENGAGE Learning and branded as EC-Council | Press. The
copyright is 2010 to EC-Council, not CENGAGE.

This review is based on spot checking three chapters, but not in their
entirety. Based on what I found, I didn't feel the need to go any further.
Given the wide variety of where the material was taken from, I believe it
is clear that the author, Michael H. Goldner, plagiarized content without
permission or attribution. In many cases, he changed wording enough to
make it fit in this book, and possibly as a method for attempting to
obscure the plagiarism.

Please remember, these are my very rough notes, something that I do not
publish and generally do not share with anyone.

Brian

--

1-2 definition of trojan horse from
http://www.starstandard.org/guidelines/DIG2011v1/ch11s03.html
1-4 trojan section. some verbatim, some paragraphased from
http://web.archive.org/web/20081209053403/http://www.aboutonlinetips.com/what-is-trojan-horse-and-how-to-recover-from-a-trojan-horse-infection/
        p1, s1 = verbatim
        p2, s1 / s2 = verbatim
        p4, s1 / s2 = almost verbatim
        p5, s2 = almost verbatim
        p7-13 (~50% of page) = verbatim from
http://www.itexperts4u.com/blog/2009/03/places-where-trojans-hide-in-ur-system/
March 11th, 2009

http://www.data4experts.com/2009/07/where-do-trojans-hide-in-our-system.html
July 04, 2009
1-5 different ways a trojan can get into a system, first 6 of 8 same
list/order as 1-4 link
1-9     p2-7 = uses almost 100% of text verbatim from this resource, but
expands on it.

[..]

From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Date: Sat, 10 Dec 2011 03:25:09 +0800
Subject: Re: licensed/permission based content (was Re: Connect)


I know. What I meant is until I do not have all the details, I cannot be for sure what is 
errata and what is plagiarism on the books written by Cengage.

As soon as I do have the information, I will take this up with Cengage.


Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Date: Fri, 9 Dec 2011 18:02:28 -0600 (CST)
Subject: Re: licensed/permission based content (was Re: Connect)


On Sat, 10 Dec 2011, Jay Bavisi wrote:

: I know. What I meant is until I do not have all the details, I cannot be
: for sure what is errata and what is plagiarism on the books written by
: Cengage.
:
: As soon as I do have the information, I will take this up with Cengage.

I sent the preliminary notes to you last night.

I have a contact at Syngress will verify the presence of a license on
Monday morning.

Brian


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sun, 11 Dec 2011 14:36:30 +0800
Subject: Re: Preliminary review of 'Ethical Hacking and Countermeasures : Threats and Defense Mechanisms'

Brian,

Thank you for these notes. I appreciate it.

Somehow this mail did not make it to my mobile. I will take this up with the folks at Cengage .


Thank You,

Regards,

Jay Bavisi
[..]

From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Sun, 11 Dec 2011 01:38:27 -0600 (CST)
Subject: Re: Preliminary review of 'Ethical Hacking and Countermeasures : Threats and Defense Mechanisms'


: Thank you for these notes. I appreciate it.
:
: Somehow this mail did not make it to my mobile. I will take this up with
: the folks at Cengage .

Excellent. If they push back, remind them that another book from Thomson
Course Technology (that later became Course, part of Cengage) was also
found to have plagiarism.

http://securityerrata.org/errata/charlatan/ankit_fadia/network_intrusion/


From: security curmudgeon (jericho-at_attrition.org)
To: Jay Bavisi (jay@eccouncil.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Thu, 15 Dec 2011 17:49:58 -0600 (CST)
Subject: Re: Preliminary review of 'Ethical Hacking and Countermeasures : Threats and Defense Mechanisms'


Hey Jay;

Any word from Cengage on this?

.b


From: Jay Bavisi (jay@eccouncil.org)
To: security curmudgeon (jericho-at_attrition.org)
Cc: Leonard Chin (leonard@eccouncil.org)
Date: Fri, 16 Dec 2011 12:01:11 +0800
Subject: Re: Preliminary review of 'Ethical Hacking and Countermeasures : Threats and Defense Mechanisms'


Spoke to the Executive Editor personally and expressed my concern over the issue. He promised 
to investigate this as it was contracted out and revert.


Thank You,

Regards,

Jay Bavisi
[..]

After this, there was no further word from Bavisi, and no more direct contact from either side.


At some point after this email, days or perhaps a few weeks, a prominant member of EC-Council, who I will not name at this time should anything happen, chatted with a mutual friend. However, he did not know it was a mutual friend; he chatted thinking the person disliked me. Given the blatant threat, the mutual friend thought it fair to warn me.

i don't want to go head on with you (for whatever reasons) in public.. but 
i've been whacked hard enough by malicious and false allegations that i'm now going to 
strike back (and I'm not referring to you)...

haha.. let's not get in each other's way.. there's more for us to be able to do together 
then gun slinging in twitter...!


A Few Parting Comments

During the entire saga above, I reached out to several parties to ask if they had given permission for EC-Council to use their work. In a couple cases, EC-Council had asked for and obtained permission to use third-party material. This is great! Unfortunately, several people responded that no, they had not been asked, let alone given permission. I can only guess that due to the amount of material used from other sources, someone decided they did not need to obtain permission from most sources.

You can also see from this exchange, that EC-Council did not "[legally prove their] publish date was first", and that Graham's accusation that we "omitted that on [our] site" is an outright lie. While I have no doubt Bavisi and/or Chin shared our emails internally, note that Graham was not in the email exchanges.

The thread above shows that I went above and beyond in giving EC-Council a chance to explain the plagiarism, help figure out who was ultimately responsible, and even warned them when their work was being used unfairly. I was not hostile, did not make any threats, and gave them a considerable amount of time to research the issue on their side before eventually publishing.

Ultimately, Steven Graham's comments on Twitter are indicative of the kind of people hired by EC-Council, at least from my personal experience. Graham accused Attrition and me specifically of lying, which I will not tolerate. The email exchange above should make it abundantly clear who is at fault here.


Shortly after posting, Graham made the following comment:

Really Steve? You wanted the emails published, now you insult me, and libel me more? Please, feel free to publish the supposed 'lies' of mine since you did all this extensive research. Please note, that just about every charlatan has made the same claim, and the only thing published so far has been an obvious smear campaign, not the truth.


main page ATTRITION feedback