Gregory D. Evans / LIGATT Twitter Plagiarism

on May 24 22:56:34 CDT 2010

attrition.org

On May 5, 2010, LIGATT announced a new daily Twitter campaign to teach people how to become a hacker in 15 minutes:

ATLANTA, GA-May 5, 2010 . LIGATT Security International, (OTC: LGTT) a cyber security company, announced the launch of their first social media campaign that will inform their followers on how to become a computer hacker in 15 minutes. The concept of this campaign is to educate LSI's followers how to think like a computer hacker.

Beginning May 12, 2010 LIGATT Security will began to tweet daily tips on how a person can hack into an individual's wireless network. How to Become a Hacker in 15 minutes is a series of security applications prepared by the world's no. 1 Hacker, Gregory Evans. This short training course displays how a hacker can find anyone by their email address, and how to hack into a personal computer to steal an individuals' personal information.

The twitter messages will include step-by-step instructions on how to become a computer hacker so that LSI's twitter followers will be able to protect their wireless networks from being hacked.

The first 'lesson' on "how to become a hacker" and second 'lesson' on "footprinting" were insipid and a far cry from teaching anyone to be a hacker, especially in 15 minutes. However, as the third 'lesson' rolled around covering 'scanning', the tweets quickly became suspect. After a couple Google searches, it was easily confirmed that LIGATT is simply copying most material directly from The CEH Prep Guide: The Comprehensive Guide to Certified Ethical Hacking. This constitutes outright plagiarism for most of the tweets.

For some of the tweets, the line between paraphrasing and plagiarism is blurry. According to the California State University Library guide on How to Avoid Plagiarism, there are two key points in determining if a piece of work is plagiarized or paraphrased. The first is that paraphrased material must be credited. LIGATT did not credit the source of their 'hacker' tweets in the initial press release or via Twitter at any point. While we have marked some tweets as "not plagiarized" below, in reality several are.

When considering if LIGATT's tweets are plagiarized versus paraphrased, CSU's guide on "Unacceptable Paraphrase" was used:

Unacceptable paraphrase is usually caused by making only superficial changes to the original text such as replacing some of the words with synonyms or changing the sentence order. The paraphrase is so close to the original that it is considered essentially a direct quote without attribution. Unacceptable paraphrase, particularly close paraphrase, usually shows the student does not have a significant understanding of the subject and opens the possibility of misrepresenting the original author's ideas.

Based on that outline, attrition.org feels that some of the tweets would be characterized as paraphrasing, if they were properly credited.

Moving forward, we wonder if Chris Sweigart of WXIA 11Alive News in Atlanta will do a follow-up piece to his three paragraph puff piece about the LIGATT Twitter stunt.

UPDATE: On May 24, this article was published demonstrating the blatant plagiarism by Evans. The material included in Lesson 1 through 3 included below were included. We assumed that exposing this activity would prompt LIGATT and Evans to quit the 'campaign', or at the very least quit plagiarizing. Instead, he waited three days and resumed the 'learn to hack' Twitter campaign, and continued to plagiarize from the same source primarily.


Lesson 4: Hacking Techniques


Plagiarism? @LIGATT Tweet Source Source Quote
service set identifier is an I.D. value programmed in the access point to identify the local wireless subnet. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
The service set identifier (SSID) is an identification value programmed in the access point or group of access points to identify the local wireless subnet.
WLANs are susceptible to the same attacks that of LANs but also have their own set of unique vulnerabilities. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Wireless LANs are susceptible to the same protocol-based attacks that plague wired LAN but also have their own set of unique vulnerabilities.
Cross Site scripting is created by failure of Web-based app to validate user input before returning to client. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
An XSS vulnerability is created by the failure of a Web-based application to validate user-supplied input before returning it to the client system.
Footprinting is the blueprinting of the security profile of an organization. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Footprinting is the blueprinting of the security profile of an organization.
Penetration testing(pentest)-a security testing method that gives an attacker insight into the target's network The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Penetration testing is a security testing methodology that gives an attacker insight into the target.s security posture and the strength of the target's network security.
Session hijacking - when an attacker takes over an existing communication that has been started by a valid user. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Session hijacking occurs when an attacker takes over an existing, authenticated communication that has been initiated by a valid user.
Denial-of-service(DoS) attacks reduce or eliminate the availability of computing resources to authorized users. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Denial-of-service (DoS) attacks reduce or eliminate the availability of computing resources to authorized users.
Sniffing is the process of gathering traffic from a network by capturing the data as it passes. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Sniffing is the process of gathering traffic from a network by capturing the data as they pass [..]
The wrapper attaches a harmless file to a Trojan's payload, the executable code that does the real damage. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
The wrapper attaches a harmless executable, like a game, to a Trojan's payload, the executable code that does the real damage, [..]
A wrapper is a program used to combine two or more executables into a single packaged program. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
A wrapper is a program used to combine two or more executables into a single packaged program.
Trojans usually spoof their origin so that their attacks can not be traced to the actual perpetrator. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Trojans usually spoof their origin so that their attacks can.t be traced to the actual perpetrator.
Backdoor is a means of gaining access to a system by bypassing the normal authentication security procedures. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
For example, a Trojan can install a backdoor program that allows a hacker to connect to a computer without going through the normal authentication process.
A rootkit is a collection of software tools that a hacker uses to obtain admin-level access to a computer. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
A rootkit is a collection of software tools that a cracker uses to obtain administrator-level access to a computer or computer network.
After gaining admin access to a system an attacker will remove signs of his presence,known as Covering Tracks. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Covering Tracks: .. Once a hacker has successfully gained Administrator access to a system, he or she will try to remove signs of his or her presence.
Privilege escalation is elevating your network privilege to that of an admin to gain full control of the system. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
This means that the next step the attacker will probably take is to try to elevate his or her network privilege to that of an administrator, to gain full control of the system.
Software keyloggers are often delivered via a Trojan payload through email. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Software keyloggers are often delivered via a Trojan payload through email.
A software keystroke logger program does not require physical access to the user's computer. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
A software keystroke logger program does not require physical access to the user.s computer.
Hardware Keystroke loggers are usually connected to the target's computer and saves the strokes to a small HD. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Some hardware keystroke loggers [..] that connects between the victim's keyboard and computer. The device collects each keystroke as it is typed and saves it as a text file on its own tiny hard drive.
Keystroke Loggers can save the keystrokes in a file to be read later or transmit them to a destination. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Keystroke loggers (or keyloggers) intercept the target.s keystrokes and either save them in a file to be read later, or transmit them to a predetermined destination accessible to the hacker.
Automated password guessing can speed up the process of password guess. This is fasted and more efficient. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Performing Automated Password Guessing: To speed up the guessing of a password, hackers use automated tools.
Password sniffing is another technique that can be used to hack a box. Passwords are often sent unencrypted.
Guessing a password can be used to hack a box if the target you are attacking has a weak password.
To completely hack a machine you must get passwords associated with usernames and increase permission level. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
To hack into a box and "own" it completely, you'll need to get the passwords associated with active usernames, escalate the level of permission whenever possible [..]
The goal in the hacking phase is to authenticate the target with the highest level of access and cover tracks. Blue Kaizen Center of IT: Security Penetration Testing The hacker goal is to authenticate to the target with the highest level of access and permission and remove evidence that he did this.



Lesson 3: Scanning


Plagiarism? @LIGATT Tweet Source Source Quote
Determining the type of OS is also an objective of Scanning, as this will determine the type of attack to be launched. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Determining the type of OS is also an objective of scanning, as this will determine the type of attack to be launched.
Often a stealth scan is implemented by fragmenting the IP datagram within the TCP header. This helps bypass firewalls. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Often, a stealth scan is implemented by fragmenting the IP datagram within the TCP header. This will bypass some packet-filtering firewalls ...
When performing a scan you want the scan to be "stealth" or "spoofed" scans. This reduces chances of getting detected. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Most scans are intended to be "stealth" or "spoofed" scans. Reduced visibility of the scanner is the goal.
Ports have three different states: open, closed, and filtered. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Ports have three states: open, closed, and filtered:
Once you've identified the IP address of a target through footprinting, you can begin the process of port scanning. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Once you.ve identified the IP address of a target through footprinting, you can begin the process of port scanning:
Port scanning is one of the most common reconnaissance techniques used by hackers to discover vulnerabilities. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Port scanning is one of the most common reconnaissance techniques used by testers to discover the vulnerabilities in these services.
Port scanning is the process of connecting to ports for the purpose of finding what services are running on the target. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Port scanning is the process of connecting to TCP and UDP ports for the purpose of finding what services and applications are running on the target device.
Scanning is a method adopted by administrators and attackers alike to discover more about the network. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Scanning is a method adopted by administrators and attackers alike to discover more about a network.
To save time, a technique known as a ping sweep can be used to ping a large amount of hosts and identify active ones. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Since it's often time-consuming and tedious to ping every possible address individually, a technique known as a ping sweep can be performed that will ping a batch of devices and help the attacker determine which ones are active.
Before starting the scanning phase, you will need to identify active target machines. Ping can be used for this task. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Before starting the scanning phase, you will need to identify active target machines (that is, find out which machines are up and running). Ping can be used for this task.
The goal of the scanning phase of pretest reconnaissance is to discover open ports and find vulnerable applications. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
The goal of the scanning phase of pretest reconnaissance is to discover open ports and find applications vulnerable to hacking.



Lesson 2: Footprinting


Plagiarism? @LIGATT Tweet Source Source Quote
Traceroute can be used to determine what path a packet takes to get to the target's computer. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Traceroute can be used to determine what path a packet takes to get to the target computer.
The range of the IP addresses can be can be narrowed down by using tools like traceroute and whois.
Another useful way to find information about the target passively is to do a nslookup on the target.
Whois searches the Internet for administration details, addresses, phone numbers and other info about the domain. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Whois searches the Internet for domain name administration details, such as domain ownership, address, location, phone number, and so on, about a specific domain name.
One effective way to start the Footprinting process is to do a whois on the target you wish to attack.
Footprinting - is when the hacker gain information about the target passively (without the target knowing). The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
It's an important way for an attacker to gain information about an organization passively (that is, without the organization's knowledge).



Lesson 1: How to become a Hacker


Plagiarism? @LIGATT Tweet Source Source Quote
Step 5: Covering Tracks - when the hacker hides all of activity that was performed during previous phases.
Step 4: Maintaining Access - when a hacker creates a backdoor to keep access to your computer.
Step 3: Gaining access - when the hacker accesses the computer and can launches the malicious attacks.
Step 2: Scanning - acquiring detailed information based on the data obtained during the reconnaissance phase. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Scanning is the activity that precedes the actual attack and involves acquiring more detailed information based on the data obtained during the reconnaissance phase.
Step 1 Reconnaissance - an initial activity in which a hacker attempts to gather information about a target. The CEH Prep Guide
The Comprehensive Guide to Certified Ethical Hacking
Reconnaissance is a preliminary activity in which an attacker attempts to gather information about a target preparatory to launching an attack.




main page ATTRITION feedback